diff --git a/routes b/routes index dfbc06ace..16c16692e 100644 --- a/routes +++ b/routes @@ -88,7 +88,7 @@ /users/#CryptoUUIDUser CUserR GET POST !lecturerANDparticipant /correctors CHiWisR GET /communication CCommR GET POST - /notes CNotesR GET POST !corrector -- THIS route is used to check for overall course corrector access! + /notes CNotesR GET POST !corrector !tutor -- THIS route is used to check for overall course corrector access! /subs CCorrectionsR GET POST /ex SheetListR GET !course-registered !materials !corrector /ex/new SheetNewR GET POST diff --git a/src/Handler/Tutorial.hs b/src/Handler/Tutorial.hs index 47d71ec86..b5743fb2c 100644 --- a/src/Handler/Tutorial.hs +++ b/src/Handler/Tutorial.hs @@ -197,8 +197,14 @@ postTCommR tid ssh csh tutn = do ) ] , crRecipientAuth = Just $ \uid -> do - cID <- encrypt uid - evalAccessDB (CourseR tid ssh csh $ CUserR cID) False + [E.Value isTutorialUser] <- E.select . return . E.exists . E.from $ \tutorialUser -> + E.where_ $ tutorialUser E.^. TutorialParticipantUser E.==. E.val uid + E.&&. tutorialUser E.^. TutorialParticipantTutorial E.==. E.val tutid + + isAssociated <- evalAccessForDB (Just uid) (CourseR tid ssh csh CNotesR) False + return $ if + | isTutorialUser -> Authorized + | otherwise -> isAssociated } diff --git a/src/Handler/Utils/Communication.hs b/src/Handler/Utils/Communication.hs index 31a8cbb89..d56dc8fd1 100644 --- a/src/Handler/Utils/Communication.hs +++ b/src/Handler/Utils/Communication.hs @@ -75,7 +75,7 @@ instance RenderMessage UniWorX RecipientCategory where data CommunicationRoute = CommunicationRoute { crRecipients :: Map RecipientGroup (E.SqlQuery (E.SqlExpr (Entity User))) - , crRecipientAuth :: Maybe (UserId -> DB AuthResult) + , crRecipientAuth :: Maybe (UserId -> DB AuthResult) -- ^ Only resolve userids given as GET-Parameter if they fulfil this criterion , crJobs :: Communication -> Source (YesodDB UniWorX) Job , crHeading :: SomeMessage UniWorX , crUltDest :: SomeRoute UniWorX