diff --git a/server/vbv_lernwelt/core/serializers.py b/server/vbv_lernwelt/core/serializers.py index 76363c88..523d70ec 100644 --- a/server/vbv_lernwelt/core/serializers.py +++ b/server/vbv_lernwelt/core/serializers.py @@ -1,8 +1,11 @@ +from typing import List + from rest_framework import serializers from rest_framework.renderers import JSONRenderer from vbv_lernwelt.core.models import User from vbv_lernwelt.course.models import CourseSessionUser +from vbv_lernwelt.course_session_group.models import CourseSessionGroup def create_json_from_objects(objects, serializer_class, many=True) -> str: @@ -35,9 +38,17 @@ class UserSerializer(serializers.ModelSerializer): "username", ] - def get_course_session_experts(self, obj): - qs = CourseSessionUser.objects.filter( - role=CourseSessionUser.Role.EXPERT, user=obj + def get_course_session_experts(self, obj: User) -> List[str]: + supervisor_in_session_ids = set( + CourseSessionGroup.objects.filter(supervisor=obj).values_list( + "course_session__id", flat=True + ) ) - return [str(csu.course_session.id) for csu in qs] + expert_in_session_ids = set( + CourseSessionUser.objects.filter( + role=CourseSessionUser.Role.EXPERT, user=obj + ).values_list("course_session__id", flat=True) + ) + + return [str(_id) for _id in (supervisor_in_session_ids | expert_in_session_ids)] diff --git a/server/vbv_lernwelt/course/views.py b/server/vbv_lernwelt/course/views.py index fa8e4686..b5a084c8 100644 --- a/server/vbv_lernwelt/course/views.py +++ b/server/vbv_lernwelt/course/views.py @@ -14,6 +14,7 @@ from vbv_lernwelt.course.serializers import ( DocumentUploadStartInputSerializer, ) from vbv_lernwelt.course.services import mark_course_completion +from vbv_lernwelt.course_session_group.models import CourseSessionGroup from vbv_lernwelt.files.models import UploadFile from vbv_lernwelt.files.services import FileDirectUploadService from vbv_lernwelt.iam.permissions import ( @@ -129,11 +130,24 @@ def mark_course_completion_view(request): @api_view(["GET"]) def get_course_sessions(request): try: - course_sessions = course_sessions_for_user_qs(request.user).prefetch_related( - "course" - ) + # participant/member/expert course sessions + regular_course_sessions = course_sessions_for_user_qs( + request.user + ).prefetch_related("course") + + # enrich with supervisor course sessions + supervisor_course_sessions = CourseSession.objects.filter( + id__in=CourseSessionGroup.objects.filter( + supervisor=request.user + ).values_list("course_session", flat=True) + ).prefetch_related("course") + + all_to_serialize = ( + regular_course_sessions | supervisor_course_sessions + ).distinct() + return Response( - status=200, data=CourseSessionSerializer(course_sessions, many=True).data + status=200, data=CourseSessionSerializer(all_to_serialize, many=True).data ) except PermissionDenied as e: raise e diff --git a/server/vbv_lernwelt/iam/permissions.py b/server/vbv_lernwelt/iam/permissions.py index 2c41e131..a572f21d 100644 --- a/server/vbv_lernwelt/iam/permissions.py +++ b/server/vbv_lernwelt/iam/permissions.py @@ -12,6 +12,11 @@ def has_course_access(user, course_id): if user.is_superuser: return True + if CourseSessionGroup.objects.filter( + course_session__course_id=course_id, supervisor=user + ).exists(): + return True + return CourseSessionUser.objects.filter( course_session__course_id=course_id, user=user ).exists() @@ -30,12 +35,18 @@ def is_course_session_expert(user, course_session_id: int): if user.is_superuser: return True - return CourseSessionUser.objects.filter( + is_supervisor = CourseSessionGroup.objects.filter( + supervisor=user, course_session__id=course_session_id + ).exists() + + is_expert = CourseSessionUser.objects.filter( course_session_id=course_session_id, user=user, role=CourseSessionUser.Role.EXPERT, ).exists() + return is_supervisor or is_expert + def course_sessions_for_user_qs(user): if user.is_superuser: