From 02c65af0343c3f4cfd1900a6be008ac2a42673f8 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Tue, 20 Sep 2022 11:31:25 +0200 Subject: [PATCH] Update scope query for new teacher definition --- app/controllers/internal_users_controller.rb | 2 +- app/policies/exercise_policy.rb | 15 ++++++++------- app/policies/proxy_exercise_policy.rb | 9 ++++++++- app/policies/study_group_policy.rb | 2 +- 4 files changed, 18 insertions(+), 10 deletions(-) diff --git a/app/controllers/internal_users_controller.rb b/app/controllers/internal_users_controller.rb index 0caa8091..3b5c568f 100644 --- a/app/controllers/internal_users_controller.rb +++ b/app/controllers/internal_users_controller.rb @@ -68,7 +68,7 @@ class InternalUsersController < ApplicationController def index @search = InternalUser.ransack(params[:q], {auth_object: current_user}) - @users = @search.result.includes(:consumer).order(:name).paginate(page: params[:page], per_page: per_page_param) + @users = @search.result.in_study_group_of(current_user).includes(:consumer).order(:name).paginate(page: params[:page], per_page: per_page_param) authorize! end diff --git a/app/policies/exercise_policy.rb b/app/policies/exercise_policy.rb index 0452ce94..42bcf48c 100644 --- a/app/policies/exercise_policy.rb +++ b/app/policies/exercise_policy.rb @@ -46,13 +46,14 @@ class ExercisePolicy < AdminOrAuthorPolicy if @user.admin? @scope.all elsif @user.teacher? - @scope.where( - 'exercises.user_id IN (SELECT user_id FROM study_group_memberships WHERE study_group_id IN (?)) - OR (exercises.user_id = ? AND exercises.user_type = ?) - OR public = TRUE', - @user.study_groups.pluck(:id), - @user.id, @user.class.name - ) + @scope.distinct + .joins('LEFT OUTER JOIN study_group_memberships ON exercises.user_type = study_group_memberships.user_type AND exercises.user_id = study_group_memberships.user_id') + # The exercise's author is a teacher in the study group + .where(study_group_memberships: {role: StudyGroupMembership.roles[:teacher]}) + # The current user is a teacher in the *same* study group + .where(study_group_memberships: {study_group_id: @user.study_group_memberships.where(role: :teacher).select(:study_group_id)}) + .or(@scope.distinct.where(user: @user)) + .or(@scope.distinct.where(public: true)) else @scope.none end diff --git a/app/policies/proxy_exercise_policy.rb b/app/policies/proxy_exercise_policy.rb index 20c2e548..a0b3a798 100644 --- a/app/policies/proxy_exercise_policy.rb +++ b/app/policies/proxy_exercise_policy.rb @@ -18,7 +18,14 @@ class ProxyExercisePolicy < AdminOrAuthorPolicy if @user.admin? @scope.all elsif @user.teacher? - @scope.where('user_id = ? OR public = TRUE', @user.id) + @scope.distinct + .joins('LEFT OUTER JOIN study_group_memberships ON proxy_exercises.user_type = study_group_memberships.user_type AND proxy_exercises.user_id = study_group_memberships.user_id') + # The proxy_exercise's author is a teacher in the study group + .where(study_group_memberships: {role: StudyGroupMembership.roles[:teacher]}) + # The current user is a teacher in the *same* study group + .where(study_group_memberships: {study_group_id: @user.study_group_memberships.where(role: :teacher).select(:study_group_id)}) + .or(@scope.distinct.where(user: @user)) + .or(@scope.distinct.where(public: true)) else @scope.none end diff --git a/app/policies/study_group_policy.rb b/app/policies/study_group_policy.rb index 53a3f356..f3fe5295 100644 --- a/app/policies/study_group_policy.rb +++ b/app/policies/study_group_policy.rb @@ -21,7 +21,7 @@ class StudyGroupPolicy < AdminOnlyPolicy if @user.admin? @scope.all elsif @user.teacher? - @scope.joins(:study_group_memberships).where('user_id = ? AND user_type = ?', @user.id, @user.class.name) + @scope.joins(:study_group_memberships).where(study_group_memberships: {user: @user, role: StudyGroupMembership.roles[:teacher]}) else @scope.none end