ramon
/
skillbox
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects 1 Releases 1 Wiki Activity

Filter content blocks by permission and ownership

This commit is contained in:
Ramon Wenger 2018-10-10 14:18:15 +02:00
parent 645c998d5c
commit eafff751f8
3 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/books/schema/mutations/contentblock.py
View File

@ -74,7 +74,7 @@ class AddContentBlock(relay.ClientIDMutation):
title = content_block_data.get('title') title = content_block_data.get('title')
contents = content_block_data.get('contents') contents = content_block_data.get('contents')
new_content_block = ContentBlock(title=title, user_created=True) new_content_block = ContentBlock(title=title, user_created=True, owner=context.user)
if parent is not None: if parent is not None:
parent_chapter = get_object(Chapter, parent).specific parent_chapter = get_object(Chapter, parent).specific

25
server/books/schema/queries.py
View File

@ -31,8 +31,29 @@ class ChapterNode(DjangoObjectType):
] ]
interfaces = (relay.Node,) interfaces = (relay.Node,)
def resolve_content_blocks(self, *args, **kwargs): def resolve_content_blocks(self, info, **kwargs):
return ContentBlock.get_by_parent(self) user = info.context.user
school_classes = user.school_classes.values_list('pk')
if user.has_perm('users.can_manage_school_class_content'): # teacher
publisher_content_blocks = ContentBlock.get_by_parent(self).filter(user_created=False)
user_created_content_blocks = ContentBlock.get_by_parent(self).filter(user_created=True, owner=user)
else: # student
publisher_content_blocks = ContentBlock.get_by_parent(self).filter(user_created=False).exclude(
hidden_for__in=school_classes)
self_created_content_blocks = ContentBlock.get_by_parent(self).filter(user_created=True, owner=user)
user_created_content_blocks = ContentBlock.get_by_parent(self).filter(user_created=True,
visible_for__in=school_classes).union(
self_created_content_blocks)
return publisher_content_blocks.union(user_created_content_blocks)
# if user.has_perm('users.can_manage_school_class_content'):
# return ContentBlock.get_by_parent(self)
# else:
# return ContentBlock.get_by_parent(self)
class ModuleNode(DjangoObjectType): class ModuleNode(DjangoObjectType):

3
server/users/models.py
View File

@ -27,6 +27,9 @@ class User(AbstractUser):
django_permissions = super().get_all_permissions(obj) django_permissions = super().get_all_permissions(obj)
return django_permissions.union(self.get_school_permissions(School.objects.get(pk=DEFAULT_SCHOOL_ID))) return django_permissions.union(self.get_school_permissions(School.objects.get(pk=DEFAULT_SCHOOL_ID)))
def has_perm(self, perm, obj=None):
return super(User, self).has_perm(perm, obj) or perm in self.get_all_permissions(obj)
class School(models.Model): class School(models.Model):
name = models.CharField(_(u'Name'), max_length=100, null=False, blank=False) name = models.CharField(_(u'Name'), max_length=100, null=False, blank=False)