From 1c41a4991a870186d8f48a11207aee6da20c7248 Mon Sep 17 00:00:00 2001
From: Steffen Jost <jost@tcs.ifi.lmu.de>
Date: Wed, 22 Feb 2023 16:54:41 +0100
Subject: [PATCH] chore(qualification): allow admins to see all qualifications

---
 src/Handler/Qualification.hs | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/Handler/Qualification.hs b/src/Handler/Qualification.hs
index 14ae74515..5dcd6fe1a 100644
--- a/src/Handler/Qualification.hs
+++ b/src/Handler/Qualification.hs
@@ -269,12 +269,13 @@ mkQualificationTable ::
               ( Functor h, ToSortable h
               , AsCornice h p QualificationTableData (DBCell (MForm Handler) (FormResult (First QualificationTableActionData, DBFormResult UserId Bool                                        QualificationTableData))) cols
               )
-           => Entity Qualification
+           => Bool
+           -> Entity Qualification
            -> Map QualificationTableAction (AForm Handler QualificationTableActionData)           
            -> cols
            -> PSValidator (MForm Handler) (FormResult (First QualificationTableActionData, DBFormResult UserId Bool QualificationTableData))
            -> DB (FormResult (QualificationTableActionData, Set UserId), Widget)
-mkQualificationTable (Entity qid quali) acts cols psValidator = do
+mkQualificationTable isAdmin (Entity qid quali) acts cols psValidator = do
   svs <- getSupervisees
   now <- liftIO getCurrentTime
   currentRoute <- fromMaybe (error "mkQualificationTable called from 404-handler") <$> liftHandler getCurrentRoute
@@ -284,7 +285,7 @@ mkQualificationTable (Entity qid quali) acts cols psValidator = do
     csvName = T.replace " " "-" $ CI.original (quali ^. _qualificationName)
     dbtIdent :: Text
     dbtIdent = "qualification"
-    fltrSvs = \quser -> quser E.^. QualificationUserUser `Ex.in_` E.vals svs
+    fltrSvs = if isAdmin then const E.true else \quser -> quser E.^. QualificationUserUser `Ex.in_` E.vals svs
     dbtSQLQuery q = qualificationTableQuery qid fltrSvs q
     dbtRowKey = queryUser >>> (E.^. UserId)
     dbtProj = dbtProjFilteredPostId
@@ -379,6 +380,7 @@ getQualificationR,  postQualificationR :: SchoolId -> QualificationShorthand ->
 getQualificationR = postQualificationR
 postQualificationR sid qsh = do
   currentRoute <- fromMaybe (error "correctionsR called from 404-handler") <$> getCurrentRoute -- This should never be called from a 404 handler
+  isAdmin <- hasReadAccessTo AdminR
   ((lmsRes, qualificationTable), Entity qid quali) <- runDB $ do
     qent@Entity{entityVal=Qualification{qualificationAuditDuration=auditMonths}} <- getBy404 $ SchoolQualificationShort sid qsh
     let acts :: Map QualificationTableAction (AForm Handler QualificationTableActionData)
@@ -403,10 +405,9 @@ postQualificationR sid qsh = do
                                                                                        $ \(preview $ resultLmsUser . _entityVal -> lu) -> foldMap lmsStatusPlusCell lu
           ]
         psValidator = def
-    tbl <- mkQualificationTable qent acts colChoices psValidator
+    tbl <- mkQualificationTable isAdmin qent acts colChoices psValidator
     return (tbl, qent)
-
-  isAdmin <- hasReadAccessTo AdminR
+  
   formResult lmsRes $ \case
     _ | not isAdmin -> addMessageI Error MsgUnauthorized -- only admins can use the form on this page for now
     (action, selectedUsers) | isExpiryAct action -> do