hack: extremely hack to make supervisor dashboard navigation to cockpit semi-work

not sure how this could be done nicer :-/

server/vbv_lernwelt/core/serializers.py

@@ -1,8 +1,11 @@
+from typing import List
+
 from rest_framework import serializers
 from rest_framework.renderers import JSONRenderer
 
 from vbv_lernwelt.core.models import User
 from vbv_lernwelt.course.models import CourseSessionUser
+from vbv_lernwelt.course_session_group.models import CourseSessionGroup
 
 
 def create_json_from_objects(objects, serializer_class, many=True) -> str:
@@ -35,9 +38,17 @@ class UserSerializer(serializers.ModelSerializer):
             "username",
         ]
 
-    def get_course_session_experts(self, obj):
-        qs = CourseSessionUser.objects.filter(
-            role=CourseSessionUser.Role.EXPERT, user=obj
+    def get_course_session_experts(self, obj: User) -> List[str]:
+        supervisor_in_session_ids = set(
+            CourseSessionGroup.objects.filter(supervisor=obj).values_list(
+                "course_session__id", flat=True
+            )
         )
 
-        return [str(csu.course_session.id) for csu in qs]
+        expert_in_session_ids = set(
+            CourseSessionUser.objects.filter(
+                role=CourseSessionUser.Role.EXPERT, user=obj
+            ).values_list("course_session__id", flat=True)
+        )
+
+        return [str(_id) for _id in (supervisor_in_session_ids | expert_in_session_ids)]

server/vbv_lernwelt/course/views.py

@@ -14,6 +14,7 @@ from vbv_lernwelt.course.serializers import (
     DocumentUploadStartInputSerializer,
 )
 from vbv_lernwelt.course.services import mark_course_completion
+from vbv_lernwelt.course_session_group.models import CourseSessionGroup
 from vbv_lernwelt.files.models import UploadFile
 from vbv_lernwelt.files.services import FileDirectUploadService
 from vbv_lernwelt.iam.permissions import (
@@ -129,11 +130,24 @@ def mark_course_completion_view(request):
 @api_view(["GET"])
 def get_course_sessions(request):
     try:
-        course_sessions = course_sessions_for_user_qs(request.user).prefetch_related(
-            "course"
-        )
+        # participant/member/expert course sessions
+        regular_course_sessions = course_sessions_for_user_qs(
+            request.user
+        ).prefetch_related("course")
+
+        # enrich with supervisor course sessions
+        supervisor_course_sessions = CourseSession.objects.filter(
+            id__in=CourseSessionGroup.objects.filter(
+                supervisor=request.user
+            ).values_list("course_session", flat=True)
+        ).prefetch_related("course")
+
+        all_to_serialize = (
+            regular_course_sessions | supervisor_course_sessions
+        ).distinct()
+
         return Response(
-            status=200, data=CourseSessionSerializer(course_sessions, many=True).data
+            status=200, data=CourseSessionSerializer(all_to_serialize, many=True).data
         )
     except PermissionDenied as e:
         raise e

server/vbv_lernwelt/iam/permissions.py

@@ -12,6 +12,11 @@ def has_course_access(user, course_id):
     if user.is_superuser:
         return True
 
+    if CourseSessionGroup.objects.filter(
+        course_session__course_id=course_id, supervisor=user
+    ).exists():
+        return True
+
     return CourseSessionUser.objects.filter(
         course_session__course_id=course_id, user=user
     ).exists()
@@ -30,12 +35,18 @@ def is_course_session_expert(user, course_session_id: int):
     if user.is_superuser:
         return True
 
-    return CourseSessionUser.objects.filter(
+    is_supervisor = CourseSessionGroup.objects.filter(
+        supervisor=user, course_session__id=course_session_id
+    ).exists()
+
+    is_expert = CourseSessionUser.objects.filter(
         course_session_id=course_session_id,
         user=user,
         role=CourseSessionUser.Role.EXPERT,
     ).exists()
 
+    return is_supervisor or is_expert
+
 
 def course_sessions_for_user_qs(user):
     if user.is_superuser: