rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-19 04:19:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: collections bugs

Browse source
This commit is contained in:
swve 2024-06-15 14:59:11 +01:00
parent 9c1fb565af
commit 46e09f27c2
2 changed files with 20 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

1
apps/api/src/security/rbac/rbac.py
View file

@ -34,7 +34,6 @@ async def authorization_verify_if_element_is_public(
) )
if element_nature == "collections" and action == "read": if element_nature == "collections" and action == "read":
statement = select(Collection).where( statement = select(Collection).where(
Collection.public == True, Collection.collection_uuid == element_uuid Collection.public == True, Collection.collection_uuid == element_uuid
) )

12
apps/api/src/services/courses/collections.py
View file

@ -28,7 +28,7 @@ from fastapi import HTTPException, status, Request
async def get_collection( async def get_collection(
request: Request, request: Request,
collection_uuid: str, collection_uuid: str,
current_user: PublicUser, current_user: PublicUser | AnonymousUser,
db_session: Session, db_session: Session,
) -> CollectionRead: ) -> CollectionRead:
statement = select(Collection).where(Collection.collection_uuid == collection_uuid) statement = select(Collection).where(Collection.collection_uuid == collection_uuid)
@ -48,6 +48,7 @@ async def get_collection(
statement_all = ( statement_all = (
select(Course) select(Course)
.join(CollectionCourse, Course.id == CollectionCourse.course_id) .join(CollectionCourse, Course.id == CollectionCourse.course_id)
.where(CollectionCourse.org_id == collection.org_id)
.distinct(Course.id) .distinct(Course.id)
) )
@ -57,7 +58,7 @@ async def get_collection(
.where(CollectionCourse.org_id == collection.org_id, Course.public == True) .where(CollectionCourse.org_id == collection.org_id, Course.public == True)
) )
if current_user.id == 0: if current_user.user_uuid == "user_anonymous":
statement = statement_public statement = statement_public
else: else:
statement = statement_all statement = statement_all
@ -88,7 +89,6 @@ async def create_collection(
# Add collection to database # Add collection to database
db_session.add(collection) db_session.add(collection)
db_session.commit() db_session.commit()
db_session.refresh(collection) db_session.refresh(collection)
# Link courses to collection # Link courses to collection
@ -184,6 +184,7 @@ async def update_collection(
statement = ( statement = (
select(Course) select(Course)
.join(CollectionCourse, Course.id == CollectionCourse.course_id) .join(CollectionCourse, Course.id == CollectionCourse.course_id)
.where(Course.org_id == collection.org_id)
.distinct(Course.id) .distinct(Course.id)
) )
@ -255,6 +256,7 @@ async def get_collections(
statement_all = ( statement_all = (
select(Course) select(Course)
.join(CollectionCourse, Course.id == CollectionCourse.course_id) .join(CollectionCourse, Course.id == CollectionCourse.course_id)
.where(CollectionCourse.org_id == collection.org_id)
.distinct(Course.id) .distinct(Course.id)
) )
statement_public = ( statement_public = (
@ -297,9 +299,11 @@ async def rbac_check(
detail="User rights : You are not allowed to read this collection", detail="User rights : You are not allowed to read this collection",
) )
else: else:
res = await authorization_verify_based_on_roles_and_authorship_and_usergroups( res = (
await authorization_verify_based_on_roles_and_authorship_and_usergroups(
request, current_user.id, action, collection_uuid, db_session request, current_user.id, action, collection_uuid, db_session
) )
)
return res return res
else: else:
await authorization_verify_if_user_is_anon(current_user.id) await authorization_verify_if_user_is_anon(current_user.id)