From 5b288ced2e3fcc8667b9a032fcd41a4f2cc147a9 Mon Sep 17 00:00:00 2001
From: Jonathan Weth <git@jonathanweth.de>
Date: Sat, 24 Oct 2020 12:27:25 +0200
Subject: [PATCH] Add some extra commenting in forms.py

---
 aleksis/apps/alsijil/forms.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/aleksis/apps/alsijil/forms.py b/aleksis/apps/alsijil/forms.py
index f2632d1f4..c39709aa2 100644
--- a/aleksis/apps/alsijil/forms.py
+++ b/aleksis/apps/alsijil/forms.py
@@ -83,7 +83,10 @@ class SelectForm(forms.Form):
 
         group_qs = Group.get_groups_with_lessons()
 
+        # Filter selectable groups by permissions
         if not check_global_permission(self.request.user, "alsijil.view_week"):
+            # 1) All groups the user is allowed to see the week view by object permissions
+            # 2) All groups the user is a member of an owner of
             group_qs = (
                 group_qs.filter(
                     pk__in=get_objects_for_user(
@@ -91,6 +94,8 @@ class SelectForm(forms.Form):
                     ).values_list("pk", flat=True)
                 )
             ).union(group_qs.filter(Q(members=person) | Q(owners=person)))
+
+        # Flatten query by filtering groups by pk
         self.fields["group"].queryset = Group.objects.filter(
             pk__in=list(group_qs.values_list("pk", flat=True))
         )
@@ -98,7 +103,10 @@ class SelectForm(forms.Form):
         teacher_qs = Person.objects.annotate(
             lessons_count=Count("lessons_as_teacher")
         ).filter(lessons_count__gt=0)
+
+        # Filter selectable teachers by permissions
         if not check_global_permission(self.request.user, "alsijil.view_week"):
+            # If the user hasn't the global permission, the user is only allowed to see his own person
             teacher_qs = teacher_qs.filter(pk=person.pk)
 
         self.fields["teacher"].queryset = teacher_qs
@@ -136,9 +144,15 @@ class RegisterAbsenceForm(forms.Form):
         self.request = get_request()
         super().__init__(*args, **kwargs)
         period_choices = TimePeriod.period_choices
+
+        # Filter selectable persons by permissions
         if check_global_permission(self.request.user, "alsijil.register_absence"):
+            # Global permission, user can register absences for all persons
             self.fields["person"].queryset = Person.objects.all()
         else:
+            # 1) All persons the user is allowed to register an absence for by object permissions
+            # 2) All persons the user is the primary group owner
+            # 3) All persons the user is allowed to register an absence for by object permissions of the person's group
             persons_qs = (
                 get_objects_for_user(
                     self.request.user, "core.register_absence_person", Person
@@ -156,6 +170,8 @@ class RegisterAbsenceForm(forms.Form):
                     )
                 )
             )
+
+            # Flatten query by getting all pks and filter persons
             self.fields["person"].queryset = Person.objects.filter(
                 pk__in=list(persons_qs.values_list("pk", flat=True))
             )
-- 
GitLab