Skip to content
Snippets Groups Projects
Commit 17eb159e authored by Simon Künzel's avatar Simon Künzel
Browse files

Fix view permissions update for lecture modifying course

parent 49bf375c
No related branches found
No related tags found
1 merge request!1Rollout to production
Pipeline #5957 passed
Stage: build
Stage: test
Stage: deploy
Show whitespace changes
Inline Side-by-side
src/api/objects/fields.py
+ 7
2
View file @ 17eb159e
from api.database import * from api.database import *
from api.miscellaneous import * from api.miscellaneous import *
from api.course import lecture_queue_query_auth, course_queue_query_auth, lecture_query_auth, course_query_auth from api.course import lecture_queue_query_auth, course_queue_query_auth, course_query_auth
from api.authentication import ViewPermissions, ViewPermissionsType, get_effective_view_permissions from api.authentication import ViewPermissions, ViewPermissionsType, get_effective_view_permissions
from api.objects.changelog_entries import ModificationEntry, DeletionEntry, CreationEntry from api.objects.changelog_entries import ModificationEntry, DeletionEntry, CreationEntry
...@@ -348,6 +348,11 @@ class FeaturedDisplayPriorityField(ObjectIndirectField[tuple[int, DbResultSet]]) ...@@ -348,6 +348,11 @@ class FeaturedDisplayPriorityField(ObjectIndirectField[tuple[int, DbResultSet]])
return feature_order return feature_order
_SQL_GET_LECTURE_AUTH = PreparedStatement("""
SELECT * FROM "perm"
WHERE "perm"."lecture_id" = ?
AND (NOT "deleted")
""")
_SQL_CREATE_COURSE_PERM = PreparedStatement(""" _SQL_CREATE_COURSE_PERM = PreparedStatement("""
INSERT INTO "perm" ("course_id", "type", "param1", "param2") INSERT INTO "perm" ("course_id", "type", "param1", "param2")
VALUES (?, ?, ?, ?) VALUES (?, ?, ?, ?)
...@@ -408,7 +413,7 @@ class ViewPermissionsField(ObjectIndirectField[tuple[DbResultSet, ViewPermission ...@@ -408,7 +413,7 @@ class ViewPermissionsField(ObjectIndirectField[tuple[DbResultSet, ViewPermission
client_value: CJsonValue) -> tuple[DbResultSet, ViewPermissions]: client_value: CJsonValue) -> tuple[DbResultSet, ViewPermissions]:
return ( return (
None if object_id is None None if object_id is None
else (lecture_query_auth(object_id, transaction=transaction) if self._for_lecture else (transaction.execute_statement(_SQL_GET_LECTURE_AUTH, object_id) if self._for_lecture
else course_query_auth(object_id, transaction)), else course_query_auth(object_id, transaction)),
ViewPermissions.from_json(client_value)) ViewPermissions.from_json(client_value))
......
tests/routes/object_modifications.py
+ 29
6
View file @ 17eb159e
...@@ -26,7 +26,7 @@ class ObjectModificationsTest(ApiTest): ...@@ -26,7 +26,7 @@ class ObjectModificationsTest(ApiTest):
else: else:
self.assert_valid_field_value(field) self.assert_valid_field_value(field)
def assert_field_has_value(self, config: dict, field_id: str, expected_value): def get_field_value(self, config: dict, field_id: str):
self.assert_contains(config, "fields") self.assert_contains(config, "fields")
fields = config["fields"] fields = config["fields"]
for field in fields: for field in fields:
...@@ -36,11 +36,13 @@ class ObjectModificationsTest(ApiTest): ...@@ -36,11 +36,13 @@ class ObjectModificationsTest(ApiTest):
self.assert_contains(description, "id") self.assert_contains(description, "id")
if description["id"] != field_id: if description["id"] != field_id:
continue continue
self.assertEqual(expected_value, field["value"]) return field["value"]
break
else: else:
raise AssertionError(f"Missing field {field_id} in {config}") raise AssertionError(f"Missing field {field_id} in {config}")
def assert_field_has_value(self, config: dict, field_id: str, expected_value):
self.assertEqual(expected_value, self.get_field_value(config, field_id))
def test_get_config(self): def test_get_config(self):
self.do_json_request( self.do_json_request(
"GET", "GET",
...@@ -1232,26 +1234,47 @@ class ObjectModificationsTest(ApiTest): ...@@ -1232,26 +1234,47 @@ class ObjectModificationsTest(ApiTest):
def test_patch_view_permissions(self): def test_patch_view_permissions(self):
def test_perm(perm: dict): def test_perm(perm: dict):
current_course_value = self.get_field_value(self.do_json_request(
"GET",
"/object_management/course/2/configuration",
use_moderator_login=True
)[1], "view_permissions")
current_lecture_value = self.get_field_value(self.do_json_request(
"GET",
"/object_management/lecture/2/configuration",
use_moderator_login=True
)[1], "view_permissions")
self.do_json_request( self.do_json_request(
"PATCH", "PATCH",
"/object_management/course/2/configuration", "/object_management/lecture/2/configuration",
{ {
"updates": { "updates": {
"view_permissions": perm "view_permissions": perm
}, },
"expected_current_values": {} "expected_current_values": {
"view_permissions": current_lecture_value
}
}, },
use_moderator_login=True use_moderator_login=True
) )
self.assert_field_has_value( self.assert_field_has_value(
self.do_json_request( self.do_json_request(
"GET", "GET",
"/object_management/course/2/configuration", "/object_management/lecture/2/configuration",
use_moderator_login=True use_moderator_login=True
)[1], )[1],
"view_permissions", "view_permissions",
perm perm
) )
self.assert_field_has_value(
self.do_json_request(
"GET",
"/object_management/course/2/configuration",
use_moderator_login=True
)[1],
"view_permissions",
current_course_value
)
test_perm({"type": "public"}) test_perm({"type": "public"})
test_perm({"type": "private"}) test_perm({"type": "private"})
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment