Add session tokens to Rest endpoints

Question

Add session tokens to Rest endpoints

Closed this issue 8 years ago · 2 comments

Add session token to rest api calls. Only tutors can create classes, groups and tutor users. Only students can sign up for a tutorial group and get a QR code.

Answer 1 · 2017-01-07T12:56:40.000Z

Login endpoint now attaches sessionToken cookie. Now rest endpoints just need to get user with sessionToken and check if user is right/has correct role.

Answer 2 · 2017-01-17T18:33:59.000Z

ResourceUtil class has two new helper functions, checkToken() and checkTokenPermissions().

checkToken will check to see if the sessionToken is valid, and if the user with the given sessionToken has the given userId

checkTokenPermissions will check to see if the sessionToken is valid, and if the user with the given sessionToken is of the correct type (Student, Tutor, Admin)