fix(lms): filtering qualifications by supervisor works properly now

2022-11-25 17:14:52 +01:00 · 2022-11-25 17:14:52 +01:00 · 15f7a7576a
commit 15f7a7576a
parent 6f2e4e060c
3 changed files with 7 additions and 5 deletions
--- a/8
+++ b/8
@ -103,8 +103,8 @@
 /user/lang                 LangR                   POST         !free
 /user/storage-key          StorageKeyR             POST         !free

-/for/#CryptoUUIDUser/user         ForProfileR       GET POST    !supervisor
-/for/#CryptoUUIDUser/user/profile ForProfileDataR   GET         !supervisor
+/for/#CryptoUUIDUser/user         ForProfileR       GET POST    !supervisor !self
+/for/#CryptoUUIDUser/user/profile ForProfileDataR   GET         !supervisor !self


 /exam-office               ExamOfficeR                         !exam-office:
@ -280,8 +280,8 @@
 -- !/*{CI FilePath} CryptoFileNameDispatchR GET                  !free -- Disabled until preliminary check for valid cID exists

 -- for users
-/qualification                                          QualificationAllR             GET   !free -- TODO repurpose
-/qualification/#SchoolId                                QualificationSchoolR          GET   !free -- TODO repurpose
+/qualification                                          QualificationAllR             GET         -- TODO repurpose
+/qualification/#SchoolId                                QualificationSchoolR          GET         -- TODO repurpose
 /qualification/#SchoolId/#QualificationShorthand        QualificationR                GET         -- TODO repurpose

 -- SAP export
--- a/src/Foundation/Authorization.hs
+++ b/src/Foundation/Authorization.hs
@ -1665,6 +1665,8 @@ tagAccessPredicate AuthSelf = APDB $ \_ _ mAuthId route _ -> exceptT return retu
    UserNotificationR cID -> return $ Left cID
    UserPasswordR cID -> return $ Left cID
    CourseR _ _ _ (CUserR cID) -> return $ Left cID
+    ForProfileR     cID -> return $ Left cID
+    ForProfileDataR cID -> return $ Left cID
    CApplicationR _ _ _ cID _ -> do
      appId <- catchIfMExceptT (const $ unauthorizedI MsgUnauthorizedSelf) (const True :: CryptoIDError -> Bool) $ decrypt cID
      CourseApplication{..} <- maybeMExceptT (unauthorizedI MsgUnauthorizedSelf) . $cachedHereBinary appId $ get appId
--- a/src/Handler/LMS.hs
+++ b/src/Handler/LMS.hs
@ -560,7 +560,7 @@ postLmsR sid qsh = do
          where
            -- i18nLms :: (RenderMessage UniWorX msg, IsDBTable m a) => msg -> DBCell m a
            i18nLms msg = cell [whamlet|LMS #|] <> i18nCell msg
-        psValidator = def -- TODO: hier einen Filter für Schützlinge einbauen
+        psValidator = def & forceFilter "may-access" (Any True)
    tbl <- mkLmsTable qent acts (const E.true) colChoices psValidator
    return (tbl, qent)