feat: add shared attribute, add markshared mutation, add templateCour… #914
Conversation
|
And this could use an integration test where one instructor publishes a course, and then another instructor is able to find it (c.f. backend/integration-tests/07_course.ts Line 240 in fef1203 |
|
And we should also relax the check in backend/graphql/subcourse/mutations.ts Line 82 in fef1203 |
If I make the hasAccess method call conditional, the authorization method must not be @AuthorizedDeferred then right? |
|
Ah, true, we need two checks then. |
|
Hey Jonas, this got a bit confusing to me after a long break. May you please sum up which methods and auth checks should be changed? Thank you very much :) |
|
|
I see that there is a method call |
graphql/subcourse/mutations.ts
Outdated
|
|
||
| const student = await getSessionStudent(context, studentId); | ||
| await prisma.subcourse_instructors_student.create({ data: { subcourseId: result.id, studentId: student.id } }); | ||
| if (isCourseSharedOrOwned) { |
There was a problem hiding this comment.
Thanks, you are right since I already throw an error in line 92 when the if condition isnt met :)
graphql/subcourse/mutations.ts
Outdated
| }, | ||
| }); | ||
| const isCourseSharedOrOwned = !!courseInstructorAssociation || course.shared; | ||
| if (!isCourseSharedOrOwned) { | ||
| logger.error(`Subcourse(${courseId}) is not shared or Student(${studentId}) is not an instructor of this subcourse`); |
graphql/subcourse/mutations.ts
Outdated
| @@ -71,7 +71,7 @@ class PublicLectureInput { | |||
| @Resolver((of) => GraphQLModel.Subcourse) | |||
| export class MutateSubcourseResolver { | |||
| @Mutation((returns) => GraphQLModel.Subcourse) | |||
| @AuthorizedDeferred(Role.ADMIN, Role.OWNER) | |||
| @AuthorizedDeferred(Role.INSTRUCTOR) | |||
There was a problem hiding this comment.
Ah, and this must be @Authorized instead of @AuthorizedDeferred
graphql/subcourse/mutations.ts
Outdated
| const courseInstructorAssociation = await prisma.course_instructors_student.findFirst({ | ||
| where: { | ||
| courseId: courseId, | ||
| studentId: studentId, |
There was a problem hiding this comment.
Ah, this for sure is wrong, we cannot trust our users to pass in their id. Please do
const student = await getSessionStudent(context, studentId);
... studentId: student.id
integration-tests/07_course.ts
Outdated
| @@ -21,6 +22,7 @@ const courseOne = test('Create Course One', async () => { | |||
| description: "Why should I test if my users can do that for me in production?" | |||
| category: club | |||
| allowContact: true | |||
| shared: true | |||
There was a problem hiding this comment.
I think you need a separate mutation markShared afterwards
There was a problem hiding this comment.
Can you please rephrase this comment? Do you mean that we need a separate test for shared and nonshared courses? For the current integration test I manually set the shared value to false. See line 414
There was a problem hiding this comment.
No the courseCreate Mutation does not take a shared attribute, thus the test is failing?
integration-tests/07_course.ts
Outdated
| @@ -126,7 +129,7 @@ export const subcourseOne = test('Create Subcourse', async () => { | |||
| allowChatContactProspects: true | |||
| allowChatContactParticipants: true | |||
| groupChatType: ${ChatType.NORMAL} | |||
| }) { id } | |||
| } studentId: ${student.userID}) { id } | |||
There was a problem hiding this comment.
and this can be reverted as we now use the session student
|
@Jonasdoubleyou or @realmayus Can you please have another look here? |
|
Um, the tests are still failing, have you seen my comment regarding shared: true? |
No description provided.