2019-10-29 12:58:37 +01:00
|
|
|
import json
|
2018-11-03 23:40:20 +01:00
|
|
|
from typing import Any, Dict, List
|
2017-09-04 00:25:45 +02:00
|
|
|
|
2019-10-29 12:58:37 +01:00
|
|
|
from ..poll.access_permissions import BaseVoteAccessPermissions
|
|
|
|
|
from ..poll.views import BasePoll
|
2018-08-22 22:00:08 +02:00
|
|
|
from ..utils.access_permissions import BaseAccessPermissions
|
2018-11-05 09:04:41 +01:00
|
|
|
from ..utils.auth import async_has_perm
|
2016-02-11 22:58:32 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class AssignmentAccessPermissions(BaseAccessPermissions):
|
|
|
|
|
"""
|
|
|
|
|
Access permissions container for Assignment and AssignmentViewSet.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
|
|
|
|
|
base_permission = "assignments.can_see"
|
2016-02-11 11:29:19 +01:00
|
|
|
|
2018-11-01 17:30:18 +01:00
|
|
|
async def get_restricted_data(
|
2019-01-06 16:22:33 +01:00
|
|
|
self, full_data: List[Dict[str, Any]], user_id: int
|
|
|
|
|
) -> List[Dict[str, Any]]:
|
2016-03-02 00:46:19 +01:00
|
|
|
"""
|
|
|
|
|
Returns the restricted serialized data for the instance prepared
|
2016-07-29 23:33:47 +02:00
|
|
|
for the user. Removes unpublished polls for non admins so that they
|
2016-03-02 00:46:19 +01:00
|
|
|
only get a result like the AssignmentShortSerializer would give them.
|
|
|
|
|
"""
|
2017-05-01 23:12:42 +02:00
|
|
|
# Parse data.
|
2019-01-06 16:22:33 +01:00
|
|
|
if await async_has_perm(
|
|
|
|
|
user_id, "assignments.can_see"
|
|
|
|
|
) and await async_has_perm(user_id, "assignments.can_manage"):
|
2016-03-02 00:46:19 +01:00
|
|
|
data = full_data
|
2019-01-06 16:22:33 +01:00
|
|
|
elif await async_has_perm(user_id, "assignments.can_see"):
|
2018-04-18 09:24:54 +02:00
|
|
|
# Exclude unpublished poll votes.
|
2017-05-01 23:12:42 +02:00
|
|
|
data = []
|
|
|
|
|
for full in full_data:
|
|
|
|
|
full_copy = full.copy()
|
2019-01-06 16:22:33 +01:00
|
|
|
polls = full_copy["polls"]
|
2018-04-18 09:24:54 +02:00
|
|
|
for poll in polls:
|
2019-01-06 16:22:33 +01:00
|
|
|
if not poll["published"]:
|
|
|
|
|
for option in poll["options"]:
|
|
|
|
|
option["votes"] = [] # clear votes for not published polls
|
|
|
|
|
poll[
|
|
|
|
|
"has_votes"
|
|
|
|
|
] = False # A user should see, if there are votes.
|
2017-05-01 23:12:42 +02:00
|
|
|
data.append(full_copy)
|
2016-09-17 22:26:23 +02:00
|
|
|
else:
|
2017-05-01 23:12:42 +02:00
|
|
|
data = []
|
|
|
|
|
|
2017-09-04 00:25:45 +02:00
|
|
|
return data
|
2019-10-18 14:18:49 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class AssignmentPollAccessPermissions(BaseAccessPermissions):
|
|
|
|
|
base_permission = "assignments.can_see"
|
|
|
|
|
|
|
|
|
|
async def get_restricted_data(
|
|
|
|
|
self, full_data: List[Dict[str, Any]], user_id: int
|
|
|
|
|
) -> List[Dict[str, Any]]:
|
2019-10-29 12:58:37 +01:00
|
|
|
"""
|
|
|
|
|
Poll-managers have full access, even during an active poll.
|
|
|
|
|
Non-published polls will be restricted:
|
|
|
|
|
- Remove votes* values from the poll
|
|
|
|
|
- Remove yes/no/abstain fields from options
|
|
|
|
|
- Remove voted_id field from the poll
|
|
|
|
|
"""
|
2019-10-29 09:00:11 +01:00
|
|
|
|
2019-10-29 12:58:37 +01:00
|
|
|
if await async_has_perm(user_id, "assignments.can_manage_polls"):
|
|
|
|
|
data = full_data
|
|
|
|
|
else:
|
|
|
|
|
data = []
|
|
|
|
|
for poll in full_data:
|
|
|
|
|
if poll["state"] != BasePoll.STATE_PUBLISHED:
|
|
|
|
|
poll = json.loads(
|
|
|
|
|
json.dumps(poll)
|
|
|
|
|
) # copy, so we can remove some fields.
|
|
|
|
|
del poll["votesvalid"]
|
|
|
|
|
del poll["votesinvalid"]
|
|
|
|
|
del poll["votescast"]
|
|
|
|
|
del poll["voted_id"]
|
|
|
|
|
for option in poll["options"]:
|
|
|
|
|
del option["yes"]
|
|
|
|
|
del option["no"]
|
|
|
|
|
del option["abstain"]
|
|
|
|
|
data.append(poll)
|
|
|
|
|
return data
|
2019-10-29 09:00:11 +01:00
|
|
|
|
|
|
|
|
|
2019-10-29 12:58:37 +01:00
|
|
|
class AssignmentVoteAccessPermissions(BaseVoteAccessPermissions):
|
|
|
|
|
base_permission = "assignments.can_see"
|
|
|
|
|
manage_permission = "assignments.can_manage"
|
