htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated teacher_in_study_group? method to check for common teacher role

Browse Source
This commit is contained in:
Sebastian Serth
2022-09-20 16:25:35 +02:00
committed by Sebastian Serth
parent 936c11e31f
commit 964048927a
2 changed files with 33 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
app/policies/application_policy.rb
View File

@ -27,30 +27,23 @@ class ApplicationPolicy
end end
private :no_one private :no_one
def everyone_in_study_group def teacher_in_study_group?
# !! Order is important !! # !! Order is important !!
if @record.respond_to? :study_group # e.g. submission if @record.respond_to? :study_group # e.g. submission
study_group = @record.study_group study_groups = @record.study_group
return false if study_group.blank?
study_groups = [study_group]
elsif @record.respond_to? :user # e.g. exercise elsif @record.respond_to? :user # e.g. exercise
# ToDo: Add role to study_group_membership and use for check study_groups = @record.author.study_groups.where(study_group_memberships: {role: :teacher})
study_groups = @record.user.study_groups
elsif @record.respond_to? :users # e.g. study_group elsif @record.respond_to? :users # e.g. study_group
study_groups = [@record] study_groups = @record
elsif @record.respond_to? :study_groups # e.g. user elsif @record.respond_to? :study_groups # e.g. user
# Access is granted regardless of the `@record`'s role in the study group
study_groups = @record.study_groups study_groups = @record.study_groups
else else
return false return false
end end
@user.study_groups.any? {|i| study_groups.include?(i) } # Instance variable `study_groups` can be one group or an array of group
end @user.study_groups.where(study_group_memberships: {role: :teacher}).where(id: study_groups).any?
private :everyone_in_study_group
def teacher_in_study_group?
teacher? && everyone_in_study_group
end end
private :teacher_in_study_group? private :teacher_in_study_group?

28
spec/policies/exercise_policy_spec.rb
View File

@ -105,8 +105,32 @@ describe ExercisePolicy do
end end
permissions :show? do permissions :show? do
it 'not grants access to external users' do let(:teacher) { create(:teacher) }
expect(policy).not_to permit(build(:external_user), exercise) let(:exercise_not_public) { build(:dummy, public: false) }
it 'does not grant access to external users' do
expect(policy).not_to permit(build(:external_user), exercise_not_public)
end
context 'when a teacher is not a member in the same study group as the exercise author' do
it 'not grants access to the user' do
expect(policy).not_to permit(teacher, exercise_not_public)
end
end
context "when a teacher is only a member of type 'learner' in the same study group as the exercise author" do
it 'not grants access to the user' do
exercise_not_public.author.study_groups << teacher.study_groups.first
expect(policy).not_to permit(teacher, exercise_not_public)
end
end
context 'when a teacher and the exercise author are teaching team members of the same study group' do
it 'grants access to the user' do
exercise_not_public.author.study_groups << teacher.study_groups.first
exercise_not_public.author.study_group_memberships.last.update(role: 'teacher')
expect(policy).to permit(teacher, exercise_not_public)
end
end end
end end