fix: Activities not showing up when course is public

2025-12-19 04:19:25 +00:00 · 2024-02-08 20:45:48 +01:00 · 2024-02-08 20:45:48 +01:00 · d6c082f8e7
commit d6c082f8e7
parent 19111abf82
2 changed files with 30 additions and 8 deletions
--- a/apps/api/src/services/courses/activities/activities.py
+++ b/apps/api/src/services/courses/activities/activities.py
@ -1,5 +1,6 @@
 from typing import Literal
 from sqlmodel import Session, select
+from src.db.courses import Course
 from src.db.chapters import Chapter
 from src.security.rbac.rbac import (
    authorization_verify_based_on_roles_and_authorship,
@ -26,7 +27,6 @@ async def create_activity(
    db_session: Session,
 ):

-
    # CHeck if org exists
    statement = select(Chapter).where(Chapter.id == activity_object.chapter_id)
    chapter = db_session.exec(statement).first()
@ -99,8 +99,18 @@ async def get_activity(
            detail="Activity not found",
        )

+    # Get course from that activity
+    statement = select(Course).where(Course.id == activity.course_id)
+    course = db_session.exec(statement).first()
+
+    if not course:
+        raise HTTPException(
+            status_code=404,
+            detail="Course not found",
+        )
+
    # RBAC check
-    await rbac_check(request, activity.activity_uuid, current_user, "read", db_session)
+    await rbac_check(request, course.course_uuid, current_user, "read", db_session)

    activity = ActivityRead.from_orm(activity)

--- a/apps/api/src/services/courses/chapters.py
+++ b/apps/api/src/services/courses/chapters.py
@ -112,8 +112,17 @@ async def get_chapter(
            status_code=status.HTTP_409_CONFLICT, detail="Chapter does not exist"
        )

+    # get COurse
+    statement = select(Course).where(Course.id == chapter.course_id)
+    course = db_session.exec(statement).first()
+
+    if not course:
+        raise HTTPException(
+            status_code=status.HTTP_409_CONFLICT, detail="Course does not exist"
+        )
+
    # RBAC check
-    await rbac_check(request, chapter.chapter_uuid, current_user, "read", db_session)
+    await rbac_check(request, course.course_uuid, current_user, "read", db_session)

    # Get activities for this chapter
    statement = (
@ -225,7 +234,7 @@ async def get_course_chapters(
    chapters = [ChapterRead(**chapter.dict(), activities=[]) for chapter in chapters]

    # RBAC check
-    await rbac_check(request, course.course_uuid, current_user, "read", db_session) # type: ignore
+    await rbac_check(request, course.course_uuid, current_user, "read", db_session)  # type: ignore

    # Get activities for each chapter
    for chapter in chapters:
@ -473,12 +482,15 @@ async def reorder_chapters_and_activities(
        db_session.delete(chapter_activity)
        db_session.commit()

-    
    # If links do not exist, create them
    chapter_activity_map = {}
    for chapter_order in chapters_order.chapter_order_by_ids:
        for activity_order in chapter_order.activities_order_by_ids:
-            if activity_order.activity_id in chapter_activity_map and chapter_activity_map[activity_order.activity_id] != chapter_order.chapter_id:
+            if (
+                activity_order.activity_id in chapter_activity_map
+                and chapter_activity_map[activity_order.activity_id]
+                != chapter_order.chapter_id
+            ):
                continue

            statement = (
@ -547,7 +559,7 @@ async def rbac_check(
            res = await authorization_verify_if_element_is_public(
                request, course_uuid, action, db_session
            )
-            print('res',res)
+            print("res", res)
            return res
        else:
            res = await authorization_verify_based_on_roles_and_authorship(