fix: some auth guards were wrong, removed a test.

sfbrigade · Oct 18, 2024 · 6e1731e · 6e1731e
1 parent 642dad7
commit 6e1731e
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 21 deletions.
diff --git a/src/backend/routers/iep.ts b/src/backend/routers/iep.ts
@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { hasCaseManager, router } from "../trpc";
+import { hasCaseManager, hasPara, router } from "../trpc";
 import { jsonArrayFrom } from "kysely/helpers/postgres";
 import { deleteFile } from "../lib/files";
 import { substituteTransactionOnContext } from "../lib/utils/context";
@@ -217,7 +217,7 @@ export const iep = router({
       return result;
     }),
 
-  addTrialData: hasCaseManager
+  addTrialData: hasPara
     .input(
       z.object({
         task_id: z.string(),
@@ -246,7 +246,7 @@ export const iep = router({
       return result;
     }),
 
-  updateTrialData: hasCaseManager
+  updateTrialData: hasPara
     .input(
       z.object({
         trial_data_id: z.string(),
@@ -361,7 +361,7 @@ export const iep = router({
       return result;
     }),
 
-  getSubgoalAndTrialData: hasCaseManager
+  getSubgoalAndTrialData: hasPara
     .input(
       z.object({
         task_id: z.string(),
@@ -424,7 +424,7 @@ export const iep = router({
       return result;
     }),
 
-  markAsSeen: hasCaseManager
+  markAsSeen: hasPara
     .input(
       z.object({
         task_id: z.string(),

diff --git a/src/backend/routers/student.test.ts b/src/backend/routers/student.test.ts
@@ -38,20 +38,6 @@ test("getStudentById - paras do not have access", async (t) => {
   );
 });
 
-test("getStudentByTaskId - paras do not have access", async (t) => {
-  const { trpc } = await getTestServer(t, { authenticateAs: UserType.Para });
-
-  const error = await t.throwsAsync(async () => {
-    await trpc.student.getStudentByTaskId.query({ task_id: "task_id" });
-  });
-
-  t.is(
-    error?.message,
-    "UNAUTHORIZED",
-    "Expected an 'unauthorized' error message"
-  );
-});
-
 // TODO: This test looks to be testing the `UNIQUE` constraing on the schema.
 // Improve this test
 test("doNotAddDuplicateEmails", async (t) => {

diff --git a/src/backend/routers/student.ts b/src/backend/routers/student.ts
@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { hasCaseManager, router } from "../trpc";
+import { hasCaseManager, hasPara, router } from "../trpc";
 
 // TODO: define .output() schemas for all procedures
 export const student = router({
@@ -17,7 +17,7 @@ export const student = router({
       return result;
     }),
 
-  getStudentByTaskId: hasCaseManager
+  getStudentByTaskId: hasPara
     .input(z.object({ task_id: z.string().uuid() }))
     .query(async (req) => {
       const { task_id } = req.input;