rimossi controlli nelle API dei process:

il controllo di base (presenza di utente e di ruolo collegato al processoo) viene già fatto a monte nel router.js

Author: paolini

package.json

@@ -1,6 +1,6 @@
 {
   "name": "dm-manager",
-  "version": "1.10.2",
+  "version": "1.10.3",
   "private": true,
   "dependencies": {
     "@babel/core": "^7.16.0",

server/controllers/processes/conferences.js

@@ -46,11 +46,6 @@ async function notifyConference(conference) {
 }
 
 router.get('/', async (req, res) => {
-    if (req.user === undefined) {
-        return res.status(401).json({
-            result: "Unauthorized"
-        })
-    }
     let authorization_alternatives = [
         { createdBy: req.user._id },
     ]

server/controllers/processes/roomAssignmentsList.js

@@ -66,13 +66,6 @@ const INDEX_PIPELINE = [
 module.exports.INDEX_PIPELINE = INDEX_PIPELINE;
 
 router.get('/', async (req, res) => {    
-    if (!req?.user?.person || !req.user.roles.includes('admin')) {
-        res.status(401).json({
-            result: "Unauthorized"
-        })
-        return
-    }
-
     const data = await RoomAssignment.aggregate([
         { $match: {
             $expr: { 

server/controllers/processes/sanityCheck.js

@@ -12,12 +12,6 @@ const Event = require('../../models/EventConference')
 const Visit = require('../../models/Visit')
 
 router.get('/', async (req, res) => {    
-    if (req.user === undefined || !req.user.roles.includes('admin')) {
-        return res.status(401).json({
-            result: "Unauthorized"
-        })
-    }
-
     // find duplicated names
     const duplicatedNames = await Person.aggregate([
         {

server/controllers/processes/seminars.js

@@ -93,11 +93,6 @@ Gli amministratori possono visualizzare il seminario su Manage al seguente link:
 }
 
 router.get('/', async (req, res) => {    
-    if (req.user === undefined) {
-        return res.status(401).json({
-            result: "Unauthorized"
-        })
-    }
     let authorization_alternatives = [
         { createdBy: req.user._id },
     ]

server/controllers/processes/urls.js

@@ -13,14 +13,7 @@ const config = require('../../config')
 const { sync } = require('resolve')
 
 
-router.get('/', async (req, res) => {    
-    if (!req.user) {
-        res.status(401).json({
-            result: "Unauthorized"
-        })
-        return
-    }
-
+router.get('/', async (req, res) => {
     const data = await Url.aggregate([
         {$match: {createdBy: req.user._id}}
     ])

server/controllers/processes/visits.js

@@ -453,13 +453,6 @@ Creato da: ${seminar.createdBy?.username} il ${seminar.createdAt?.toLocaleDateSt
 module.exports.notifyVisit = notifyVisit
 
 router.get('/', async (req, res) => {    
-    if (!req.user) {
-        res.status(401).json({
-            result: "Unauthorized"
-        })
-        return
-    }
-
     const data = await Visit.aggregate([
         { $match: { 
             endDate: { $gte: pastDate() },

server/controllers/processes/visitsList.js

@@ -15,13 +15,6 @@ const router = express.Router()
 module.exports = router
 
 router.get('/', async (req, res) => {    
-    if (!req?.user?.person) {
-        res.status(401).json({
-            result: "Unauthorized"
-        })
-        return
-    }
-
     const data = await Visit.aggregate([
         { $match: { 
             endDate: { $gte: pastDate() },

server/controllers/processes/visitsMy.js

@@ -18,14 +18,7 @@ require('./grantSearch')(router)
 // inject room assignment functionality
 // require('./roomAssignment')(router)
 
-router.get('/', async (req, res) => {    
-    if (!req.user) {
-        res.status(401).json({
-            result: "Unauthorized"
-        })
-        return
-    }
-
+router.get('/', async (req, res) => {
     const person = req.person
     if (!person) return res.json({ data: [], person, DAYS_BACK, note: `user ${req.user?.username} has no associated person`})