htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated teacher_in_study_group? method to check for common teacher role

Browse Source
This commit is contained in:
Sebastian Serth
2022-09-20 16:25:35 +02:00
committed by Sebastian Serth
parent 936c11e31f
commit 964048927a
2 changed files with 33 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
app/policies/application_policy.rb
View File

@ -27,30 +27,23 @@ class ApplicationPolicy
end
private :no_one
def everyone_in_study_group
def teacher_in_study_group?
# !! Order is important !!
if @record.respond_to? :study_group # e.g. submission
study_group = @record.study_group
return false if study_group.blank?
study_groups = [study_group]
study_groups = @record.study_group
elsif @record.respond_to? :user # e.g. exercise
# ToDo: Add role to study_group_membership and use for check
study_groups = @record.user.study_groups
study_groups = @record.author.study_groups.where(study_group_memberships: {role: :teacher})
elsif @record.respond_to? :users # e.g. study_group
study_groups = [@record]
study_groups = @record
elsif @record.respond_to? :study_groups # e.g. user
# Access is granted regardless of the `@record`'s role in the study group
study_groups = @record.study_groups
else
return false
end
@user.study_groups.any? {|i| study_groups.include?(i) }
end
private :everyone_in_study_group
def teacher_in_study_group?
teacher? && everyone_in_study_group
# Instance variable `study_groups` can be one group or an array of group
@user.study_groups.where(study_group_memberships: {role: :teacher}).where(id: study_groups).any?
end
private :teacher_in_study_group?

28
spec/policies/exercise_policy_spec.rb
View File

@ -105,8 +105,32 @@ describe ExercisePolicy do
end
permissions :show? do
it 'not grants access to external users' do
expect(policy).not_to permit(build(:external_user), exercise)
let(:teacher) { create(:teacher) }
let(:exercise_not_public) { build(:dummy, public: false) }
it 'does not grant access to external users' do
expect(policy).not_to permit(build(:external_user), exercise_not_public)
end
context 'when a teacher is not a member in the same study group as the exercise author' do
it 'not grants access to the user' do
expect(policy).not_to permit(teacher, exercise_not_public)
end
end
context "when a teacher is only a member of type 'learner' in the same study group as the exercise author" do
it 'not grants access to the user' do
exercise_not_public.author.study_groups << teacher.study_groups.first
expect(policy).not_to permit(teacher, exercise_not_public)
end
end
context 'when a teacher and the exercise author are teaching team members of the same study group' do
it 'grants access to the user' do
exercise_not_public.author.study_groups << teacher.study_groups.first
exercise_not_public.author.study_group_memberships.last.update(role: 'teacher')
expect(policy).to permit(teacher, exercise_not_public)
end
end
end