From d6c082f8e79a9d1a8cb3315d97b6728344dd4838 Mon Sep 17 00:00:00 2001 From: swve Date: Thu, 8 Feb 2024 20:45:48 +0100 Subject: [PATCH] fix: Activities not showing up when course is public --- .../services/courses/activities/activities.py | 14 +++++++++-- apps/api/src/services/courses/chapters.py | 24 ++++++++++++++----- 2 files changed, 30 insertions(+), 8 deletions(-) diff --git a/apps/api/src/services/courses/activities/activities.py b/apps/api/src/services/courses/activities/activities.py index be002190..81f1f501 100644 --- a/apps/api/src/services/courses/activities/activities.py +++ b/apps/api/src/services/courses/activities/activities.py @@ -1,5 +1,6 @@ from typing import Literal from sqlmodel import Session, select +from src.db.courses import Course from src.db.chapters import Chapter from src.security.rbac.rbac import ( authorization_verify_based_on_roles_and_authorship, @@ -25,7 +26,6 @@ async def create_activity( current_user: PublicUser | AnonymousUser, db_session: Session, ): - # CHeck if org exists statement = select(Chapter).where(Chapter.id == activity_object.chapter_id) @@ -99,8 +99,18 @@ async def get_activity( detail="Activity not found", ) + # Get course from that activity + statement = select(Course).where(Course.id == activity.course_id) + course = db_session.exec(statement).first() + + if not course: + raise HTTPException( + status_code=404, + detail="Course not found", + ) + # RBAC check - await rbac_check(request, activity.activity_uuid, current_user, "read", db_session) + await rbac_check(request, course.course_uuid, current_user, "read", db_session) activity = ActivityRead.from_orm(activity) diff --git a/apps/api/src/services/courses/chapters.py b/apps/api/src/services/courses/chapters.py index 6879250f..1e5895b2 100644 --- a/apps/api/src/services/courses/chapters.py +++ b/apps/api/src/services/courses/chapters.py @@ -112,8 +112,17 @@ async def get_chapter( status_code=status.HTTP_409_CONFLICT, detail="Chapter does not exist" ) + # get COurse + statement = select(Course).where(Course.id == chapter.course_id) + course = db_session.exec(statement).first() + + if not course: + raise HTTPException( + status_code=status.HTTP_409_CONFLICT, detail="Course does not exist" + ) + # RBAC check - await rbac_check(request, chapter.chapter_uuid, current_user, "read", db_session) + await rbac_check(request, course.course_uuid, current_user, "read", db_session) # Get activities for this chapter statement = ( @@ -208,7 +217,7 @@ async def get_course_chapters( page: int = 1, limit: int = 10, ) -> List[ChapterRead]: - + statement = select(Course).where(Course.id == course_id) course = db_session.exec(statement).first() @@ -225,7 +234,7 @@ async def get_course_chapters( chapters = [ChapterRead(**chapter.dict(), activities=[]) for chapter in chapters] # RBAC check - await rbac_check(request, course.course_uuid, current_user, "read", db_session) # type: ignore + await rbac_check(request, course.course_uuid, current_user, "read", db_session) # type: ignore # Get activities for each chapter for chapter in chapters: @@ -473,12 +482,15 @@ async def reorder_chapters_and_activities( db_session.delete(chapter_activity) db_session.commit() - # If links do not exist, create them chapter_activity_map = {} for chapter_order in chapters_order.chapter_order_by_ids: for activity_order in chapter_order.activities_order_by_ids: - if activity_order.activity_id in chapter_activity_map and chapter_activity_map[activity_order.activity_id] != chapter_order.chapter_id: + if ( + activity_order.activity_id in chapter_activity_map + and chapter_activity_map[activity_order.activity_id] + != chapter_order.chapter_id + ): continue statement = ( @@ -547,7 +559,7 @@ async def rbac_check( res = await authorization_verify_if_element_is_public( request, course_uuid, action, db_session ) - print('res',res) + print("res", res) return res else: res = await authorization_verify_based_on_roles_and_authorship(