Refactor permission functions

This commit is contained in:
Daniel Egger 2023-01-11 10:23:24 +01:00
parent 9fc834e99e
commit fb458be776
2 changed files with 14 additions and 16 deletions

View File

@ -18,7 +18,7 @@ def has_course_access(user, course_id):
return False return False
def is_course_expert(user, course_id): def is_course_expert(user, course_id: int):
if user.is_superuser: if user.is_superuser:
return True return True
@ -41,25 +41,23 @@ def course_sessions_for_user_qs(user):
return course_sessions return course_sessions
def is_circle_expert(user, learning_sequence, course) -> bool: def is_circle_expert(user, course_session_id: int, learning_sequence_id: int) -> bool:
if user.is_superuser: if user.is_superuser:
return True return True
try: try:
learning_sequence = LearningSequence.objects.get(id=learning_sequence) learning_sequence = LearningSequence.objects.get(id=learning_sequence_id)
except LearningSequence.DoesNotExist: except LearningSequence.DoesNotExist:
return False return False
circle_id = learning_sequence.get_parent().circle.id circle_id = learning_sequence.get_parent().circle.id
try: if CourseSessionUser.objects.filter(
CourseSessionUser.objects.get( id=course_session_id,
course_session__id=course, user=user,
user_id=user.id, role=CourseSessionUser.Role.EXPERT,
role=CourseSessionUser.Role.EXPERT, expert__id=circle_id,
expert__id=circle_id, ).exists():
) return True
except CourseSessionUser.DoesNotExist:
return False
return True return False

View File

@ -15,8 +15,8 @@ from vbv_lernwelt.course.permissions import (
course_sessions_for_user_qs, course_sessions_for_user_qs,
has_course_access, has_course_access,
has_course_access_by_page_request, has_course_access_by_page_request,
is_course_expert,
is_circle_expert, is_circle_expert,
is_course_expert,
) )
from vbv_lernwelt.course.serializers import ( from vbv_lernwelt.course.serializers import (
CourseCompletionSerializer, CourseCompletionSerializer,
@ -161,8 +161,8 @@ def document_upload_start(request):
if not is_circle_expert( if not is_circle_expert(
request.user, request.user,
serializer.validated_data["learning_sequence"],
serializer.validated_data["course_session"], serializer.validated_data["course_session"],
serializer.validated_data["learning_sequence"],
): ):
raise PermissionDenied() raise PermissionDenied()
@ -217,7 +217,7 @@ def document_direct_upload(request, file_id):
def document_delete(request, document_id): def document_delete(request, document_id):
document = get_object_or_404(CircleDocument, id=document_id) document = get_object_or_404(CircleDocument, id=document_id)
if not is_circle_expert( if not is_circle_expert(
request.user, document.learning_sequence_id, document.course_session_id request.user, document.course_session.id, document.learning_sequence.id
): ):
raise PermissionDenied() raise PermissionDenied()