Skip to content
Snippets Groups Projects
Verified Commit 97e41acf authored by magicfelix's avatar magicfelix Committed by Jonathan Weth
Browse files

WIP: Add permissions for Documentation

parent 52a9cd14
No related branches found
No related tags found
3 merge requests!352Draft: Resolve "Add dialog with each lesson's students",!350Resolve "Add simple course book list",!339Draft: Resolve "Migrate to new data model"
Hide whitespace changes
Inline Side-by-side
aleksis/apps/alsijil/rules.py
+ 15
0
View file @ 97e41acf
...@@ -11,6 +11,8 @@ from aleksis.core.util.predicates import ( ...@@ -11,6 +11,8 @@ from aleksis.core.util.predicates import (
) )
from .util.predicates import ( from .util.predicates import (
can_edit_documentation,
can_view_documentation,
has_lesson_group_object_perm, has_lesson_group_object_perm,
has_person_group_object_perm, has_person_group_object_perm,
has_personal_note_group_perm, has_personal_note_group_perm,
...@@ -352,3 +354,16 @@ view_register_objects_list_predicate = has_person & ( ...@@ -352,3 +354,16 @@ view_register_objects_list_predicate = has_person & (
| has_global_perm("alsijil.view_full_register") | has_global_perm("alsijil.view_full_register")
) )
add_perm("alsijil.view_register_objects_list_rule", view_register_objects_list_predicate) add_perm("alsijil.view_register_objects_list_rule", view_register_objects_list_predicate)
view_documentation_predicate = has_person & (
has_global_perm("alsijil.view_documentation")
| can_view_documentation
)
add_perm("alsijil.view_documentation_rule", view_documentation_predicate)
edit_documentation_predicate = has_person & (
has_global_perm("alsijil.change_documentation")
| can_edit_documentation
)
add_perm("alsijil.edit_documentation_rule", edit_documentation_predicate)
add_perm("alsijil.delete_documentation_rule", edit_documentation_predicate)
aleksis/apps/alsijil/schema/documentation.py
+ 4
4
View file @ 97e41acf
...@@ -34,7 +34,7 @@ class DocumentationCreateMutation(DjangoCreateMutation): ...@@ -34,7 +34,7 @@ class DocumentationCreateMutation(DjangoCreateMutation):
model = Documentation model = Documentation
fields = ("course", "lesson_event", "subject", "topic", "homework", "group_note", "datetime_start", "datetime_end", "date_start", "date_end") fields = ("course", "lesson_event", "subject", "topic", "homework", "group_note", "datetime_start", "datetime_end", "date_start", "date_end")
optional_fields = ("course", "lesson_event", "subject", "topic", "homework", "group_note", "datetime_start", "datetime_end", "date_start", "date_end") optional_fields = ("course", "lesson_event", "subject", "topic", "homework", "group_note", "datetime_start", "datetime_end", "date_start", "date_end")
permissions = ("",) # FIXME permissions = ("alsijil.add_documentation",) # FIXME
@classmethod @classmethod
def before_mutate(cls, root, info, input): def before_mutate(cls, root, info, input):
...@@ -49,16 +49,16 @@ class DocumentationBatchCreateMutation(DjangoBatchCreateMutation): ...@@ -49,16 +49,16 @@ class DocumentationBatchCreateMutation(DjangoBatchCreateMutation):
class Meta: class Meta:
model = Documentation model = Documentation
fields = ("id", "course", "lesson_event", "subject", "topic", "homework", "group_note", "datetime_start", "datetime_end", "date_start", "date_end") fields = ("id", "course", "lesson_event", "subject", "topic", "homework", "group_note", "datetime_start", "datetime_end", "date_start", "date_end")
permissions = ("",) # FIXME permissions = ("alsijil.add_documentation",) # FIXME
class DocumentationDeleteMutation(DeleteMutation): class DocumentationDeleteMutation(DeleteMutation):
klass = Documentation klass = Documentation
permission_required = "" # FIXME permission_required = "alsijil.delete_documentation_rule" # FIXME
class DocumentationBatchPatchMutation(PermissionBatchPatchMixin, DjangoBatchPatchMutation): class DocumentationBatchPatchMutation(PermissionBatchPatchMixin, DjangoBatchPatchMutation):
class Meta: class Meta:
model = Documentation model = Documentation
fields = ("id", "course", "lesson_event", "subject", "topic", "homework", "group_note", "datetime_start", "datetime_end", "date_start", "date_end") fields = ("id", "course", "lesson_event", "subject", "topic", "homework", "group_note", "datetime_start", "datetime_end", "date_start", "date_end")
permissions = ("",) # FIXME permissions = ("alsijil.edit_documentation_rule",) # FIXME
aleksis/apps/alsijil/util/predicates.py
+ 80
2
View file @ 97e41acf
...@@ -4,11 +4,12 @@ from django.contrib.auth.models import User ...@@ -4,11 +4,12 @@ from django.contrib.auth.models import User
from rules import predicate from rules import predicate
from aleksis.apps.chronos.models import Event, ExtraLesson, LessonPeriod from aleksis.apps.chronos.models import Event, ExtraLesson, LessonEvent, LessonPeriod
from aleksis.apps.cursus.models import Course
from aleksis.core.models import Group, Person from aleksis.core.models import Group, Person
from aleksis.core.util.predicates import check_object_permission from aleksis.core.util.predicates import check_object_permission
from ..models import PersonalNote from ..models import Documentation, PersonalNote
@predicate @predicate
...@@ -290,3 +291,80 @@ def is_group_role_assignment_group_owner(user: User, obj: Union[Group, Person]) ...@@ -290,3 +291,80 @@ def is_group_role_assignment_group_owner(user: User, obj: Union[Group, Person])
def is_owner_of_any_group(user: User, obj): def is_owner_of_any_group(user: User, obj):
"""Predicate which checks if the person is group owner of any group.""" """Predicate which checks if the person is group owner of any group."""
return Group.objects.filter(owners=user.person).exists() return Group.objects.filter(owners=user.person).exists()
@predicate
def is_course_teacher(user: User, obj: Course):
"""Predicate for teachers of a course.
Checks whether the person linked to the user is a teacher in the course.
"""
if obj:
return user.person in obj.teachers.all()
return False
@predicate
def is_lesson_event_teacher(user: User, obj: LessonEvent):
"""Predicate for teachers of a lesson event.
Checks whether the person linked to the user is a teacher in the lesson event,
or a teacher of the course, if the lesson event has one.
"""
if obj:
return (
obj.course and is_course_teacher(user, obj)
or user.person in obj.all_teachers()
)
return False
@predicate
def is_course_member(user: User, obj: Course):
"""Predicate for members of a course.
Checks whether the person linked to the user is a member in the course.
"""
if obj:
for g in obj.groups.all():
if user.person in g.members.all():
return True
return False
@predicate
def is_lesson_event_member(user: User, obj: LessonEvent):
"""Predicate for members of a lesson event.
Checks whether the person linked to the user is a members in the lesson event,
or a members of the course, if the lesson event has one.
"""
if obj:
if obj.course and is_course_member(user, obj):
return True
for g in obj.groups.all():
if user.person in g.members.all():
return True
return False
@predicate
def can_view_documentation(user: User, obj: Documentation):
"""Predicate which checks if the user is allowed to view a documentation."""
if obj:
if obj.course:
return is_course_teacher(user, obj.course) | is_course_member(user, obj.course)
if obj.lesson_event:
return is_lesson_event_teacher(user, obj.course) | is_lesson_event_member(user, obj.course)
return False
@predicate
def can_edit_documentation(user: User, obj: Documentation):
"""Predicate which checks if the user is allowed to edit or delete a documentation."""
if obj:
if obj.course:
return is_course_teacher(user, obj.course)
if obj.lesson_event:
return is_lesson_event_teacher(user, obj.course)
return False
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment