rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-19 04:19:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: implement contributor editing for activities

Browse source
This commit is contained in:
swve 2025-03-22 16:51:00 +01:00
parent 95c3550c42
commit b6059f8d5c
8 changed files with 164 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

11
apps/api/src/security/rbac/rbac.py
View file

@ -4,7 +4,7 @@ from sqlalchemy import null
from sqlmodel import Session, select
from src.db.collections import Collection
from src.db.courses.courses import Course
from src.db.resource_authors import ResourceAuthor, ResourceAuthorshipEnum
from src.db.resource_authors import ResourceAuthor, ResourceAuthorshipEnum, ResourceAuthorshipStatusEnum
from src.db.roles import Role
from src.db.user_organizations import UserOrganization
from src.security.rbac.utils import check_element_type
@ -68,11 +68,10 @@ async def authorization_verify_if_user_is_author(
if resource_author:
if resource_author.user_id == int(user_id):
if (resource_author.authorship == ResourceAuthorshipEnum.CREATOR) or (
resource_author.authorship == ResourceAuthorshipEnum.MAINTAINER
) or (
resource_author.authorship == ResourceAuthorshipEnum.CONTRIBUTOR
):
if ((resource_author.authorship == ResourceAuthorshipEnum.CREATOR) or
(resource_author.authorship == ResourceAuthorshipEnum.MAINTAINER) or
(resource_author.authorship == ResourceAuthorshipEnum.CONTRIBUTOR)) and \
resource_author.authorship_status == ResourceAuthorshipStatusEnum.ACTIVE:
return True
else:
return False

57
apps/api/src/services/courses/activities/activities.py
View file

@ -40,7 +40,16 @@ async def create_activity(
)
# RBAC check
await rbac_check(request, chapter.chapter_uuid, current_user, "create", db_session)
statement = select(Course).where(Course.id == chapter.course_id)
course = db_session.exec(statement).first()
if not course:
raise HTTPException(
status_code=404,
detail="Course not found",
)
await rbac_check(request, course.course_uuid, current_user, "create", db_session)
# Create Activity
activity = Activity(**activity_object.model_dump())
@ -169,9 +178,16 @@ async def update_activity(
)
# RBAC check
await rbac_check(
request, activity.activity_uuid, current_user, "update", db_session
)
statement = select(Course).where(Course.id == activity.course_id)
course = db_session.exec(statement).first()
if not course:
raise HTTPException(
status_code=404,
detail="Course not found",
)
await rbac_check(request, course.course_uuid, current_user, "update", db_session)
# Update only the fields that were passed in
for var, value in vars(activity_object).items():
@ -203,9 +219,16 @@ async def delete_activity(
)
# RBAC check
await rbac_check(
request, activity.activity_uuid, current_user, "delete", db_session
)
statement = select(Course).where(Course.id == activity.course_id)
course = db_session.exec(statement).first()
if not course:
raise HTTPException(
status_code=404,
detail="Course not found",
)
await rbac_check(request, course.course_uuid, current_user, "delete", db_session)
# Delete activity from chapter
statement = select(ChapterActivity).where(
@ -249,7 +272,25 @@ async def get_activities(
)
# RBAC check
await rbac_check(request, "activity_x", current_user, "read", db_session)
statement = select(Chapter).where(Chapter.id == coursechapter_id)
chapter = db_session.exec(statement).first()
if not chapter:
raise HTTPException(
status_code=404,
detail="Chapter not found",
)
statement = select(Course).where(Course.id == chapter.course_id)
course = db_session.exec(statement).first()
if not course:
raise HTTPException(
status_code=404,
detail="Course not found",
)
await rbac_check(request, course.course_uuid, current_user, "read", db_session)
activities = [ActivityRead.model_validate(activity) for activity in activities]