diff --git a/aleksis/apps/alsijil/rules.py b/aleksis/apps/alsijil/rules.py index 05466938856daa44b3d38933894f12583b8ba301..a65c4ca9e28f981498454821820b78e38b67c5a7 100644 --- a/aleksis/apps/alsijil/rules.py +++ b/aleksis/apps/alsijil/rules.py @@ -13,11 +13,13 @@ from aleksis.core.util.predicates import ( from .util.predicates import ( can_edit_documentation, can_edit_participation_status, + can_edit_participation_status_for_documentation, can_edit_personal_note, can_register_absence_for_at_least_one_group, can_register_absence_for_person, can_view_documentation, can_view_participation_status, + can_view_participation_status_for_documentation, can_view_personal_note, can_view_statistics_for_person, has_person_group_object_perm, @@ -196,7 +198,7 @@ add_perm("alsijil.edit_documentation_rule", edit_documentation_predicate) add_perm("alsijil.delete_documentation_rule", edit_documentation_predicate) view_participation_status_for_documentation_predicate = has_person & ( - has_global_perm("alsijil.change_participationstatus") | can_view_participation_status + has_global_perm("alsijil.change_participationstatus") | can_view_participation_status_for_documentation ) add_perm( "alsijil.view_participation_status_for_documentation_rule", @@ -205,7 +207,7 @@ add_perm( edit_participation_status_for_documentation_with_time_range_predicate = ( has_person - & (has_global_perm("alsijil.change_participationstatus") | can_edit_participation_status) + & (has_global_perm("alsijil.change_participationstatus") | can_edit_participation_status_for_documentation) & is_in_allowed_time_range_for_participation_status ) add_perm( @@ -214,13 +216,29 @@ add_perm( ) edit_participation_status_for_documentation_predicate = has_person & ( - has_global_perm("alsijil.change_participationstatus") | can_edit_participation_status + has_global_perm("alsijil.change_participationstatus") | can_edit_participation_status_for_documentation ) add_perm( "alsijil.edit_participation_status_for_documentation_rule", edit_participation_status_for_documentation_predicate, ) +view_participation_status_predicate = has_person & ( + has_global_perm("alsijil.view_participationstatus") | can_view_participation_status +) +add_perm( + "alsijil.view_participation_status_rule", + view_participation_status_predicate, +) + +edit_participation_status_predicate = has_person & ( + has_global_perm("alsijil.change_participationstatus") | can_edit_participation_status +) +add_perm( + "alsijil.edit_participation_status_rule", + edit_participation_status_predicate, +) + view_personal_note_predicate = has_person & ( has_global_perm("alsijil.change_newpersonalnote") | can_view_personal_note ) diff --git a/aleksis/apps/alsijil/schema/documentation.py b/aleksis/apps/alsijil/schema/documentation.py index 6b0c3e1ffb0c7a328eadb159c9407c5f8a2d74fa..d3da77dbb431c1494d4766cbf21b8063c1f9b72b 100644 --- a/aleksis/apps/alsijil/schema/documentation.py +++ b/aleksis/apps/alsijil/schema/documentation.py @@ -11,7 +11,7 @@ from aleksis.apps.alsijil.util.predicates import ( is_in_allowed_time_range_for_participation_status, ) from aleksis.apps.alsijil.util.predicates import ( - can_edit_participation_status as can_edit_participation_status_predicate, + can_edit_participation_status_for_documentation as can_edit_participation_status_for_documentation_predicate, ) from aleksis.apps.chronos.schema import LessonEventType from aleksis.apps.cursus.models import Subject @@ -56,8 +56,8 @@ class DocumentationType(PermissionsTypeMixin, DjangoFilterMixin, DjangoObjectTyp future_notice = graphene.Boolean(required=False) future_notice_participation_status = graphene.Boolean(required=False) - can_edit_participation_status = graphene.Boolean(required=False) - can_view_participation_status = graphene.Boolean(required=False) + can_edit_participation_status_for_documentation = graphene.Boolean(required=False) + can_view_participation_status_for_documentation = graphene.Boolean(required=False) old_id = graphene.ID(required=False) @@ -96,12 +96,12 @@ class DocumentationType(PermissionsTypeMixin, DjangoFilterMixin, DjangoObjectTyp return not is_in_allowed_time_range_for_participation_status(info.context.user, root) @staticmethod - def resolve_can_edit_participation_status(root: Documentation, info, **kwargs): + def resolve_can_edit_participation_status_for_documentation(root: Documentation, info, **kwargs): """Shows whether the user can edit all participation statuses of the documentation""" - return can_edit_participation_status_predicate(info.context.user, root) + return can_edit_participation_status_for_documentation_predicate(info.context.user, root) @staticmethod - def resolve_can_view_participation_status(root: Documentation, info, **kwargs): + def resolve_can_view_participation_status_for_documentation(root: Documentation, info, **kwargs): """Shows whether the user can view all participation statuses of the documentation""" return info.context.user.has_perm( "alsijil.view_participation_status_for_documentation_rule", root diff --git a/aleksis/apps/alsijil/schema/participation_status.py b/aleksis/apps/alsijil/schema/participation_status.py index 2f6a830e2e292edd79c8cd0fce30fb14ce0f536b..bb90b9bea09a01e13fdbcc693104c471c8cd6d3d 100644 --- a/aleksis/apps/alsijil/schema/participation_status.py +++ b/aleksis/apps/alsijil/schema/participation_status.py @@ -68,6 +68,14 @@ class ParticipationStatusType( note__isnull=False, ).exclude(note="") + @staticmethod + def resolve_can_edit(root: ParticipationStatus, info, **kwargs): + return info.context.user.has_perm("alsijil.edit_participation_status_rule", root) + + @staticmethod + def resolve_can_delete(root: ParticipationStatus, info, **kwargs): + return info.context.user.has_perm("alsijil.edit_participation_status_rule", root) + class ParticipationStatusBatchPatchMutation(BaseBatchPatchMutation): class Meta: diff --git a/aleksis/apps/alsijil/util/predicates.py b/aleksis/apps/alsijil/util/predicates.py index 41f8dbe0249bf9d27c0fd2d0231c6739e9ef0fbe..e33b7fafe37ae9e2acc80f90c9502201cc854e00 100644 --- a/aleksis/apps/alsijil/util/predicates.py +++ b/aleksis/apps/alsijil/util/predicates.py @@ -12,7 +12,7 @@ from aleksis.core.models import Group, Person from aleksis.core.util.core_helpers import get_site_preferences from aleksis.core.util.predicates import check_object_permission -from ..models import Documentation, NewPersonalNote +from ..models import Documentation, NewPersonalNote, ParticipationStatus @predicate @@ -277,7 +277,7 @@ def can_edit_documentation(user: User, obj: Documentation): @predicate -def can_view_participation_status(user: User, obj: Documentation): +def can_view_participation_status_for_documentation(user: User, obj: Documentation): """Predicate which checks if the user is allowed to view participation for a documentation.""" if obj: if obj.amends and obj.amends.cancelled: @@ -294,7 +294,7 @@ def can_view_participation_status(user: User, obj: Documentation): @predicate -def can_edit_participation_status(user: User, obj: Documentation): +def can_edit_participation_status_for_documentation(user: User, obj: Documentation): """Predicate which checks if the user is allowed to edit participation for a documentation.""" if obj: if obj.amends and obj.amends.cancelled: @@ -308,6 +308,22 @@ def can_edit_participation_status(user: User, obj: Documentation): return False +@predicate +def can_view_participation_status(user: User, obj: ParticipationStatus): + """Predicate which checks if the user is allowed to view participation.""" + if obj.related_documentation: + return can_view_participation_status_for_documentation(user, obj.related_documentation) + return False + + +@predicate +def can_edit_participation_status(user: User, obj: ParticipationStatus): + """Predicate which checks if the user is allowed to edit participation.""" + if obj.related_documentation: + return can_edit_participation_status_for_documentation(user, obj.related_documentation) + return False + + @predicate def is_in_allowed_time_range(user: User, obj: Union[Documentation, NewPersonalNote]): """Predicate for documentations or new personal notes with linked documentation.