search

ucsb-cs56-w20 / ucsb-courses-search

Spring Boot App to show similar information to that found at UCSB Curriculum Search page
https://ucsb-courses-search.herokuapp.com
2 stars 5 forks source link

Team 6pm e only ucsb accounts can login #229

Closed AndrewJGaut closed 4 years ago

AndrewJGaut commented 4 years ago

Implemented user role identification (Member vs Admin vs Guest) for Google Oauth.

Rules for assigning roles I did this using a format very similar to the one seen in Lab07. Now, the administrators are given in the application.properties file under app.admin.emails. Admins are identified by matching their emails to an email in this list.

Members are identified using the UCSB hosted-domain value "ucsb.edu". All users who sign in with an email that doesn't end in ucsb.edu are Guests.

Guests cannot access the Scheduler page. For now, I return a 403 Forbidden Error. (I think the next issue should be to implement an error page for this event.)

Role permissions Admins: should be able to do anything they could previously.

Members: can view anything non-admins were able to view previously.

Guests: cannot view the PersonalSchedule page AND cannot see the 'Add' buttons (which add courses to the personal schedule) when searching classes.

Additional edits Had to edit the test code to mock a service I added to a controller.

ryan8xia commented 4 years ago

For future reference, a cleaner 403 page will be needed.