Loosen tutorial-communication-recipient restrictions
This commit is contained in:
Gregor Kleen
parent
bf287a4a99
commit
801b92bccf
2
routes
2
routes
@ -88,7 +88,7 @@
|
||||
/users/#CryptoUUIDUser CUserR GET POST !lecturerANDparticipant
|
||||
/correctors CHiWisR GET
|
||||
/communication CCommR GET POST
|
||||
/notes CNotesR GET POST !corrector -- THIS route is used to check for overall course corrector access!
|
||||
/notes CNotesR GET POST !corrector !tutor -- THIS route is used to check for overall course corrector access!
|
||||
/subs CCorrectionsR GET POST
|
||||
/ex SheetListR GET !course-registered !materials !corrector
|
||||
/ex/new SheetNewR GET POST
|
||||
|
||||
@ -197,8 +197,14 @@ postTCommR tid ssh csh tutn = do
|
||||
)
|
||||
]
|
||||
, crRecipientAuth = Just $ \uid -> do
|
||||
cID <- encrypt uid
|
||||
evalAccessDB (CourseR tid ssh csh $ CUserR cID) False
|
||||
[E.Value isTutorialUser] <- E.select . return . E.exists . E.from $ \tutorialUser ->
|
||||
E.where_ $ tutorialUser E.^. TutorialParticipantUser E.==. E.val uid
|
||||
E.&&. tutorialUser E.^. TutorialParticipantTutorial E.==. E.val tutid
|
||||
|
||||
isAssociated <- evalAccessForDB (Just uid) (CourseR tid ssh csh CNotesR) False
|
||||
return $ if
|
||||
| isTutorialUser -> Authorized
|
||||
| otherwise -> isAssociated
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -75,7 +75,7 @@ instance RenderMessage UniWorX RecipientCategory where
|
||||
|
||||
data CommunicationRoute = CommunicationRoute
|
||||
{ crRecipients :: Map RecipientGroup (E.SqlQuery (E.SqlExpr (Entity User)))
|
||||
, crRecipientAuth :: Maybe (UserId -> DB AuthResult)
|
||||
, crRecipientAuth :: Maybe (UserId -> DB AuthResult) -- ^ Only resolve userids given as GET-Parameter if they fulfil this criterion
|
||||
, crJobs :: Communication -> Source (YesodDB UniWorX) Job
|
||||
, crHeading :: SomeMessage UniWorX
|
||||
, crUltDest :: SomeRoute UniWorX
|
||||
|
||||
Loading…
Reference in New Issue
Block a user