From 4489a8dcf8fb47f0063552b6329b44bba877eceb Mon Sep 17 00:00:00 2001 From: Ramon Wenger Date: Tue, 4 Oct 2022 17:11:03 +0200 Subject: [PATCH] Handle contents not editable by users on the server Relates to MS-589 --- server/books/schema/inputs.py | 1 + server/books/schema/mutations/contentblock.py | 2 +- server/books/schema/mutations/utils.py | 17 ++++++++++++----- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/server/books/schema/inputs.py b/server/books/schema/inputs.py index 31bd3a3e..99820e11 100644 --- a/server/books/schema/inputs.py +++ b/server/books/schema/inputs.py @@ -13,6 +13,7 @@ class InputTypes(graphene.Enum): document_block = 'document_block' content_list_item = 'content_list_item' subtitle = 'subtitle' + readonly = 'readonly' class ContentElementValueInput(InputObjectType): diff --git a/server/books/schema/mutations/contentblock.py b/server/books/schema/mutations/contentblock.py index 43e2d39b..0cb3a220 100644 --- a/server/books/schema/mutations/contentblock.py +++ b/server/books/schema/mutations/contentblock.py @@ -48,7 +48,7 @@ class MutateContentBlock(relay.ClientIDMutation): content_block.title = title if contents is not None: - content_block.contents = json.dumps([handle_content_block(c, info.context, module) for c in contents]) + content_block.contents = json.dumps([handle_content_block(c, info.context, module, previous_contents=content_block.contents) for c in contents if c is not None]) content_block.save() diff --git a/server/books/schema/mutations/utils.py b/server/books/schema/mutations/utils.py index 821e012f..2579e802 100644 --- a/server/books/schema/mutations/utils.py +++ b/server/books/schema/mutations/utils.py @@ -41,10 +41,11 @@ ALLOWED_BLOCKS = ( 'document_block', 'content_list_item', 'subtitle', + 'readonly' ) -def handle_content_block(content, context=None, module=None, allowed_blocks=ALLOWED_BLOCKS): +def handle_content_block(content, context=None, module=None, allowed_blocks=ALLOWED_BLOCKS, previous_contents=None): # todo: add all the content blocks # todo: sanitize user inputs! if content['type'] not in allowed_blocks: @@ -64,9 +65,10 @@ def handle_content_block(content, context=None, module=None, allowed_blocks=ALLO value = content['value'] if value.get('id') is not None: assignment = get_object(Assignment, value.get('id')) - assignment.title = value.get('title') - assignment.assignment = value.get('assignment') - assignment.save() + if assignment.user_created and assignment.owner == context.user: + assignment.title = value.get('title') + assignment.assignment = value.get('assignment') + assignment.save() else: assignment = Assignment.objects.create( title=value.get('title'), @@ -119,7 +121,12 @@ def handle_content_block(content, context=None, module=None, allowed_blocks=ALLO 'type': 'content_list_item', 'value': [handle_content_block(c, context, module) for c in content['contents']] } - + elif content['type'] == 'readonly' and previous_contents is not None: + # get first item that matches the id + # users can re-order readonly items, but we won't let them change them otherwise, so we just take the + # item from before and ignore anything else + previous_content = next((c for c in previous_contents.raw_data if c['id'] == content['id']), None) + return previous_content return None