ramon
/
vbv
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Hide edit buttons based on role

This commit is contained in:
Christian Cueni 2024-10-02 07:41:15 +02:00
parent 60e4de3d9e
commit 993c9bb536
3 changed files with 75 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
client/src/pages/cockpit/documentPage/DocumentPage.vue
View File

@ -2,7 +2,11 @@
import DocumentListItem from "@/components/circle/DocumentListItem.vue";
import ItDropdownSelect from "@/components/ui/ItDropdownSelect.vue";
import ItModal from "@/components/ui/ItModal.vue";
import { useCourseData, useCurrentCourseSession } from "@/composables";
import {
useCourseData,
useCourseSessionDetailQuery,
useCurrentCourseSession,
} from "@/composables";
import { useExpertCockpitPageData } from "@/pages/cockpit/cockpitPage/composables";
import DocumentUploadForm from "@/pages/cockpit/documentPage/DocumentUploadForm.vue";
import {
@ -12,6 +16,7 @@ import {
} from "@/services/files";
import { useCourseSessionsStore } from "@/stores/courseSessions";
import { useExpertCockpitStore } from "@/stores/expertCockpit";
import { useUserStore } from "@/stores/user";
import type { CircleDocument, DocumentUploadData } from "@/types";
import dialog from "@/utils/confirm-dialog";
import { useTranslation } from "i18next-vue";
@ -21,6 +26,9 @@ import { computed, onMounted, ref, watch } from "vue";
const cockpitStore = useExpertCockpitStore();
const courseSession = useCurrentCourseSession();
const courseSessionsStore = useCourseSessionsStore();
const courseSessionDetailResult = useCourseSessionDetailQuery();
const userStore = useUserStore();
const courseData = useCourseData(courseSession.value?.course.slug);
const { t } = useTranslation();
@ -71,6 +79,17 @@ const circleDocuments = computed(() => {
);
});
const canEditDocuments = computed(() => {
const circleExperts = courseSessionDetailResult.filterCircleExperts(
cockpitStore.currentCircle?.slug || ""
);
return circleExperts.some(
(expert) =>
expert.user_id === userStore.id &&
expert.id.indexOf("as-ephemeral-supervisor") === -1
);
});
const deleteDocument = async (doc: CircleDocument) => {
const options = {
title: t("circlePage.documents.deleteModalTitle"),
@ -134,18 +153,21 @@ async function uploadDocument(data: DocumentUploadData) {
@update:model-value="cockpitStore.setCurrentCourseCircleFromEvent"
></ItDropdownSelect>
</div>
<div class="bg-white p-6">
<button class="btn-primary text-xl" @click="showUploadModal = true">
<button
v-if="canEditDocuments"
class="btn-primary mb-6 text-xl"
@click="showUploadModal = true"
>
{{ t("circlePage.documents.action") }}
</button>
<ul v-if="circleDocuments.length" class="mt-8 border-t border-t-gray-500">
<ul v-if="circleDocuments.length" class="border-t border-t-gray-500">
<DocumentListItem
v-for="doc of circleDocuments"
:key="doc.url"
:subtitle="doc.learning_sequence.title"
:can-delete="true"
:can-delete="canEditDocuments"
:doc="doc"
@delete="deleteDocument(doc)"
/>

14
server/vbv_lernwelt/iam/permissions.py
View File

@ -53,7 +53,9 @@ def has_course_session_document_access(user, course_session_id: int):
course_session_id=course_session_id, user=user
).exists()
or is_course_session_berufsbildner(user, course_session_id)
or CourseSessionGroup.objects.filter(course_session=course_session_id, supervisor=user.id).exists()
or CourseSessionGroup.objects.filter(
course_session=course_session_id, supervisor=user.id
).exists()
)
@ -349,10 +351,10 @@ def can_view_course_completions(
str(user.id) == target_user_id
or is_course_session_expert(user=user, course_session_id=course_session_id)
or is_agent_for_user(
agent=user,
participant_user_id=target_user_id,
course_session_id=course_session_id,
)
agent=user,
participant_user_id=target_user_id,
course_session_id=course_session_id,
)
)
@ -383,7 +385,7 @@ def course_session_permissions(user: User, course_session_id: int) -> list[str]:
"learning-mentor": has_learning_mentor,
"learning-mentor::edit-mentors": has_learning_mentor and is_member,
"learning-mentor::guide-members": course_has_learning_mentor
and is_learning_mentor,
and is_learning_mentor,
"preview": has_course_session_preview(user, course_session_id),
"media-library": (
is_supervisor or is_expert or is_member or is_berufsbildner

54
server/vbv_lernwelt/iam/tests/test_permissions.py
View File

@ -36,9 +36,13 @@ class PermissionsTestCase(TestCase):
csg.supervisor.add(self.user)
# WHEN
has_access = has_course_session_document_access(self.user, self.course_session.id)
has_access = has_course_session_document_access(
self.user, self.course_session.id
)
some = CourseSessionGroup.objects.filter(course_session=self.course_session.id, supervisor=self.user.id)
some = CourseSessionGroup.objects.filter(
course_session=self.course_session.id, supervisor=self.user.id
)
print(some)
# THEN
@ -51,9 +55,13 @@ class PermissionsTestCase(TestCase):
csg.supervisor.add(self.user)
# WHEN
has_access = has_course_session_document_access(self.user, self.course_session.id)
has_access = has_course_session_document_access(
self.user, self.course_session.id
)
some = CourseSessionGroup.objects.filter(course_session=self.course_session.id, supervisor=self.user.id)
some = CourseSessionGroup.objects.filter(
course_session=self.course_session.id, supervisor=self.user.id
)
print(some)
# THEN
@ -68,7 +76,9 @@ class PermissionsTestCase(TestCase):
)
# WHEN
has_access = has_course_session_document_access(self.user, self.course_session.id)
has_access = has_course_session_document_access(
self.user, self.course_session.id
)
# THEN
self.assertTrue(has_access)
@ -82,7 +92,9 @@ class PermissionsTestCase(TestCase):
)
# WHEN
has_access = has_course_session_document_access(self.user, self.other_course_session.id)
has_access = has_course_session_document_access(
self.user, self.other_course_session.id
)
# THEN
self.assertFalse(has_access)
@ -96,7 +108,9 @@ class PermissionsTestCase(TestCase):
)
# WHEN
has_access = has_course_session_document_access(self.user, self.course_session.id)
has_access = has_course_session_document_access(
self.user, self.course_session.id
)
# THEN
self.assertTrue(has_access)
@ -110,7 +124,9 @@ class PermissionsTestCase(TestCase):
)
# WHEN
has_access = has_course_session_document_access(self.user, self.other_course_session.id)
has_access = has_course_session_document_access(
self.user, self.other_course_session.id
)
# THEN
self.assertFalse(has_access)
@ -124,11 +140,16 @@ class PermissionsTestCase(TestCase):
role=CourseSessionUser.Role.MEMBER,
)
AgentParticipantRelation.objects.create(agent=self.user, participant=_csu,
role=AgentParticipantRoleType.BERUFSBILDNER.value)
AgentParticipantRelation.objects.create(
agent=self.user,
participant=_csu,
role=AgentParticipantRoleType.BERUFSBILDNER.value,
)
# WHEN
has_access = has_course_session_document_access(self.user, self.course_session.id)
has_access = has_course_session_document_access(
self.user, self.course_session.id
)
# THEN
self.assertTrue(has_access)
@ -142,11 +163,16 @@ class PermissionsTestCase(TestCase):
role=CourseSessionUser.Role.MEMBER,
)
AgentParticipantRelation.objects.create(agent=self.user, participant=_csu,
role=AgentParticipantRoleType.BERUFSBILDNER.value)
AgentParticipantRelation.objects.create(
agent=self.user,
participant=_csu,
role=AgentParticipantRoleType.BERUFSBILDNER.value,
)
# WHEN
has_access = has_course_session_document_access(self.user, self.course_session.id)
has_access = has_course_session_document_access(
self.user, self.course_session.id
)
# THEN
self.assertFalse(has_access)