Add session tokens to Rest endpoints
Closed this issue · 2 comments
djwessel commented
Add session token to rest api calls. Only tutors can create classes, groups and tutor users. Only students can sign up for a tutorial group and get a QR code.
djwessel commented
Login endpoint now attaches sessionToken cookie. Now rest endpoints just need to get user with sessionToken and check if user is right/has correct role.
djwessel commented
ResourceUtil class has two new helper functions, checkToken() and checkTokenPermissions().
checkToken will check to see if the sessionToken is valid, and if the user with the given sessionToken has the given userId
checkTokenPermissions will check to see if the sessionToken is valid, and if the user with the given sessionToken is of the correct type (Student, Tutor, Admin)