Add missing has_person predicates in group roles rules

3511d63c · Jonathan Weth · e567ff54 · 3511d63c
Commit 3511d63c authored 3 years ago by Jonathan Weth
--- a/aleksis/apps/alsijil/rules.py
+++ b/aleksis/apps/alsijil/rules.py
@@ -241,7 +241,7 @@ delete_extramark_predicate = view_extramarks_predicate & has_global_perm("alsiji
 add_perm("alsijil.delete_extramark", delete_extramark_predicate)
 # View group role list
-view_group_roles_predicate = has_global_perm("alsijil.view_grouprole")
+view_group_roles_predicate = has_person & has_global_perm("alsijil.view_grouprole")
 add_perm("alsijil.view_grouproles", view_group_roles_predicate)
 # Add group role
@@ -258,14 +258,14 @@ delete_group_role_predicate = view_group_roles_predicate & has_global_perm(
 )
 add_perm("alsijil.delete_grouprole", delete_group_role_predicate)
-view_assigned_group_roles_predicate = (
+view_assigned_group_roles_predicate = has_person & (
    is_group_owner
    | has_global_perm("alsjil.assign_grouprole")
    | has_object_perm("core.assign_grouprole")
 )
 add_perm("alsijil.view_assigned_grouproles", view_assigned_group_roles_predicate)
-view_assigned_group_roles_register_object_predicate = (
+view_assigned_group_roles_register_object_predicate = has_person & (
    is_lesson_teacher
    | is_lesson_original_teacher
    | is_lesson_parent_group_owner
@@ -276,20 +276,20 @@ add_perm(
    view_assigned_group_roles_register_object_predicate,
 )
-assign_group_role_person_predicate = is_person_group_owner | has_global_perm(
+assign_group_role_person_predicate = has_person & (
-    "alsjil.assign_grouprole"
+    is_person_group_owner | has_global_perm("alsjil.assign_grouprole")
 )
 add_perm("alsijil.assign_grouprole_to_person", assign_group_role_person_predicate)
-assign_group_role_for_multiple_predicate = is_owner_of_any_group | has_global_perm(
+assign_group_role_for_multiple_predicate = has_person & (
-    "alsjil.assign_grouprole"
+    is_owner_of_any_group | has_global_perm("alsjil.assign_grouprole")
 )
 add_perm("alsijil.assign_grouprole_for_multiple", assign_group_role_for_multiple_predicate)
 assign_group_role_group_predicate = view_assigned_group_roles_predicate
 add_perm("alsijil.assign_grouprole_for_group", assign_group_role_group_predicate)
-edit_group_role_assignment_predicate = (
+edit_group_role_assignment_predicate = has_person & (
    has_global_perm("alsjil.assign_grouprole") | is_group_role_assignment_group_owner
 )
 add_perm("alsijil.edit_grouproleassignment", edit_group_role_assignment_predicate)
@@ -297,7 +297,7 @@ add_perm("alsijil.edit_grouproleassignment", edit_group_role_assignment_predicat
 stop_group_role_assignment_predicate = edit_group_role_assignment_predicate
 add_perm("alsijil.stop_grouproleassignment", stop_group_role_assignment_predicate)
-delete_group_role_assignment_predicate = (
+delete_group_role_assignment_predicate = has_person & (
    has_global_perm("alsjil.assign_grouprole") | is_group_role_assignment_group_owner
 )
 add_perm("alsijil.delete_grouproleassignment", delete_group_role_assignment_predicate)