WIP: Add permissions for Documentation

aleksis/apps/alsijil/rules.py

@@ -11,6 +11,8 @@ from aleksis.core.util.predicates import (
 )
 
 from .util.predicates import (
+    can_edit_documentation,
+    can_view_documentation,
     has_lesson_group_object_perm,
     has_person_group_object_perm,
     has_personal_note_group_perm,
@@ -352,3 +354,16 @@ view_register_objects_list_predicate = has_person & (
     | has_global_perm("alsijil.view_full_register")
 )
 add_perm("alsijil.view_register_objects_list_rule", view_register_objects_list_predicate)
+
+view_documentation_predicate = has_person & (
+    has_global_perm("alsijil.view_documentation")
+    | can_view_documentation
+)
+add_perm("alsijil.view_documentation_rule", view_documentation_predicate)
+
+edit_documentation_predicate = has_person & (
+    has_global_perm("alsijil.change_documentation")
+    | can_edit_documentation
+)
+add_perm("alsijil.edit_documentation_rule", edit_documentation_predicate)
+add_perm("alsijil.delete_documentation_rule", edit_documentation_predicate)

aleksis/apps/alsijil/schema/documentation.py

@@ -34,7 +34,7 @@ class DocumentationCreateMutation(DjangoCreateMutation):
         model = Documentation
         fields = ("course", "lesson_event", "subject", "topic", "homework", "group_note", "datetime_start", "datetime_end", "date_start", "date_end")
         optional_fields = ("course", "lesson_event", "subject", "topic", "homework", "group_note", "datetime_start", "datetime_end", "date_start", "date_end")
-        permissions = ("",)  # FIXME
+        permissions = ("alsijil.add_documentation",)  # FIXME
 
     @classmethod
     def before_mutate(cls, root, info, input):
@@ -49,16 +49,16 @@ class DocumentationBatchCreateMutation(DjangoBatchCreateMutation):
     class Meta:
         model = Documentation
         fields = ("id", "course", "lesson_event", "subject", "topic", "homework", "group_note", "datetime_start", "datetime_end", "date_start", "date_end")
-        permissions = ("",)  # FIXME
+        permissions = ("alsijil.add_documentation",)  # FIXME
 
 
 class DocumentationDeleteMutation(DeleteMutation):
     klass = Documentation
-    permission_required = ""  # FIXME
+    permission_required = "alsijil.delete_documentation_rule"  # FIXME
 
 
 class DocumentationBatchPatchMutation(PermissionBatchPatchMixin, DjangoBatchPatchMutation):
     class Meta:
         model = Documentation
         fields = ("id", "course", "lesson_event", "subject", "topic", "homework", "group_note", "datetime_start", "datetime_end", "date_start", "date_end")
-        permissions = ("",)  # FIXME
+        permissions = ("alsijil.edit_documentation_rule",)  # FIXME

aleksis/apps/alsijil/util/predicates.py

@@ -4,11 +4,12 @@ from django.contrib.auth.models import User
 
 from rules import predicate
 
-from aleksis.apps.chronos.models import Event, ExtraLesson, LessonPeriod
+from aleksis.apps.chronos.models import Event, ExtraLesson, LessonEvent, LessonPeriod
+from aleksis.apps.cursus.models import Course
 from aleksis.core.models import Group, Person
 from aleksis.core.util.predicates import check_object_permission
 
-from ..models import PersonalNote
+from ..models import Documentation, PersonalNote
 
 
 @predicate
@@ -290,3 +291,80 @@ def is_group_role_assignment_group_owner(user: User, obj: Union[Group, Person])
 def is_owner_of_any_group(user: User, obj):
     """Predicate which checks if the person is group owner of any group."""
     return Group.objects.filter(owners=user.person).exists()
+
+
+@predicate
+def is_course_teacher(user: User, obj: Course):
+    """Predicate for teachers of a course.
+
+    Checks whether the person linked to the user is a teacher in the course.
+    """
+    if obj:
+        return user.person in obj.teachers.all()
+    return False
+
+
+@predicate
+def is_lesson_event_teacher(user: User, obj: LessonEvent):
+    """Predicate for teachers of a lesson event.
+
+    Checks whether the person linked to the user is a teacher in the lesson event,
+    or a teacher of the course, if the lesson event has one.
+    """
+    if obj:
+        return (
+            obj.course and is_course_teacher(user, obj)
+            or user.person in obj.all_teachers()
+        )
+    return False
+
+
+@predicate
+def is_course_member(user: User, obj: Course):
+    """Predicate for members of a course.
+
+    Checks whether the person linked to the user is a member in the course.
+    """
+    if obj:
+        for g in obj.groups.all():
+            if user.person in g.members.all():
+                return True
+    return False
+
+
+@predicate
+def is_lesson_event_member(user: User, obj: LessonEvent):
+    """Predicate for members of a lesson event.
+
+    Checks whether the person linked to the user is a members in the lesson event,
+    or a members of the course, if the lesson event has one.
+    """
+    if obj:
+        if obj.course and is_course_member(user, obj):
+            return True
+        for g in obj.groups.all():
+            if user.person in g.members.all():
+                return True
+    return False
+
+
+@predicate
+def can_view_documentation(user: User, obj: Documentation):
+    """Predicate which checks if the user is allowed to view a documentation."""
+    if obj:
+        if obj.course:
+            return is_course_teacher(user, obj.course) | is_course_member(user, obj.course)
+        if obj.lesson_event:
+            return is_lesson_event_teacher(user, obj.course) | is_lesson_event_member(user, obj.course)
+    return False
+
+
+@predicate
+def can_edit_documentation(user: User, obj: Documentation):
+    """Predicate which checks if the user is allowed to edit or delete a documentation."""
+    if obj:
+        if obj.course:
+            return is_course_teacher(user, obj.course)
+        if obj.lesson_event:
+            return is_lesson_event_teacher(user, obj.course)
+    return False