I am currently working on developing an API for managing surveys. One challenge I'm facing is determining whether a specific user has moderation privileges for a particular survey. A many-to-many relationship has been set up between the two entities.
The process goes like this: A user sends a request to the server, which is authenticated by a token providing the user's id and email address. The request is then routed using the survey id as input. The actual user and survey data are retrieved from the database and stored in separate variables. What remains is figuring out if the user is listed as a moderator for the survey.
Additional note based on some comments: The main question is how can I achieve this? As the "user.moderates" (relation name on the user side) and "survey.moderators" (inverse relation) properties are not included in the database Entities retrieval.
In essence, I need a way to retrieve all moderators of a survey and verify if the given user is among them
Snippet of code in the request:
user = await getUser(res.locals.keycloakId);
if (user === null)
{
res.status(404).json({error: "User does not exist"});
}
else
{
survey = getSurveyById(+req.params['id'];
if (survey === null)
{
res.status(404).json({error: "Survey does not exist"});
}
else
{
if (!await hasAccess(user, survey))
{
res.status(403).json({error: "User is not allowed to access this survey"});
}
}
}
The task now lies in the hasAccess function, which determines whether the user should have access to the survey. Here’s what it looks like at the moment:
export async function hasAccess(user: User, survey: Survey): Promise<boolean>
{
if (// implement check for user's access to survey)
{
return true;
}
else
{
return false;
}
}