fraport/fradrive
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(supervisor): adding a supervisor auth tag WIP

Browse Source
This commit is contained in:
Steffen Jost 2022-10-07 17:49:38 +02:00
parent 61991aadc4
commit 1f8e76d68b
5 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
messages/uniworx/categories/settings/auth_settings/de-de-formal.msg
View File

@ -54,3 +54,4 @@ AuthTagSubmissionGroup: Nutzer:in ist Mitglied in registrierter Abgabegruppe
AuthTagWorkflow: Nutzer:in hat passende Workflow-Rolle
AuthTagStudent: Nutzer:in ist Student:in
AuthTagExamTime: Zeitliche Einschränkungen durch relevante Prüfung sind erfüllt
AuthTagSupervisor: Nutzer:in ist Ansprechpartner für jemand anderes

1
messages/uniworx/categories/settings/auth_settings/en-eu.msg
View File

@ -54,3 +54,4 @@ AuthTagSubmissionGroup: User is part of a submission group
AuthTagWorkflow: User has matching workflow role
AuthTagStudent: User is a student
AuthTagExamTime: Exam time restrictions are satisfied
AuthTagSupervisor: User is supervisor for someone else

18
routes
View File

@ -92,8 +92,8 @@
/user/lang LangR POST !free
/user/storage-key StorageKeyR POST !free
-- /user/for/#CryptoUUIDUser ForProfileR GET POST !supervisor
-- /user/profile/for/#CryptoUUIDUser ForProfuleDataR GET !supervisor
/user/for/#CryptoUUIDUser ForProfileR GET POST !supervisor
/user/profile/for/#CryptoUUIDUser ForProfuleDataR GET !supervisor
/exam-office ExamOfficeR !exam-office:
@ -278,14 +278,14 @@
/lms/#SchoolId/#QualificationShorthand LmsR GET POST !free -- TODO verify that this is ok
/lms/#SchoolId/#QualificationShorthand/edit LmsEditR GET POST
/lms/#SchoolId/#QualificationShorthand/users LmsUsersR GET
/lms/#SchoolId/#QualificationShorthand/users/direct LmsUsersDirectR GET
/lms/#SchoolId/#QualificationShorthand/users/direct LmsUsersDirectR GET !development
/lms/#SchoolId/#QualificationShorthand/userlist LmsUserlistR GET POST
/lms/#SchoolId/#QualificationShorthand/userlist/upload LmsUserlistUploadR GET POST
/lms/#SchoolId/#QualificationShorthand/userlist/direct LmsUserlistDirectR POST
/lms/#SchoolId/#QualificationShorthand/result LmsResultR GET POST
/lms/#SchoolId/#QualificationShorthand/result/upload LmsResultUploadR GET POST
/lms/#SchoolId/#QualificationShorthand/result/direct LmsResultDirectR POST
/lms/#SchoolId/#QualificationShorthand/fake LmsFakeR GET POST -- TODO: delete this testing URL
/lms/#SchoolId/#QualificationShorthand/userlist/upload LmsUserlistUploadR GET POST !development
/lms/#SchoolId/#QualificationShorthand/userlist/direct LmsUserlistDirectR POST !token
/lms/#SchoolId/#QualificationShorthand/result LmsResultR GET POST
/lms/#SchoolId/#QualificationShorthand/result/upload LmsResultUploadR GET POST !development
/lms/#SchoolId/#QualificationShorthand/result/direct LmsResultDirectR POST !token
/lms/#SchoolId/#QualificationShorthand/fake LmsFakeR GET POST !development -- TODO: delete this testing URL
/api ApiDocsR GET !free
/swagger SwaggerR GET !free

2
src/Handler/LMS.hs
View File

@ -363,7 +363,7 @@ mkLmsTable (Entity qid quali) acts restrict cols psValidator = do
pjob <- preview $ _dbtProjRow . resultPrintJob
forMM_ (view $ _dbtProjFilter . _ltProjFilterMayAccess) $ \b -> do
euid <- encrypt $ user ^. _entityKey
guardM . lift . lift . fmap (== b) . hasReadAccessTo . urlRoute $ AdminUserR euid -- TODO create a page with proper rights; this is only for admins!
guardM . lift . lift . fmap (== b) . hasReadAccessTo . urlRoute $ ForProfuleDataR euid -- TODO create a page with proper rights; this is only for admins!
return (qusr,user,lusr,pjob)
dbtColonnade = cols

1
src/Model/Types/Security.hs
View File

@ -115,6 +115,7 @@ data AuthTag -- sortiert nach gewünschter Reihenfolge auf /authpreds, d.h. Prä
| AuthToken
| AuthDeprecated
| AuthDevelopment
| AuthSupervisor
| AuthFree
deriving (Eq, Ord, Enum, Bounded, Read, Show, Data, Generic, Typeable)
deriving anyclass (Universe, Finite, Hashable, NFData)