From 17eb159eebfd1375d007270f77b4accb3b9319c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20K=C3=BCnzel?= <simonk@fsmpi.rwth-aachen.de>
Date: Fri, 31 May 2024 00:01:43 +0200
Subject: [PATCH] Fix view permissions update for lecture modifying course

---
 src/api/objects/fields.py            |  9 +++++--
 tests/routes/object_modifications.py | 35 +++++++++++++++++++++++-----
 2 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/src/api/objects/fields.py b/src/api/objects/fields.py
index 5814abb..09f8710 100644
--- a/src/api/objects/fields.py
+++ b/src/api/objects/fields.py
@@ -1,6 +1,6 @@
 from api.database import *
 from api.miscellaneous import *
-from api.course import lecture_queue_query_auth, course_queue_query_auth, lecture_query_auth, course_query_auth
+from api.course import lecture_queue_query_auth, course_queue_query_auth, course_query_auth
 from api.authentication import ViewPermissions, ViewPermissionsType, get_effective_view_permissions
 
 from api.objects.changelog_entries import ModificationEntry, DeletionEntry, CreationEntry
@@ -348,6 +348,11 @@ class FeaturedDisplayPriorityField(ObjectIndirectField[tuple[int, DbResultSet]])
         return feature_order
 
 
+_SQL_GET_LECTURE_AUTH = PreparedStatement("""
+SELECT * FROM "perm"
+WHERE "perm"."lecture_id" = ?
+    AND (NOT "deleted")
+""")
 _SQL_CREATE_COURSE_PERM = PreparedStatement("""
 INSERT INTO "perm" ("course_id", "type", "param1", "param2")
     VALUES (?, ?, ?, ?)
@@ -408,7 +413,7 @@ class ViewPermissionsField(ObjectIndirectField[tuple[DbResultSet, ViewPermission
                                           client_value: CJsonValue) -> tuple[DbResultSet, ViewPermissions]:
         return (
             None if object_id is None
-            else (lecture_query_auth(object_id, transaction=transaction) if self._for_lecture
+            else (transaction.execute_statement(_SQL_GET_LECTURE_AUTH, object_id) if self._for_lecture
                   else course_query_auth(object_id, transaction)),
             ViewPermissions.from_json(client_value))
     
diff --git a/tests/routes/object_modifications.py b/tests/routes/object_modifications.py
index e802955..0f55c4f 100644
--- a/tests/routes/object_modifications.py
+++ b/tests/routes/object_modifications.py
@@ -26,7 +26,7 @@ class ObjectModificationsTest(ApiTest):
             else:
                 self.assert_valid_field_value(field)
     
-    def assert_field_has_value(self, config: dict, field_id: str, expected_value):
+    def get_field_value(self, config: dict, field_id: str):
         self.assert_contains(config, "fields")
         fields = config["fields"]
         for field in fields:
@@ -36,11 +36,13 @@ class ObjectModificationsTest(ApiTest):
             self.assert_contains(description, "id")
             if description["id"] != field_id:
                 continue
-            self.assertEqual(expected_value, field["value"])
-            break
+            return field["value"]
         else:
             raise AssertionError(f"Missing field {field_id} in {config}")
     
+    def assert_field_has_value(self, config: dict, field_id: str, expected_value):
+        self.assertEqual(expected_value, self.get_field_value(config, field_id))
+    
     def test_get_config(self):
         self.do_json_request(
             "GET",
@@ -1232,26 +1234,47 @@ class ObjectModificationsTest(ApiTest):
     
     def test_patch_view_permissions(self):
         def test_perm(perm: dict):
+            current_course_value = self.get_field_value(self.do_json_request(
+                "GET",
+                "/object_management/course/2/configuration",
+                use_moderator_login=True
+            )[1], "view_permissions")
+            current_lecture_value = self.get_field_value(self.do_json_request(
+                "GET",
+                "/object_management/lecture/2/configuration",
+                use_moderator_login=True
+            )[1], "view_permissions")
             self.do_json_request(
                 "PATCH",
-                "/object_management/course/2/configuration",
+                "/object_management/lecture/2/configuration",
                 {
                     "updates": {
                         "view_permissions": perm
                     },
-                    "expected_current_values": {}
+                    "expected_current_values": {
+                        "view_permissions":  current_lecture_value
+                    }
                 },
                 use_moderator_login=True
             )
             self.assert_field_has_value(
                 self.do_json_request(
                     "GET",
-                    "/object_management/course/2/configuration",
+                    "/object_management/lecture/2/configuration",
                     use_moderator_login=True
                 )[1],
                 "view_permissions",
                 perm
             )
+            self.assert_field_has_value(
+                self.do_json_request(
+                    "GET",
+                    "/object_management/course/2/configuration",
+                    use_moderator_login=True
+                )[1],
+                "view_permissions",
+                current_course_value
+            )
         
         test_perm({"type": "public"})
         test_perm({"type": "private"})
-- 
GitLab