From 7d3c5b11a593cf1d123c45551cde4d34a286f886 Mon Sep 17 00:00:00 2001
From: Sarah Vaupel <>
Date: Wed, 29 Jul 2020 16:01:15 +0200
Subject: [PATCH] chore(course-visibility): add active auth tags to all course
 utils

---
 src/Utils/Course.hs | 69 +++++++++++++++++++++++++++------------------
 1 file changed, 41 insertions(+), 28 deletions(-)

diff --git a/src/Utils/Course.hs b/src/Utils/Course.hs
index c2f012d1e..d7562d31f 100644
--- a/src/Utils/Course.hs
+++ b/src/Utils/Course.hs
@@ -6,6 +6,7 @@ module Utils.Course
   , courseIsVisible
   , courseIsVisible'
   , numCourseParticipants
+  , ActiveAuthTags(..)
   ) where
 
 import Import.NoFoundation
@@ -14,68 +15,80 @@ import qualified Database.Esqueleto as E
 import qualified Database.Esqueleto.Utils as E
 
 
+-- this is only a subset of auth tags (includes only the ones needed here)
+data ActiveAuthTags = ActiveAuthTags 
+  { aatAdmin, aatLecturer, aatTutor, aatCorrector, aatParticipant :: Bool 
+  }
+
 -- TODO switch from E.SqlExpr (Entity Course) to CourseId wherever possible
--- TODO also check auth predicated everywhere
+-- TODO also check auth predicates everywhere
 
 
-mayViewCourse :: Maybe UserId -> UTCTime -> E.SqlExpr (Entity Course) -> E.SqlExpr (E.Value Bool)
-mayViewCourse muid now course = 
-        mayEditCourse      muid course
-  E.||. isCourseAssociated muid course
-  E.||. courseIsVisible    now  course
+mayViewCourse :: Maybe UserId -> ActiveAuthTags -> UTCTime -> E.SqlExpr (Entity Course) -> E.SqlExpr (E.Value Bool)
+mayViewCourse muid aats now course = 
+        mayEditCourse      muid aats course
+  E.||. isCourseAssociated muid aats course
+  E.||. courseIsVisible    now       course
 
-mayEditCourse :: Maybe UserId -> E.SqlExpr (Entity Course) -> E.SqlExpr (E.Value Bool)
-mayEditCourse muid course = (E.exists . E.from $ \(user `E.InnerJoin` userFunction) -> do
+mayEditCourse :: Maybe UserId -> ActiveAuthTags -> E.SqlExpr (Entity Course) -> E.SqlExpr (E.Value Bool)
+mayEditCourse muid aats@ActiveAuthTags{..} course = (E.exists . E.from $ \(user `E.InnerJoin` userFunction) -> do
     E.on $ user E.^. UserId E.==. userFunction E.^. UserFunctionUser
     E.where_ $ E.just (user E.^. UserId) E.==. E.val muid
       E.&&. userFunction E.^. UserFunctionFunction E.==. E.val SchoolAdmin
       E.&&. userFunction E.^. UserFunctionSchool E.==. course E.^. CourseSchool
-  ) E.||. isCourseLecturer muid course
+      E.&&. E.val aatAdmin
+  ) E.||. isCourseLecturer muid aats course
 
-mayEditCourse' :: Maybe UserId -> Entity Course -> E.SqlExpr (E.Value Bool)
-mayEditCourse' muid (Entity cid Course{..}) = (E.exists . E.from $ \(user `E.InnerJoin` userFunction) -> do
+mayEditCourse' :: Maybe UserId -> ActiveAuthTags -> Entity Course -> E.SqlExpr (E.Value Bool)
+mayEditCourse' muid aats@ActiveAuthTags{..} (Entity cid Course{..}) = (E.exists . E.from $ \(user `E.InnerJoin` userFunction) -> do
     E.on $ user E.^. UserId E.==. userFunction E.^. UserFunctionUser
     E.where_ $ E.just (user E.^. UserId) E.==. E.val muid
       E.&&. userFunction E.^. UserFunctionFunction E.==. E.val SchoolAdmin
       E.&&. userFunction E.^. UserFunctionSchool E.==. E.val courseSchool
-  ) E.||. isCourseLecturer' muid cid
+      E.&&. E.val aatAdmin
+  ) E.||. isCourseLecturer' muid aats cid
 
-isCourseLecturer :: Maybe UserId -> E.SqlExpr (Entity Course) -> E.SqlExpr (E.Value Bool)
-isCourseLecturer muid course = E.exists . E.from $ \(user `E.InnerJoin` lecturer) -> do
+isCourseLecturer :: Maybe UserId -> ActiveAuthTags -> E.SqlExpr (Entity Course) -> E.SqlExpr (E.Value Bool)
+isCourseLecturer muid ActiveAuthTags{..} course = E.exists . E.from $ \(user `E.InnerJoin` lecturer) -> do
   E.on $ user E.^. UserId E.==. lecturer E.^. LecturerUser
   E.where_ $ E.just (user E.^. UserId) E.==. E.val muid
     E.&&. lecturer E.^. LecturerCourse E.==. course E.^. CourseId
+    E.&&. E.val aatLecturer
 
-isCourseLecturer' :: Maybe UserId -> CourseId -> E.SqlExpr (E.Value Bool)
-isCourseLecturer' muid cid = E.exists . E.from $ \(user `E.InnerJoin` lecturer) -> do
+isCourseLecturer' :: Maybe UserId -> ActiveAuthTags -> CourseId -> E.SqlExpr (E.Value Bool)
+isCourseLecturer' muid ActiveAuthTags{..} cid = E.exists . E.from $ \(user `E.InnerJoin` lecturer) -> do
   E.on $ user E.^. UserId E.==. lecturer E.^. LecturerUser
   E.where_ $ E.just (user E.^. UserId) E.==. E.val muid
     E.&&. lecturer E.^. LecturerCourse E.==. E.val cid
+    E.&&. E.val aatLecturer
 
-isCourseTutor :: Maybe UserId -> E.SqlExpr (Entity Course) -> E.SqlExpr (E.Value Bool)
-isCourseTutor muid course = E.exists . E.from $ \(tutor `E.InnerJoin` tutorial) -> do
+isCourseTutor :: Maybe UserId -> ActiveAuthTags -> E.SqlExpr (Entity Course) -> E.SqlExpr (E.Value Bool)
+isCourseTutor muid ActiveAuthTags{..} course = E.exists . E.from $ \(tutor `E.InnerJoin` tutorial) -> do
   E.on $ tutor E.^. TutorTutorial E.==. tutorial E.^. TutorialId
   E.where_ $ E.just (tutor E.^. TutorUser) E.==. E.val muid
     E.&&. tutorial E.^. TutorialCourse E.==. course E.^. CourseId
+    E.&&. E.val aatTutor
 
-isCourseCorrector :: Maybe UserId -> E.SqlExpr (Entity Course) -> E.SqlExpr (E.Value Bool)
-isCourseCorrector muid course = E.exists . E.from $ \(sheetCorrector `E.InnerJoin` sheet) -> do
+isCourseCorrector :: Maybe UserId -> ActiveAuthTags -> E.SqlExpr (Entity Course) -> E.SqlExpr (E.Value Bool)
+isCourseCorrector muid ActiveAuthTags{..} course = E.exists . E.from $ \(sheetCorrector `E.InnerJoin` sheet) -> do
   E.on $ sheetCorrector E.^. SheetCorrectorSheet E.==. sheet E.^. SheetId
   E.where_ $ E.just (sheetCorrector E.^. SheetCorrectorUser) E.==. E.val muid
     E.&&. sheet E.^. SheetCourse E.==. course E.^. CourseId
+    E.&&. E.val aatCorrector
 
-isCourseParticipant :: Maybe UserId -> E.SqlExpr (Entity Course) -> E.SqlExpr (E.Value Bool)
-isCourseParticipant muid course = E.exists . E.from $ \courseParticipant -> do
+isCourseParticipant :: Maybe UserId -> ActiveAuthTags -> E.SqlExpr (Entity Course) -> E.SqlExpr (E.Value Bool)
+isCourseParticipant muid ActiveAuthTags{..} course = E.exists . E.from $ \courseParticipant -> do
   E.where_ $ E.just (courseParticipant E.^. CourseParticipantUser) E.==. E.val muid
     E.&&. courseParticipant E.^. CourseParticipantCourse E.==. course E.^. CourseId
     E.&&. courseParticipant E.^. CourseParticipantState E.==. E.val CourseParticipantActive
+    E.&&. E.val aatParticipant
 
-isCourseAssociated :: Maybe UserId -> E.SqlExpr (Entity Course) -> E.SqlExpr (E.Value Bool)
-isCourseAssociated muid course = 
-        isCourseLecturer    muid course
-  E.||. isCourseTutor       muid course
-  E.||. isCourseCorrector   muid course
-  E.||. isCourseParticipant muid course
+isCourseAssociated :: Maybe UserId -> ActiveAuthTags -> E.SqlExpr (Entity Course) -> E.SqlExpr (E.Value Bool)
+isCourseAssociated muid aats course = 
+        isCourseLecturer    muid aats course
+  E.||. isCourseTutor       muid aats course
+  E.||. isCourseCorrector   muid aats course
+  E.||. isCourseParticipant muid aats course
 
 courseIsVisible :: UTCTime -> E.SqlExpr (Entity Course) -> E.SqlExpr (E.Value Bool)
 courseIsVisible now course =