ramon
/
vbv
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vbv/server/vbv_lernwelt/iam/permissions.py

389 lines
11 KiB
Python
Raw Blame History

from vbv_lernwelt.core.models import User
from vbv_lernwelt.course.models import Course, CourseSession, CourseSessionUser
from vbv_lernwelt.course_session_group.models import CourseSessionGroup
from vbv_lernwelt.learning_mentor.models import (
AgentParticipantRelation,
AgentParticipantRoleType,
)
from vbv_lernwelt.learnpath.models import LearningSequence
def has_course_access_by_page_request(request, obj):
return has_course_access(request.user, obj.specific.get_course().id)
def can_mark_course_completion(user: User, course_session_id: int) -> bool:
return is_course_session_member(user, course_session_id)
def has_course_access(user, course_id):
if user.is_superuser:
return True
if CourseSessionGroup.objects.filter(
course_session__course_id=course_id, supervisor=user
).exists():
return True
if AgentParticipantRelation.objects.filter(
agent=user, participant__course_session__course_id=course_id
).exists():
return True
return CourseSessionUser.objects.filter(
course_session__course_id=course_id, user=user
).exists()
def has_course_session_access(user, course_session_id: int):
if user.is_superuser:
return True
return CourseSessionUser.objects.filter(
course_session_id=course_session_id, user=user
).exists()
def has_course_session_preview(user, course_session_id: int):
if user.is_superuser:
return True
if is_course_session_member(user, course_session_id):
return False
return (
is_course_session_learning_mentor(user, course_session_id)
or is_course_session_berufsbildner(user, course_session_id)
or is_course_session_expert(user, course_session_id)
)
def has_media_library(user, course_session_id: int):
if user.is_superuser:
return True
if CourseSessionGroup.objects.filter(course_session=course_session_id).exists():
return True
return CourseSessionUser.objects.filter(
course_session=course_session_id,
user=user,
).exists()
def has_agent_role_in_course_session(
agent: User, course_session_id: int, role: AgentParticipantRoleType
):
course_session = CourseSession.objects.get(id=course_session_id)
if course_session is None:
return False
return AgentParticipantRelation.objects.filter(
agent=agent,
participant__course_session_id=course_session_id,
role=role.value,
).exists()
def is_course_session_learning_mentor(mentor: User, course_session_id: int):
return has_agent_role_in_course_session(
agent=mentor,
course_session_id=course_session_id,
role=AgentParticipantRoleType.LEARNING_MENTOR,
)
def is_course_session_berufsbildner(agent: User, course_session_id: int):
return has_agent_role_in_course_session(
agent=agent,
course_session_id=course_session_id,
role=AgentParticipantRoleType.BERUFSBILDNER,
)
def is_agent_for_user(
agent: User,
participant_user_id: str,
course_session_id: int,
roles: list[str] = None,
):
csu = CourseSessionUser.objects.filter(
course_session_id=course_session_id, user_id=participant_user_id
).first()
if csu is None:
return False
qs = AgentParticipantRelation.objects.filter(
agent=agent,
participant=csu,
)
if roles and len(roles) > 0:
qs = qs.filter(role__in=roles)
return qs.exists()
def is_learning_mentor_for_user(
mentor: User, participant_user_id: str, course_session_id: int
):
return is_agent_for_user(
agent=mentor,
participant_user_id=participant_user_id,
course_session_id=course_session_id,
roles=[
AgentParticipantRoleType.LEARNING_MENTOR.value,
],
)
def is_course_session_supervisor(user, course_session_id: int):
if user.is_superuser:
return True
return CourseSessionGroup.objects.filter(
supervisor=user, course_session=course_session_id
).exists()
def is_course_session_expert(user, course_session_id: int):
if user.is_superuser:
return True
course_session = CourseSession.objects.get(id=course_session_id)
is_supervisor = CourseSessionGroup.objects.filter(
supervisor=user, course_session=course_session
).exists()
is_expert = CourseSessionUser.objects.filter(
course_session=course_session,
user=user,
role=CourseSessionUser.Role.EXPERT,
).exists()
return is_supervisor or is_expert
def is_course_session_member(user, course_session_id: int | None = None):
if course_session_id is None:
return False
return CourseSessionUser.objects.filter(
course_session_id=course_session_id,
user=user,
role=CourseSessionUser.Role.MEMBER,
).exists()
def can_evaluate_assignments(
evaluation_user: User,
course_session_id: int,
assignment_user_ids: list[str] | None = None,
):
if evaluation_user.is_superuser:
return True
is_supervisor = CourseSessionGroup.objects.filter(
supervisor=evaluation_user, course_session__id=course_session_id
).exists()
if is_supervisor:
return True
is_expert = CourseSessionUser.objects.filter(
course_session_id=course_session_id,
user=evaluation_user,
role=CourseSessionUser.Role.EXPERT,
).exists()
if is_expert:
return True
if assignment_user_ids and len(assignment_user_ids) > 0:
is_agent_array = []
for assignment_user_id in assignment_user_ids:
is_agent_array.append(
is_agent_for_user(
agent=evaluation_user,
participant_user_id=assignment_user_id,
course_session_id=course_session_id,
)
)
return all(is_agent_array)
def course_sessions_for_user_qs(user):
if user.is_superuser:
return CourseSession.objects.all()
course_sessions = CourseSession.objects.filter(coursesessionuser__user=user)
return course_sessions
def is_circle_expert(user, course_session_id: int, learning_sequence_id: int) -> bool:
if user.is_superuser:
return True
try:
learning_sequence = LearningSequence.objects.get(id=learning_sequence_id)
except LearningSequence.DoesNotExist:
return False
circle_id = learning_sequence.get_parent().circle.id
return CourseSessionUser.objects.filter(
course_session_id=course_session_id,
user=user,
role=CourseSessionUser.Role.EXPERT,
expert__id=circle_id,
).exists()
def can_view_course_session_group_statistics(
user: User, group: CourseSessionGroup
) -> bool:
if user.is_superuser:
return True
return user in group.supervisor.all()
def can_view_course_session_progress(user: User, course_session: CourseSession) -> bool:
return CourseSessionUser.objects.filter(
course_session=course_session,
user=user,
role=CourseSessionUser.Role.MEMBER,
).exists()
def can_view_course_session(user: User, course_session: CourseSession) -> bool:
if user.is_superuser:
return True
if CourseSessionGroup.objects.filter(
course_session=course_session, supervisor=user
).exists():
return True
return CourseSessionUser.objects.filter(
course_session=course_session,
user=user,
).exists()
def has_role_in_course(user: User, course: Course) -> bool:
if CourseSessionUser.objects.filter(
course_session__course=course, user=user
).exists():
return True
if AgentParticipantRelation.objects.filter(
agent=user, participant__course_session__course=course
).exists():
return True
if CourseSessionGroup.objects.filter(course=course, supervisor=user).exists():
return True
return False
def can_view_course(user: User, course: Course) -> bool:
if user.is_superuser:
return True
if has_role_in_course(user, course):
return True
return False
def has_appointments(user: User, course_session_id: int) -> bool:
if user.is_superuser:
return True
if CourseSessionGroup.objects.filter(course_session=course_session_id).exists():
return True
return CourseSessionUser.objects.filter(course_session=course_session_id).exists()
def can_view_profile(user: User, profile_user: CourseSessionUser) -> bool:
if user.is_superuser:
return True
if user == profile_user.user:
return True
if is_course_session_expert(
user, profile_user.course_session.id
) or is_agent_for_user(
agent=user,
participant_user_id=profile_user.user.id,
course_session_id=profile_user.course_session.id,
):
return True
return False
def can_view_course_completions(
user: User, course_session_id: int, target_user_id: str
) -> bool:
return (
str(user.id) == target_user_id
or is_course_session_expert(user=user, course_session_id=course_session_id)
or is_agent_for_user(
agent=user,
participant_user_id=target_user_id,
course_session_id=course_session_id,
)
)
def course_session_permissions(user: User, course_session_id: int) -> list[str]:
course_session = CourseSession.objects.get(id=course_session_id)
is_supervisor = is_course_session_supervisor(user, course_session_id)
is_expert = is_course_session_expert(user, course_session_id)
is_member = is_course_session_member(user, course_session_id)
is_learning_mentor = is_course_session_learning_mentor(user, course_session_id)
is_berufsbildner = is_course_session_berufsbildner(user, course_session_id)
course_has_learning_mentor = (
course_session.course.configuration.enable_learning_mentor
)
has_learning_mentor = course_has_learning_mentor and (
is_member or is_expert or is_learning_mentor
)
return _action_list(
{
# roles
"is_supervisor": is_supervisor,
"is_expert": is_expert,
"is_member": is_member,
"is_learning_mentor": is_learning_mentor,
# actions
"learning-mentor": has_learning_mentor,
"learning-mentor::edit-mentors": has_learning_mentor and is_member,
"learning-mentor::guide-members": course_has_learning_mentor
and is_learning_mentor,
"preview": has_course_session_preview(user, course_session_id),
"media-library": (
is_supervisor or is_expert or is_member or is_berufsbildner
),
"appointments": is_supervisor or is_expert or is_member,
"expert-cockpit": is_expert,
"learning-path": is_member,
"competence-navi": is_member,
"complete-learning-content": is_expert or is_member,
}
)
def _action_list(actions: dict[str, bool]):
return [action for action, allowed in actions.items() if allowed]
Reference in New Issue View Git Blame Copy Permalink