Merge branch 'master' into 143-fix-usage-of-user-has_perm-with-object-permissions

9a77bdf0 · Jonathan Weth · 3d5df0f4 · e94a0e7a · 9a77bdf0 · 9a77bdf0
Verified Commit 9a77bdf0 authored 4 years ago by Jonathan Weth
--- a/aleksis/apps/alsijil/preferences.py
+++ b/aleksis/apps/alsijil/preferences.py
@@ -34,6 +34,14 @@ class RegisterAbsenceAsPrimaryGroupOwner(BooleanPreference):
    )


+@site_preferences_registry.register
+class EditLessonDocumentationAsOriginalTeacher(BooleanPreference):
+    section = alsijil
+    name = "edit_lesson_documentation_as_original_teacher"
+    default = True
+    verbose_name = _("Allow original teachers to edit their lessons although they are substituted")
+
+
 @site_preferences_registry.register
 class CarryOverDataToNextPeriods(BooleanPreference):
    section = alsijil

--- a/aleksis/apps/alsijil/rules.py
+++ b/aleksis/apps/alsijil/rules.py
@@ -15,6 +15,7 @@ from .util.predicates import (
    is_group_member,
    is_group_owner,
    is_group_role_assignment_group_owner,
+    is_lesson_original_teacher,
    is_lesson_parent_group_owner,
    is_lesson_participant,
    is_lesson_teacher,
@@ -23,6 +24,7 @@ from .util.predicates import (
    is_owner_of_any_group,
    is_person_group_owner,
    is_person_primary_group_owner,
+    is_personal_note_lesson_original_teacher,
    is_personal_note_lesson_parent_group_owner,
    is_personal_note_lesson_teacher,
    is_teacher,
@@ -32,6 +34,7 @@ from .util.predicates import (
 view_register_object_predicate = has_person & (
    is_none  # View is opened as "Current lesson"
    | is_lesson_teacher
+    | is_lesson_original_teacher
    | is_lesson_participant
    | is_lesson_parent_group_owner
    | has_global_perm("alsijil.view_lesson")
@@ -46,6 +49,7 @@ add_perm("alsijil.view_lesson_menu", has_person)
 view_lesson_personal_notes_predicate = view_register_object_predicate & (
    ~is_lesson_participant
    | is_lesson_teacher
+    | is_lesson_original_teacher
    | has_global_perm("alsijil.view_personalnote")
    | has_lesson_group_object_perm("core.view_personalnote_group")
 )
@@ -54,6 +58,10 @@ add_perm("alsijil.view_register_object_personalnote", view_lesson_personal_notes
 # Edit personal note
 edit_lesson_personal_note_predicate = view_lesson_personal_notes_predicate & (
    is_lesson_teacher
+    | (
+        is_lesson_original_teacher
+        & is_site_preference_set("alsijil", "edit_lesson_documentation_as_original_teacher")
+    )
    | has_global_perm("alsijil.change_personalnote")
    | has_lesson_group_object_perm("core.edit_personalnote_group")
 )
@@ -63,6 +71,7 @@ add_perm("alsijil.edit_register_object_personalnote", edit_lesson_personal_note_
 view_personal_note_predicate = has_person & (
    (is_own_personal_note & is_site_preference_set("alsijil", "view_own_personal_notes"))
    | is_personal_note_lesson_teacher
+    | is_personal_note_lesson_original_teacher
    | is_personal_note_lesson_parent_group_owner
    | has_global_perm("alsijil.view_personalnote")
    | has_personal_note_group_perm("core.view_personalnote_group")
@@ -72,6 +81,10 @@ add_perm("alsijil.view_personalnote", view_personal_note_predicate)
 # Edit personal note
 edit_personal_note_predicate = view_personal_note_predicate & (
    ~is_own_personal_note
+    & ~(
+        is_personal_note_lesson_original_teacher
+        or not is_site_preference_set("alsijil", "edit_lesson_documentation_as_original_teacher")
+    )
    | has_global_perm("alsijil.view_personalnote")
    | has_personal_note_group_perm("core.edit_personalnote_group")
 )
@@ -84,6 +97,10 @@ add_perm("alsijil.view_lessondocumentation", view_lesson_documentation_predicate
 # Edit lesson documentation
 edit_lesson_documentation_predicate = view_register_object_predicate & (
    is_lesson_teacher
+    | (
+        is_lesson_original_teacher
+        & is_site_preference_set("alsijil", "edit_lesson_documentation_as_original_teacher")
+    )
    | has_global_perm("alsijil.change_lessondocumentation")
    | has_lesson_group_object_perm("core.edit_lessondocumentation_group")
 )
@@ -247,7 +264,10 @@ view_assigned_group_roles_predicate = (
 add_perm("alsijil.view_assigned_grouproles", view_assigned_group_roles_predicate)

 view_assigned_group_roles_register_object_predicate = (
-    is_lesson_teacher | is_lesson_parent_group_owner | has_global_perm("alsjil.assign_grouprole")
+    is_lesson_teacher
+    | is_lesson_original_teacher
+    | is_lesson_parent_group_owner
+    | has_global_perm("alsjil.assign_grouprole")
 )
 add_perm(
    "alsijil.view_assigned_grouproles_for_register_object",

--- a/aleksis/apps/alsijil/util/predicates.py
+++ b/aleksis/apps/alsijil/util/predicates.py
@@ -22,12 +22,25 @@ def is_none(user: User, obj: Any) -> bool:
 def is_lesson_teacher(user: User, obj: Union[LessonPeriod, Event, ExtraLesson]) -> bool:
    """Predicate for teachers of a lesson.

-    Checks whether the person linked to the user is a teacher
-    in the lesson or the substitution linked to the given LessonPeriod.
+    Checks whether the person linked to the user is a teacher in the register object.
+    If the register object is a lesson period and has a substitution linked,
+    this will **only** check if the person is one of the substitution teachers.
+    """
+    if obj:
+        return user.person in obj.get_teachers().all()
+    return False
+
+
+@predicate
+def is_lesson_original_teacher(user: User, obj: Union[LessonPeriod, Event, ExtraLesson]) -> bool:
+    """Predicate for teachers of a lesson.
+
+    Checks whether the person linked to the user is a teacher in the register object.
+    If the register object is a lesson period and has a substitution linked,
+    this will **also** check if the person is one of the substitution teachers.
    """
    if obj:
-        sub = obj.get_substitution() if isinstance(obj, LessonPeriod) else None
-        if sub and sub in user.person.lesson_substitutions.all():
+        if isinstance(obj, LessonPeriod) and user.person in obj.lesson.teachers.all():
            return True
        return user.person in obj.get_teachers().all()
    return False
@@ -206,22 +219,35 @@ def is_own_personal_note(user: User, obj: PersonalNote) -> bool:

 @predicate
 def is_personal_note_lesson_teacher(user: User, obj: PersonalNote) -> bool:
-    """Predicate for teachers of a lesson referred to in the lesson period of a personal note.
+    """Predicate for teachers of a register object linked to a personal note.

    Checks whether the person linked to the user is a teacher
-    in the lesson or the substitution linked to the LessonPeriod of the given PersonalNote.
+    in the register object linked to the personal note.
+    If the register object is a lesson period and has a substitution linked,
+    this will **only** check if the person is one of the substitution teachers.
    """
    if hasattr(obj, "register_object"):
-        if getattr(obj, "lesson_period", None):
-            sub = obj.lesson_period.get_substitution()
-            if sub and user.person in Person.objects.filter(
-                lesson_substitutions=obj.lesson_period.get_substitution()
-            ):
-                return True
-
        return user.person in obj.register_object.get_teachers().all()
+    return False

-        return False
+
+@predicate
+def is_personal_note_lesson_original_teacher(user: User, obj: PersonalNote) -> bool:
+    """Predicate for teachers of a register object linked to a personal note.
+
+    Checks whether the person linked to the user is a teacher
+    in the register object linked to the personal note.
+    If the register object is a lesson period and has a substitution linked,
+    this will **also** check if the person is one of the substitution teachers.
+    """
+    if hasattr(obj, "register_object"):
+        if (
+            isinstance(obj.register_object, LessonPeriod)
+            and user.person in obj.lesson_period.lesson.teachers.all()
+        ):
+            return True
+
+        return user.person in obj.register_object.get_teachers().all()
    return False