ramon
/
skillbox
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects 1 Releases 1 Wiki Activity

Fix PHEP-7 (user can add room entry at other school)

This commit is contained in:
Christian Cueni 2021-11-09 09:09:27 +01:00
parent 338e4cfcfc
commit ee05ee79ba
2 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
server/rooms/mutations.py
View File

@ -85,12 +85,26 @@ class MutateRoomEntry(relay.ClientIDMutation):
@classmethod @classmethod
def mutate_and_get_payload(cls, root, info, **kwargs): def mutate_and_get_payload(cls, root, info, **kwargs):
room_entry_data = kwargs.get('room_entry') room_entry_data = kwargs.get('room_entry')
room = None
if room_entry_data.get('room') is not None: if room_entry_data.get('room') is not None:
room_entry_data['room'] = get_object(Room, room_entry_data.get('room')).id room = get_object(Room, room_entry_data.get('room'))
room_entry_data['room'] = room.id
if room_entry_data.get('id') is not None: if room_entry_data.get('id') is not None:
# update path serializer = cls.update_path(info, room_entry_data)
else:
serializer = cls.add_path(info, room_entry_data, room)
if serializer.is_valid():
serializer.save()
return cls(room_entry=serializer.instance)
return cls(room_entry=None, errors=['{}: {}'.format(key, value) for key, value in serializer.errors.items()])
@classmethod
def update_path(cls, info, room_entry_data):
instance = get_object(RoomEntry, room_entry_data.get('id')) instance = get_object(RoomEntry, room_entry_data.get('id'))
if not instance.room.school_class.is_user_in_schoolclass(info.context.user): if not instance.room.school_class.is_user_in_schoolclass(info.context.user):
@ -99,18 +113,16 @@ class MutateRoomEntry(relay.ClientIDMutation):
if instance.author.pk != info.context.user.pk: if instance.author.pk != info.context.user.pk:
raise Exception('You are not the author') raise Exception('You are not the author')
serializer = RoomEntrySerializer(instance, data=room_entry_data, partial=True) return RoomEntrySerializer(instance, data=room_entry_data, partial=True)
else:
# add path
room_entry_data['author'] = info.context.user.pk
serializer = RoomEntrySerializer(data=room_entry_data)
if serializer.is_valid(): @classmethod
serializer.save() def add_path(cls, info, room_entry_data, room):
return cls(room_entry=serializer.instance) if not room or not room.school_class.is_user_in_schoolclass(info.context.user):
raise PermissionDenied('You are in the wrong class')
return cls(room_entry=None, errors=['{}: {}'.format(key, value) for key, value in serializer.errors.items()]) room_entry_data['author'] = info.context.user.pk
return RoomEntrySerializer(data=room_entry_data)
class AddRoomEntry(MutateRoomEntry): class AddRoomEntry(MutateRoomEntry):
@ -165,7 +177,6 @@ class UpdateRoomVisibility(relay.ClientIDMutation):
return cls(success=True, room=room) return cls(success=True, room=room)
class AddComment(relay.ClientIDMutation): class AddComment(relay.ClientIDMutation):
class Input: class Input:
comment = graphene.String(required=True) comment = graphene.String(required=True)

3
server/rooms/tests/test_room_entry_mutations.py
View File

@ -181,4 +181,5 @@ mutation AddRoomEntry($input: AddRoomEntryInput!){
} }
}) })
self.assertIsNotNone(result.errors) self.assertIsNotNone(result.errors)
self.assertTrue('Permission' in result.errors) self.assertTrue('message' in result.errors[0])
self.assertEqual(result.errors[0]['message'], 'You are in the wrong class')