xceed-nitj · harimurugan1989 · Jul 20, 2024 · Jul 20, 2024
diff --git a/server/src/modules/certificateModule/routes/addevent.js b/server/src/modules/certificateModule/routes/addevent.js
@@ -5,10 +5,9 @@ const addEventController = new AddEventController();
 const protectRoute = require("../../usermanagement/privateroute");
 const ecmadminRoute = require("../../usermanagement/ecmadminroute");
 const LockStatus = require("../helper/lockstatus");
-const { checkRole } = require("../../checkRole.middleware");
 
 // Route to create a new event
-addEventRouter.post("/", checkRole(['CM']), async (req, res) => {
+addEventRouter.post("/", ecmadminRoute, async (req, res) => {
   try {
     const { user, ...eventData } = req.body; // extract userId from request body
 
@@ -54,7 +53,7 @@ addEventRouter.get("/", async (req, res) => {
 
 
 // Route to update a specific event by ID
-addEventRouter.put("/:eventId",checkRole(['CM'],true), async (req, res) => {
+addEventRouter.put("/:eventId",ecmadminRoute, async (req, res) => {
   try {
     const eventId = req.params?.eventId;
     const updatedEvent = req.body;
@@ -68,7 +67,7 @@ addEventRouter.put("/:eventId",checkRole(['CM'],true), async (req, res) => {
 });
 
 
-addEventRouter.get("/getevents", checkRole(['CM']), async (req, res) => {
+addEventRouter.get("/getevents", ecmadminRoute, async (req, res) => {
   try {
     const user = req?.user?.id;
     const allEvents = await addEventController.getEventByUser(user);
@@ -80,7 +79,7 @@ addEventRouter.get("/getevents", checkRole(['CM']), async (req, res) => {
   }
 });
 
-addEventRouter.post("/lock/:id", checkRole(['CM']), async (req, res) => {
+addEventRouter.post("/lock/:id", ecmadminRoute, async (req, res) => {
   try {
     const eventId = req.params.id;
     await addEventController.lockEvent(eventId);

diff --git a/server/src/modules/certificateModule/routes/certificate.js b/server/src/modules/certificateModule/routes/certificate.js
@@ -11,7 +11,7 @@ const { convertCertificateToImage, convertCertificateToPDF} = require("../contro
 const { convertallCertificates} = require("../controllers/convertAllCertificates")
 
 // Route to create a new certificate
-certificateRouter.post("/content/:id", checkRole(['CM']), LockStatus, upload.any(),async (req, res) => {
+certificateRouter.post("/content/:id", ecmadminRoute, LockStatus, upload.any(),async (req, res) => {
   try {
     console.log(req.files)
     const body = await convertToObject(req.params.id, req.body, req.files, req.baseURL)
@@ -78,7 +78,7 @@ certificateRouter.get("/:certificateId", async (req, res) => {
 });
 
 // Route to update a specific certificate by ID
-certificateRouter.put('/:certificateId', checkRole(['CM']), LockStatus, async (req, res) => {
+certificateRouter.put('/:certificateId', ecmadminRoute, LockStatus, async (req, res) => {
   try {
     const certificateId = req.params.certificateId;
     const updatedCertificate = req.body;
@@ -93,7 +93,7 @@ certificateRouter.put('/:certificateId', checkRole(['CM']), LockStatus, async (r
 });
 
 // Route to delete a specific certificate by ID
-certificateRouter.delete("/:certificateId", checkRole(['CM']), LockStatus, async (req, res) => {
+certificateRouter.delete("/:certificateId", ecmadminRoute, LockStatus, async (req, res) => {
   try {
     const certificateId = req.params?.certificateId;
     await certificateController.deletecertificateById(certificateId);

diff --git a/server/src/modules/certificateModule/routes/emails.js b/server/src/modules/certificateModule/routes/emails.js
@@ -4,7 +4,7 @@ const { sendEmailsToParticipants } = require("../controllers/emails");
 const { sendEmail } = require("../controllers/participantemail");
 const ecmadminRoute = require("../../usermanagement/ecmadminroute");
 
-router.post("/send-emails/:eventId", checkRole(['CM']), async (req, res) => {
+router.post("/send-emails/:eventId", ecmadminRoute, async (req, res) => {
   const eventId = req.params.eventId;
   const referer = req.get('Referer');
     // Extract the host from the Referer URL
@@ -27,7 +27,7 @@ router.post("/send-emails/:eventId", checkRole(['CM']), async (req, res) => {
   }
 });
 
-router.post("/send-email/:participantId",checkRole(['CM']), async (req, res) => {
+router.post("/send-email/:participantId",ecmadminRoute, async (req, res) => {
   try {
     const participantId = req.params.participantId;
     const referer = req.get('Referer');

diff --git a/server/src/modules/certificateModule/routes/participant.js b/server/src/modules/certificateModule/routes/participant.js
@@ -20,7 +20,7 @@ const storage = multer.memoryStorage({
 const upload = multer({ storage: storage });
 
 // Route to create a new Batch participant
-participantRouter.post("/batchupload/:eventId",checkRole(['CM']),LockStatus,upload.single('csvfile'), async (req, res) => {
+participantRouter.post("/batchupload/:eventId",ecmadminRoute,LockStatus,upload.single('csvfile'), async (req, res) => {
   try {
     const fileBuffer = req.file.buffer;
     await participantController.addBatchparticipant(fileBuffer,req.params?.eventId);
@@ -35,7 +35,7 @@ participantRouter.post("/batchupload/:eventId",checkRole(['CM']),LockStatus,uplo
 });
 
 // Route to create a new participant
-participantRouter.post("/addparticipant/:eventId",checkRole(['CM']),LockStatus, async (req, res) => {
+participantRouter.post("/addparticipant/:eventId",ecmadminRoute,LockStatus, async (req, res) => {
   try {
     const newparticipant=await participantController.addparticipant(req.body,req.params.eventId);
     return res.status(200).json(newparticipant);
@@ -75,7 +75,7 @@ participantRouter.get("/getoneparticipant/:participantId", async (req, res) => {
 });
 
 // Route to update a specific participant by ID
-participantRouter.put('/addparticipant/:participantId',checkRole(['CM']),LockStatus, async (req, res) => {
+participantRouter.put('/addparticipant/:participantId',ecmadminRoute,LockStatus, async (req, res) => {
   try {
     const participantId = req.params?.participantId;
     const updatedParticipant = req.body;
@@ -90,7 +90,7 @@ participantRouter.put('/addparticipant/:participantId',checkRole(['CM']),LockSta
 });
 
 // Route to delete a specific participant by ID
-participantRouter.delete("/deleteparticipant/:participantId",checkRole(['CM']),LockStatus, async (req, res) => {
+participantRouter.delete("/deleteparticipant/:participantId",ecmadminRoute,LockStatus, async (req, res) => {
   try {
     const participantId = req.params?.participantId;
     await participantController.deleteparticipantById(participantId);

diff --git a/server/src/modules/checkRole.middleware.js b/server/src/modules/checkRole.middleware.js
@@ -1,56 +1,37 @@
 const jwt = require("jsonwebtoken");
 const jwtSecret = "ad8cfdfe03c3076a4acb369ec18fbfc26b28bc78577b64da02646cd7bd0fe9c7d97cab";
-const { addEvent } = require("../models/certificateModule/addevent");
 
-const checkRole = (requiredRoles, checkEvent = false) => {
-  return async (req, res, next) => {
+const checkRole = (roles) => {
+  return (req, res, next) => {
     const token = req.cookies.jwt;
-    console.log(token);
+
     if (!token) {
       return res.status(401).json({ message: "Unauthorized" });
     }
 
     try {
       // Verify the token
       const decoded = jwt.verify(token, jwtSecret);
-      const userId = decoded.id;
-      const userRoles = decoded.role; // Extract the roles from the token
 
-      // console.log(userRoles);
-
+      // The token is valid, and 'decoded' contains user information including roles
+      const userId = decoded.id;
+      const userRoles = decoded.roles; // Ensure roles are correctly decoded
 
-      // Check if the user has the 'superadmin' role and skip further checks if they do
-      if (userRoles.includes('admin')) {
-        req.user = { id: userId, roles: userRoles };
-        return next();
-      }
+      // Attach the user details to the 'req' object
+      req.user = {
+        id: userId,
+        roles: userRoles,
+      };
 
       // Check if the user has the required role
-      const hasRequiredRole = requiredRoles.some(role => userRoles.includes(role));
-      if (!hasRequiredRole) {
+      if (!roles.some(role => userRoles.includes(role))) {
         return res.status(403).json({ message: "Forbidden" });
       }
 
-      // If event check is required, check if the user is assigned to the specific event
-      if (checkEvent) {
-        const eventId = req.params.eventId; // Get eventId from req.params
-        const event = await addEvent.findById(eventId);
-
-        if (!event) {
-          return res.status(404).json({ message: "Event not found" });
-        }
-
-        const isAssignedToEvent = addEvent.user === userId;
-        if (!isAssignedToEvent) {
-          return res.status(403).json({ message: "Forbidden" });
-        }
-      }
-
-      // Attach the user details to the 'req' object
-      req.user = { id: userId, roles: userRoles };
+      // Allow the request to proceed
       next();
     } catch (err) {
-      return res.status(401).json({ message: "Unauthorizedddd" });
+      return res.status(401).json({ message: "Unauthorized" });
     }
   };
 };

diff --git a/server/src/modules/quizModule/faculty/routes/index.js b/server/src/modules/quizModule/faculty/routes/index.js
@@ -1,19 +1,18 @@
 const express = require("express");
 const router = express.Router();
-// const facultyRoute = require("../../../usermanagement/facultyroute");
-const { checkRole } = require("../../checkRole.middleware");
+const facultyRoute = require("../../../usermanagement/facultyroute");
 
 // quiz
-router.use('/quiz', checkRole(['FACULTY']), require("./quiz"));
-router.use('/quiz/quizzes', checkRole(['FACULTY']), require("./quiz"));
-router.use('/quiz/:code', checkRole(['FACULTY']), require("./quiz"));
+router.use('/quiz', facultyRoute, require("./quiz"));
+router.use('/quiz/quizzes', facultyRoute, require("./quiz"));
+router.use('/quiz/:code', facultyRoute, require("./quiz"));
 
 // questions
-router.use('/quiz/:code/questions', checkRole(['FACULTY']), require("./quiz"));
-router.use('/quiz/:code/questions/:id', checkRole(['FACULTY']), require("./quiz"));
+router.use('/quiz/:code/questions', facultyRoute, require("./quiz"));
+router.use('/quiz/:code/questions/:id', facultyRoute, require("./quiz"));
 
 // response
-router.use('/quiz/:code/response', checkRole(['FACULTY']), require("./quiz"))
-router.use('/quiz/:code/results/summary', checkRole(['FACULTY']), require("./quiz"))
+router.use('/quiz/:code/response', facultyRoute, require("./quiz"))
+router.use('/quiz/:code/results/summary', facultyRoute, require("./quiz"))
 
 module.exports = router;
diff --git a/server/src/modules/quizModule/faculty/routes/quiz.js b/server/src/modules/quizModule/faculty/routes/quiz.js
@@ -3,10 +3,9 @@ const quizRouter = express.Router();
 const QuizController = require('../controllers/quiz');
 const quizController = new QuizController();
 const { quizBelongsToUser } = require('../controllers/helper');
-// const facultyRoute = require("../../../usermanagement/facultyroute");
-const { checkRole } = require("../../checkRole.middleware");
+const facultyRoute = require("../../../usermanagement/facultyroute");
 
-quizRouter.post("/",checkRole(['FACULTY']), async (req, res) => {
+quizRouter.post("/",facultyRoute, async (req, res) => {
     try { 
         await quizController.createQuiz(req, res);
     } catch (e) {
@@ -15,31 +14,31 @@ quizRouter.post("/",checkRole(['FACULTY']), async (req, res) => {
 });
 
 
-quizRouter.get("/quizzes", checkRole(['FACULTY']), async (req, res) => {
+quizRouter.get("/quizzes", facultyRoute, async (req, res) => {
     try {
         await quizController.getAllQuiz(req, res);
     } catch (e) {
         res.status(e?.status || 500).json({ error: e?.message || "Internal Server Error" });
     }
 });
 
-quizRouter.get("/:code", checkRole(['FACULTY']), async (req, res) => {
+quizRouter.get("/:code", facultyRoute, async (req, res) => {
     try {
         await quizController.getQuizByCode(req, res);
     } catch (e) {
         res.status(e?.status || 500).json({ error: e?.message || "Internal Server Error" });
     }
 });
 
-quizRouter.put("/:code", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => {
+quizRouter.put("/:code", facultyRoute, quizBelongsToUser, async (req, res) => {
     try {
         await quizController.editQuizByCode(req, res);
     } catch (e) {
         res.status(e?.status || 500).json({ error: e?.message || "Internal Server Error" });
     }
 });
 
-quizRouter.delete("/:code", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => {
+quizRouter.delete("/:code", facultyRoute, quizBelongsToUser, async (req, res) => {
     try {
         await quizController.deleteQuiz(req, res);
     } catch (e) {
@@ -49,39 +48,39 @@ quizRouter.delete("/:code", checkRole(['FACULTY']), quizBelongsToUser, async (re
 
 // Questions
 
-quizRouter.post("/:code/questions", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => {
+quizRouter.post("/:code/questions", facultyRoute, quizBelongsToUser, async (req, res) => {
     try {
         await quizController.addQuizQuestion(req, res);
     } catch (e) {
         res.status(e?.status || 500).json({ error: e?.message || "Internal Server Error" });
     }
 });
 
-quizRouter.put("/:code/questions/:id", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => {
+quizRouter.put("/:code/questions/:id", facultyRoute, quizBelongsToUser, async (req, res) => {
     try {
         await quizController.editQuizQuestion(req, res);
     } catch (e) {
         res.status(e?.status || 500).json({ error: e?.message || "Internal Server Error" });
     }
 });
 
-quizRouter.get("/:code/questions", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => {
+quizRouter.get("/:code/questions", facultyRoute, quizBelongsToUser, async (req, res) => {
     try {
         await quizController.getAllQuestion(req, res);
     } catch (e) {
         res.status(e?.status || 500).json({ error: e?.message || "Internal Server Error" });
     }
 });
 
-quizRouter.get("/:code/questions/:id", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => {
+quizRouter.get("/:code/questions/:id", facultyRoute, quizBelongsToUser, async (req, res) => {
     try {
         await quizController.findQuestionById(req, res);
     } catch (e) {
         res.status(e?.status || 500).json({ error: e?.message || "Internal Server Error" });
     }
 });
 
-quizRouter.delete("/:code/questions/:id", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => {
+quizRouter.delete("/:code/questions/:id", facultyRoute, quizBelongsToUser, async (req, res) => {
     try {
         await quizController.deleteQuizQuestion(req, res);
     } catch (e) {
@@ -92,7 +91,7 @@ quizRouter.delete("/:code/questions/:id", checkRole(['FACULTY']), quizBelongsToU
 
 // testing pending 
 
-quizRouter.delete("/:code/response", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => {
+quizRouter.delete("/:code/response", facultyRoute, quizBelongsToUser, async (req, res) => {
     try {
         await quizController.deleteQuizResponse(req, res);
     } catch (e) {
@@ -101,7 +100,7 @@ quizRouter.delete("/:code/response", checkRole(['FACULTY']), quizBelongsToUser,
 });
 
 
-quizRouter.get("/:code/results/summary", checkRole(['FACULTY']), quizBelongsToUser, async (req, res) => {
+quizRouter.get("/:code/results/summary", facultyRoute, quizBelongsToUser, async (req, res) => {
     try {
         await quizController.studentResultSummary(req, res);
     } catch (e) {