diff --git a/messages/uniworx/de.msg b/messages/uniworx/de.msg index 4586461e8..2ccc7c667 100644 --- a/messages/uniworx/de.msg +++ b/messages/uniworx/de.msg @@ -171,7 +171,7 @@ SheetInvisibleUntil date@Text: Dieses Übungsblatt ist für Teilnehmer momentan SheetName: Name SheetDescription: Hinweise für Teilnehmer SheetGroup: Gruppenabgabe -SheetVisibleFrom: Sichtbar für Teilnehmer ab +SheetVisibleFrom: Verfügbar seit SheetVisibleFromTip: Ohne Datum nie sichtbar und keine Abgabe möglich; nur für unfertige Blätter leer lassen, deren Bewertung/Fristen sich noch ändern können SheetActiveFrom: Beginn Abgabezeitraum SheetActiveFromTip: Download der Aufgabenstellung erst ab diesem Datum möglich @@ -260,6 +260,7 @@ UnauthorizedRegistered: Sie sind nicht als Teilnehmer für diese Veranstaltung r UnauthorizedParticipant: Angegebener Benutzer ist nicht als Teilnehmer dieser Veranstaltung registriert. UnauthorizedCourseTime: Dieses Kurs erlaubt momentan keine Anmeldungen. UnauthorizedSheetTime: Dieses Übungsblatt ist momentan nicht freigegeben. +UnauthorizedMaterialTime: Dieses Material ist momentan nicht freigegeben. UnauthorizedTutorialTime: Dieses Tutorium erlaubt momentan keine Anmeldungen. UnauthorizedSubmissionOwner: Sie sind an dieser Abgabe nicht beteiligt. UnauthorizedSubmissionRated: Diese Abgabe ist noch nicht korrigiert. diff --git a/routes b/routes index 26fe33c4d..c98fd9131 100644 --- a/routes +++ b/routes @@ -39,94 +39,94 @@ /favicon.ico FaviconR GET !free /robots.txt RobotsR GET !free -/ HomeR GET !free -/users UsersR GET -- no tags, i.e. admins only -/users/#CryptoUUIDUser AdminUserR GET POST -/users/#CryptoUUIDUser/delete AdminUserDeleteR POST -/users/#CryptoUUIDUser/hijack AdminHijackUserR POST !adminANDno-escalation -/users/#CryptoUUIDUser/notifications UserNotificationR GET POST !self -/admin AdminR GET -/admin/features AdminFeaturesR GET POST -/admin/test AdminTestR GET POST -/admin/errMsg AdminErrMsgR GET POST +/ HomeR GET !free +/users UsersR GET -- no tags, i.e. admins only +/users/#CryptoUUIDUser AdminUserR GET POST +/users/#CryptoUUIDUser/delete AdminUserDeleteR POST +/users/#CryptoUUIDUser/hijack AdminHijackUserR POST !adminANDno-escalation +/users/#CryptoUUIDUser/notifications UserNotificationR GET POST !self +/admin AdminR GET +/admin/features AdminFeaturesR GET POST +/admin/test AdminTestR GET POST +/admin/errMsg AdminErrMsgR GET POST -/health HealthR GET !free -/instance InstanceR GET !free -/info InfoR GET !free -/info/lecturer InfoLecturerR GET !lecturer -/info/data DataProtR GET !free -/impressum ImpressumR GET !free -/version VersionR GET !free +/health HealthR GET !free +/instance InstanceR GET !free +/info InfoR GET !free +/info/lecturer InfoLecturerR GET !lecturer +/info/data DataProtR GET !free +/impressum ImpressumR GET !free +/version VersionR GET !free -/help HelpR GET POST !free +/help HelpR GET POST !free -/user ProfileR GET POST !free -/user/profile ProfileDataR GET !free -/user/authpreds AuthPredsR GET POST !free +/user ProfileR GET POST !free +/user/profile ProfileDataR GET !free +/user/authpreds AuthPredsR GET POST !free -/term TermShowR GET !free -/term/current TermCurrentR GET !free -/term/edit TermEditR GET POST -/term/#TermId/edit TermEditExistR GET POST -!/term/#TermId TermCourseListR GET !free -!/term/#TermId/#SchoolId TermSchoolCourseListR GET !free +/term TermShowR GET !free +/term/current TermCurrentR GET !free +/term/edit TermEditR GET POST +/term/#TermId/edit TermEditExistR GET POST +!/term/#TermId TermCourseListR GET !free +!/term/#TermId/#SchoolId TermSchoolCourseListR GET !free -/school SchoolListR GET !development -/school/#SchoolId SchoolShowR GET !development +/school SchoolListR GET !development +/school/#SchoolId SchoolShowR GET !development -- For Pattern Synonyms see Foundation -/course/ CourseListR GET !free -!/course/new CourseNewR GET POST !lecturer -/course/#TermId/#SchoolId/#CourseShorthand CourseR !lecturer: - / CShowR GET !free - /register CRegisterR GET POST !timeANDcapacity - /edit CEditR GET POST - /lecturer-invite/#UserEmail CLecInviteR GET POST - /delete CDeleteR GET POST !lecturerANDempty - /users CUsersR GET POST - /users/#CryptoUUIDUser CUserR GET POST !lecturerANDparticipant - /correctors CHiWisR GET - /communication CCommR GET POST - /notes CNotesR GET POST !corrector - /subs CCorrectionsR GET POST - /ex SheetListR GET !course-registered !materials !corrector - /ex/new SheetNewR GET POST - /ex/current SheetCurrentR GET !course-registered !materials !corrector - /ex/unassigned SheetOldUnassigned GET +/course/ CourseListR GET !free +!/course/new CourseNewR GET POST !lecturer +/course/#TermId/#SchoolId/#CourseShorthand CourseR !lecturer: + / CShowR GET !free + /register CRegisterR GET POST !timeANDcapacity + /edit CEditR GET POST + /lecturer-invite/#UserEmail CLecInviteR GET POST + /delete CDeleteR GET POST !lecturerANDempty + /users CUsersR GET POST + /users/#CryptoUUIDUser CUserR GET POST !lecturerANDparticipant + /correctors CHiWisR GET + /communication CCommR GET POST + /notes CNotesR GET POST !corrector + /subs CCorrectionsR GET POST + /ex SheetListR GET !course-registered !materials !corrector + /ex/new SheetNewR GET POST + /ex/current SheetCurrentR GET !course-registered !materials !corrector + /ex/unassigned SheetOldUnassigned GET /ex/#SheetName SheetR: - /show SShowR GET !timeANDcourse-registered !timeANDmaterials !corrector - /edit SEditR GET POST - /delete SDelR GET POST - /subs SSubsR GET POST -- for lecturer only - !/subs/new SubmissionNewR GET POST !timeANDcourse-registeredANDuser-submissions - !/subs/own SubmissionOwnR GET !free -- just redirect + /show SShowR GET !timeANDcourse-registered !timeANDmaterials !corrector + /edit SEditR GET POST + /delete SDelR GET POST + /subs SSubsR GET POST -- for lecturer only + !/subs/new SubmissionNewR GET POST !timeANDcourse-registeredANDuser-submissions + !/subs/own SubmissionOwnR GET !free -- just redirect /subs/#CryptoFileNameSubmission SubmissionR: - / SubShowR GET POST !ownerANDtime !ownerANDread !correctorANDread - /archive/#{ZIPArchiveName SubmissionFileType} SubArchiveR GET !owner !corrector - /delete SubDelR GET POST !ownerANDtime - /assign SAssignR GET POST !lecturerANDtime - /correction CorrectionR GET POST !corrector !ownerANDreadANDrated - !/#SubmissionFileType/*FilePath SubDownloadR GET !owner !corrector - /correctors SCorrR GET POST - /pseudonym SPseudonymR GET POST !course-registeredANDcorrector-submissions - /corrector-invite/#UserEmail SCorrInviteR GET POST - !/#SheetFileType/*FilePath SFileR GET !timeANDcourse-registered !timeANDmaterials !corrector - /file MaterialListR GET !timeANDcourse-registered !timeANDmaterials !corrector + / SubShowR GET POST !ownerANDtime !ownerANDread !correctorANDread + /archive/#{ZIPArchiveName SubmissionFileType} SubArchiveR GET !owner !corrector + /delete SubDelR GET POST !ownerANDtime + /assign SAssignR GET POST !lecturerANDtime + /correction CorrectionR GET POST !corrector !ownerANDreadANDrated + !/#SubmissionFileType/*FilePath SubDownloadR GET !owner !corrector + /correctors SCorrR GET POST + /pseudonym SPseudonymR GET POST !course-registeredANDcorrector-submissions + /corrector-invite/#UserEmail SCorrInviteR GET POST + !/#SheetFileType/*FilePath SFileR GET !timeANDcourse-registered !timeANDmaterials !corrector + /file MaterialListR GET !course-registered !materials !corrector !tutor /file/new MaterialNewR GET POST /file/#MaterialName MaterialR: - /edit MEditR GET POST - /delete MDelR GET POST - /show MShowR GET !timeANDcourse-registered !timeANDmaterials !corrector - /part/*FilePath MFileR GET !timeANDcourse-registered !timeANDmaterials !corrector - /tuts CTutorialListR GET !tutor + /edit MEditR GET POST + /delete MDelR GET POST + /show MShowR GET !timeANDcourse-registered !timeANDmaterials !corrector !tutor + /load/*FilePath MFileR GET !timeANDcourse-registered !timeANDmaterials !corrector !tutor + /tuts CTutorialListR GET !tutor /tuts/new CTutorialNewR GET POST /tuts/#TutorialName TutorialR: - /edit TEditR GET POST - /delete TDeleteR GET POST - /participants TUsersR GET POST !tutor - /register TRegisterR POST !timeANDcapacityANDcourse-registeredANDregister-group !timeANDtutorial-registered - /communication TCommR GET POST !tutor + /edit TEditR GET POST + /delete TDeleteR GET POST + /participants TUsersR GET POST !tutor + /register TRegisterR POST !timeANDcapacityANDcourse-registeredANDregister-group !timeANDtutorial-registered + /communication TCommR GET POST !tutor /subs CorrectionsR GET POST !corrector !lecturer diff --git a/src/Foundation.hs b/src/Foundation.hs index 71eb9835a..3376ef527 100644 --- a/src/Foundation.hs +++ b/src/Foundation.hs @@ -638,9 +638,9 @@ tagAccessPredicate AuthTime = APDB $ \mAuthId route _ -> case route of -> return Authorized | otherwise -> mzero - + CSheetR tid ssh csh shn subRoute -> maybeT (unauthorizedI MsgUnauthorizedSheetTime) $ do - Entity cid _ <- MaybeT . getBy $ TermSchoolCourseShort tid ssh csh + cid <- MaybeT . getKeyBy $ TermSchoolCourseShort tid ssh csh Entity _sid Sheet{..} <- MaybeT . getBy $ CourseSheet cid shn cTime <- liftIO getCurrentTime let @@ -662,6 +662,14 @@ tagAccessPredicate AuthTime = APDB $ \mAuthId route _ -> case route of return Authorized + CourseR tid ssh csh (MaterialR mnm _) -> maybeT (unauthorizedI MsgUnauthorizedMaterialTime) $ do + cid <- MaybeT . getKeyBy $ TermSchoolCourseShort tid ssh csh + Entity _mid Material{materialVisibleFrom} <- MaybeT . getBy $ UniqueMaterial cid mnm + cTime <- liftIO getCurrentTime + let visible = NTop materialVisibleFrom <= NTop (Just cTime) + guard visible + reutrn Authorized + CourseR tid ssh csh CRegisterR -> do now <- liftIO getCurrentTime mbc <- getBy $ TermSchoolCourseShort tid ssh csh