ramon
/
vbv
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add documents permission

This commit is contained in:
Christian Cueni 2024-10-01 09:18:18 +02:00
parent 3d75af885c
commit 0b9ebf9e21
3 changed files with 174 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/vbv_lernwelt/course_session/views.py
View File

@ -4,12 +4,14 @@ from rest_framework.response import Response
from vbv_lernwelt.course.models import CircleDocument
from vbv_lernwelt.course.serializers import CircleDocumentSerializer
from vbv_lernwelt.iam.permissions import has_course_session_access
from vbv_lernwelt.iam.permissions import (
has_course_session_document_access,
)
@api_view(["GET"])
def get_course_session_documents(request, course_session_id):
if not has_course_session_access(request.user, course_session_id):
if not has_course_session_document_access(request.user, course_session_id):
raise PermissionDenied()
circle_documents = CircleDocument.objects.filter(

13
server/vbv_lernwelt/iam/permissions.py
View File

@ -44,6 +44,19 @@ def has_course_session_access(user, course_session_id: int):
).exists()
def has_course_session_document_access(user, course_session_id: int):
if user.is_superuser:
return True
return (
CourseSessionUser.objects.filter(
course_session_id=course_session_id, user=user
).exists()
or is_course_session_berufsbildner(user, course_session_id)
or CourseSessionGroup.objects.filter(course_session=course_session_id, supervisor=user.id).exists()
)
def has_course_session_preview(user, course_session_id: int):
if user.is_superuser:
return True

152
server/vbv_lernwelt/iam/tests/test_permissions.py Normal file
View File

@ -0,0 +1,152 @@
from django.test import TestCase
from vbv_lernwelt.course.creators.test_utils import (
create_course,
create_course_session,
create_user,
)
from vbv_lernwelt.course.models import CourseSessionUser
from vbv_lernwelt.course_session_group.models import CourseSessionGroup
from vbv_lernwelt.iam.permissions import (
has_course_session_document_access,
)
from vbv_lernwelt.learning_mentor.models import (
AgentParticipantRelation,
AgentParticipantRoleType,
)
class PermissionsTestCase(TestCase):
def setUp(self):
self.course, _ = create_course("Test Course")
self.course_session = create_course_session(
course=self.course, title="Test Session"
)
self.other_course_session = create_course_session(
course=self.course, title="Other Session"
)
self.user = create_user("user")
def test_regionenleiter_has_course_session_document_access(self):
# GIVEN
csg = CourseSessionGroup.objects.create(name="Test Group", course=self.course)
csg.course_session.add(self.course_session)
csg.supervisor.add(self.user)
# WHEN
has_access = has_course_session_document_access(self.user, self.course_session.id)
some = CourseSessionGroup.objects.filter(course_session=self.course_session.id, supervisor=self.user.id)
print(some)
# THEN
self.assertTrue(has_access)
def test_regionenleiter_has_no_course_session_document_access(self):
# GIVEN
csg = CourseSessionGroup.objects.create(name="Test Group", course=self.course)
csg.course_session.add(self.other_course_session)
csg.supervisor.add(self.user)
# WHEN
has_access = has_course_session_document_access(self.user, self.course_session.id)
some = CourseSessionGroup.objects.filter(course_session=self.course_session.id, supervisor=self.user.id)
print(some)
# THEN
self.assertFalse(has_access)
def test_expert_has_course_session_document_access(self):
# GIVEN
_csu = CourseSessionUser.objects.create(
course_session=self.course_session,
user=self.user,
role=CourseSessionUser.Role.EXPERT,
)
# WHEN
has_access = has_course_session_document_access(self.user, self.course_session.id)
# THEN
self.assertTrue(has_access)
def test_expert_has_no_course_session_document_access(self):
# GIVEN
_csu = CourseSessionUser.objects.create(
course_session=self.course_session,
user=self.user,
role=CourseSessionUser.Role.EXPERT,
)
# WHEN
has_access = has_course_session_document_access(self.user, self.other_course_session.id)
# THEN
self.assertFalse(has_access)
def test_member_has_course_session_document_access(self):
# GIVEN
_csu = CourseSessionUser.objects.create(
course_session=self.course_session,
user=self.user,
role=CourseSessionUser.Role.MEMBER,
)
# WHEN
has_access = has_course_session_document_access(self.user, self.course_session.id)
# THEN
self.assertTrue(has_access)
def test_member_has_no_course_session_document_access(self):
# GIVEN
_csu = CourseSessionUser.objects.create(
course_session=self.course_session,
user=self.user,
role=CourseSessionUser.Role.MEMBER,
)
# WHEN
has_access = has_course_session_document_access(self.user, self.other_course_session.id)
# THEN
self.assertFalse(has_access)
def test_berufsbildner_has_course_session_document_access(self):
# GIVEN
member = create_user("member")
_csu = CourseSessionUser.objects.create(
course_session=self.course_session,
user=member,
role=CourseSessionUser.Role.MEMBER,
)
AgentParticipantRelation.objects.create(agent=self.user, participant=_csu,
role=AgentParticipantRoleType.BERUFSBILDNER.value)
# WHEN
has_access = has_course_session_document_access(self.user, self.course_session.id)
# THEN
self.assertTrue(has_access)
def test_berufsbildner_has_no_course_session_document_access(self):
# GIVEN
member = create_user("member")
_csu = CourseSessionUser.objects.create(
course_session=self.other_course_session,
user=member,
role=CourseSessionUser.Role.MEMBER,
)
AgentParticipantRelation.objects.create(agent=self.user, participant=_csu,
role=AgentParticipantRoleType.BERUFSBILDNER.value)
# WHEN
has_access = has_course_session_document_access(self.user, self.course_session.id)
# THEN
self.assertFalse(has_access)