fix: fix SCIPER verification and add it to adding policy functions

c4dt · May 1, 2024 · 015e8e2 · 015e8e2
1 parent ca99a06
commit 015e8e2
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/web/backend/src/authManager.ts b/web/backend/src/authManager.ts
@@ -99,6 +99,9 @@ export function setMapAuthorization(list: string[][]): Map<String, Array<String>
 // the range between 100000 and 999999, an error is thrown.
 export function readSCIPER(s: string): number {
   const n = parseInt(s, 10);
+  if (isNaN(n)) {
+    throw new Error(`${s} is not a number`);
+  }
   if (n < 100000 || n > 999999) {
     throw new Error(`SCIPER is out of range. ${n} is not between 100000 and 999999`);
   }

diff --git a/web/backend/src/controllers/users.ts b/web/backend/src/controllers/users.ts
@@ -1,6 +1,13 @@
 import express from 'express';
 
-import { addPolicy, addListPolicy, initEnforcer, isAuthorized, PERMISSIONS } from '../authManager';
+import {
+  addPolicy,
+  addListPolicy,
+  initEnforcer,
+  isAuthorized,
+  PERMISSIONS,
+  readSCIPER,
+} from '../authManager';
 
 export const usersRouter = express.Router();
 
@@ -36,6 +43,7 @@ usersRouter.post('/add_role', (req, res, next) => {
 
   if ('userId' in req.body) {
     try {
+      readSCIPER(req.body.userId);
       addPolicy(req.body.userId, req.body.subject, req.body.permission);
     } catch (error) {
       res.status(400).send(`Error while adding single user to roles: ${error}`);
@@ -45,6 +53,7 @@ usersRouter.post('/add_role', (req, res, next) => {
     next();
   } else if ('userIds' in req.body) {
     try {
+      req.body.userIds.every(readSCIPER);
       addListPolicy(req.body.userIds, req.body.subject, req.body.permission);
     } catch (error) {
       res.status(400).send(`Error while adding multiple users to roles: ${error}`);