ramon
/
skillbox
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects 1 Releases 1 Wiki Activity

Add permissions to objectivegroup mutations

This commit is contained in:
Christian Cueni 2019-03-28 14:55:32 +01:00
parent 43f942ea2d
commit aeded87227
4 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
server/objectives/mutations.py
View File

@ -1,6 +1,7 @@
import graphene import graphene
from graphene import relay, InputObjectType from graphene import relay, InputObjectType
from graphql_relay import from_global_id from graphql_relay import from_global_id
from rest_framework.exceptions import PermissionDenied
from api.utils import get_object from api.utils import get_object
from books.models import Module from books.models import Module
@ -67,13 +68,18 @@ class AddObjectiveGroup(relay.ClientIDMutation):
@classmethod @classmethod
def mutate_and_get_payload(cls, root, info, **kwargs): def mutate_and_get_payload(cls, root, info, **kwargs):
owner = info.context.user
if not owner.has_perm('users.can_manage_school_class_content'):
raise PermissionDenied('Missing permissions')
objective_group_data = kwargs.get('objective_group') objective_group_data = kwargs.get('objective_group')
title = objective_group_data.get('title') title = objective_group_data.get('title')
if title != 'society': if title != 'society':
title = 'language_communication' title = 'language_communication'
module_id = objective_group_data.get('module') module_id = objective_group_data.get('module')
module = get_object(Module, module_id) module = get_object(Module, module_id)
owner = info.context.user
new_objective_group = ObjectiveGroup.objects.create(title=title, module=module, owner=owner) new_objective_group = ObjectiveGroup.objects.create(title=title, module=module, owner=owner)
objectives = objective_group_data.get('objectives') objectives = objective_group_data.get('objectives')
for objective in objectives: for objective in objectives:
@ -89,9 +95,15 @@ class UpdateObjectiveGroup(relay.ClientIDMutation):
@classmethod @classmethod
def mutate_and_get_payload(cls, root, info, **kwargs): def mutate_and_get_payload(cls, root, info, **kwargs):
user = info.context.user
if not user.has_perm('users.can_manage_school_class_content'):
raise PermissionDenied('Missing permissions')
objective_group_data = kwargs.get('objective_group') objective_group_data = kwargs.get('objective_group')
id = objective_group_data.get('id') id = objective_group_data.get('id')
objective_group = get_object(ObjectiveGroup, id) objective_group = get_object(ObjectiveGroup, id)
objectives = objective_group_data.get('objectives') objectives = objective_group_data.get('objectives')
existing_objective_ids = list(objective_group.objectives.values_list('id', flat=True)) existing_objective_ids = list(objective_group.objectives.values_list('id', flat=True))
for objective in objectives: for objective in objectives:

1
server/objectives/tests.py
View File

@ -1 +0,0 @@
# Create your tests here.

0
server/objectives/tests/__init__.py Normal file
View File

2
server/rooms/tests/test_room_query_permission.py
View File

@ -1,11 +1,9 @@
from django.test import TestCase, RequestFactory from django.test import TestCase, RequestFactory
from graphene.test import Client from graphene.test import Client
from graphql_relay import to_global_id
from api.schema import schema from api.schema import schema
from core.factories import UserFactory from core.factories import UserFactory
from rooms.factories import RoomFactory, RoomEntryFactory from rooms.factories import RoomFactory, RoomEntryFactory
from rooms.models import Room
from users.factories import SchoolClassFactory from users.factories import SchoolClassFactory