From 0c6fac5f62109a656357e749fd1501aae0eba178 Mon Sep 17 00:00:00 2001
From: uhensler <urs.hensler@frentix.com>
Date: Mon, 13 Jul 2020 10:19:00 +0200
Subject: [PATCH] OO-4802: Course rights are not restricted to current role
---
.../bps/course/nodes/ChecklistCourseNode.java | 9 +-
.../ChecklistManageCheckpointsController.java | 2 +-
.../olat/basesecurity/manager/GroupDAO.java | 32 +++++--
.../olat/basesecurity/model/GrantImpl.java | 2 -
.../AssessmentNotificationsHandler.java | 4 +-
.../groupsandrights/CourseGroupManager.java | 7 +-
.../PersistingCourseGroupManager.java | 10 +--
.../org/olat/course/nodes/STCourseNode.java | 9 +-
.../nodes/bc/BCCourseNodeRunController.java | 8 +-
.../course/nodes/cal/CourseCalendars.java | 9 +-
.../nodes/dialog/security/DialogCallback.java | 9 +-
.../course/nodes/ms/MSCoachRunController.java | 4 +-
.../olat/course/nodes/sp/SPRunController.java | 9 +-
.../course/run/CourseRuntimeController.java | 4 +-
.../preview/PreviewCourseGroupManager.java | 4 +-
.../org/olat/group/right/BGRightManager.java | 7 +-
.../olat/group/right/BGRightManagerImpl.java | 12 ++-
.../course/AbstractCourseNodeWebService.java | 2 +-
.../course/CourseAssessmentWebService.java | 2 +-
.../restapi/security/RestSecurityHelper.java | 4 +-
.../basesecurity/manager/GroupDAOTest.java | 89 ++++++++++++-------
.../CourseGroupManagementTest.java | 28 +++---
.../olat/group/test/BGRightManagerTest.java | 60 ++++++-------
23 files changed, 210 insertions(+), 116 deletions(-)
diff --git a/src/main/java/de/bps/course/nodes/ChecklistCourseNode.java b/src/main/java/de/bps/course/nodes/ChecklistCourseNode.java
index 0cbd0a337e0..c50db4024d7 100644
--- a/src/main/java/de/bps/course/nodes/ChecklistCourseNode.java
+++ b/src/main/java/de/bps/course/nodes/ChecklistCourseNode.java
@@ -29,6 +29,7 @@ import java.util.zip.ZipOutputStream;
import org.apache.commons.io.IOUtils;
import org.apache.logging.log4j.Logger;
+import org.olat.basesecurity.GroupRoles;
import org.olat.core.gui.UserRequest;
import org.olat.core.gui.components.stack.BreadcrumbPanel;
import org.olat.core.gui.control.Controller;
@@ -213,7 +214,13 @@ public class ChecklistCourseNode extends AbstractAccessableCourseNode {
if(canEdit) {
canManage = true;
} else {
- canManage = userCourseEnv.isCoach() || cgm.hasRight(ureq.getIdentity(), CourseRights.RIGHT_GROUPMANAGEMENT);
+ GroupRoles role = GroupRoles.owner;
+ if (userCourseEnv.isParticipant()) {
+ role = GroupRoles.participant;
+ } else if (userCourseEnv.isCoach()) {
+ role = GroupRoles.coach;
+ }
+ canManage = userCourseEnv.isCoach() || cgm.hasRight(ureq.getIdentity(), CourseRights.RIGHT_GROUPMANAGEMENT, role);
}
Checklist checklist = loadOrCreateChecklist(userCourseEnv.getCourseEnvironment().getCoursePropertyManager());
ChecklistDisplayController checkController = new ChecklistDisplayController(ureq, wControl, checklist,
diff --git a/src/main/java/de/bps/olat/modules/cl/ChecklistManageCheckpointsController.java b/src/main/java/de/bps/olat/modules/cl/ChecklistManageCheckpointsController.java
index 27f9cfc81b4..c3c1965849b 100644
--- a/src/main/java/de/bps/olat/modules/cl/ChecklistManageCheckpointsController.java
+++ b/src/main/java/de/bps/olat/modules/cl/ChecklistManageCheckpointsController.java
@@ -160,7 +160,7 @@ public class ChecklistManageCheckpointsController extends BasicController {
// collect all learning groups
lstGroups.addAll(cgm.getAllBusinessGroups());
- } else if(cgm.hasRight(identity, CourseRights.RIGHT_GROUPMANAGEMENT)) {
+ } else if(cgm.hasRight(identity, CourseRights.RIGHT_GROUPMANAGEMENT, GroupRoles.coach)) {
// collect all identities in learning groups
Set<Identity> identitiesInGroups = new HashSet<>();
identitiesInGroups.addAll(cgm.getParticipantsFromBusinessGroups());
diff --git a/src/main/java/org/olat/basesecurity/manager/GroupDAO.java b/src/main/java/org/olat/basesecurity/manager/GroupDAO.java
index 284a188ee9c..06d08964394 100644
--- a/src/main/java/org/olat/basesecurity/manager/GroupDAO.java
+++ b/src/main/java/org/olat/basesecurity/manager/GroupDAO.java
@@ -28,6 +28,7 @@ import java.util.Set;
import java.util.stream.Collectors;
import javax.persistence.EntityManager;
+import javax.persistence.TypedQuery;
import org.olat.basesecurity.Grant;
import org.olat.basesecurity.Group;
@@ -39,6 +40,7 @@ import org.olat.basesecurity.model.GroupImpl;
import org.olat.basesecurity.model.GroupMembershipImpl;
import org.olat.core.commons.persistence.DB;
import org.olat.core.id.Identity;
+import org.olat.core.util.StringHelper;
import org.olat.resource.OLATResource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@@ -263,27 +265,45 @@ public class GroupDAO {
return memberships == null || memberships.isEmpty() ? null : memberships.get(0);
}
- public boolean hasGrant(IdentityRef identity, String permission, OLATResource resource) {
+ public boolean hasGrant(IdentityRef identity, String permission, OLATResource resource, String currentRole) {
StringBuilder sb = new StringBuilder();
sb.append("select count(grant) from bgrant as grant")
.append(" inner join grant.group as baseGroup")
.append(" inner join baseGroup.members as membership")
.append(" where membership.identity.key=:identityKey and grant.resource.key=:resourceKey")
.append(" and grant.permission=:permission and membership.role=grant.role");
- Number count = dbInstance.getCurrentEntityManager()
+ if (StringHelper.containsNonWhitespace(currentRole)) {
+ sb.append(" and membership.role=:currentRole");
+ }
+ TypedQuery<Number> query = dbInstance.getCurrentEntityManager()
.createQuery(sb.toString(), Number.class)
.setParameter("identityKey", identity.getKey())
.setParameter("resourceKey", resource.getKey())
- .setParameter("permission", permission)
- .getSingleResult();
+ .setParameter("permission", permission);
+ if (StringHelper.containsNonWhitespace(currentRole)) {
+ query.setParameter("currentRole", currentRole);
+ }
+
+ Number count = query.getSingleResult();
return count == null ? false: count.intValue() > 0;
}
- public List<String> getPermissions(IdentityRef identity, OLATResource resource) {
+ public List<String> getPermissions(IdentityRef identity, OLATResource resource, String currentRole) {
+ StringBuilder sb = new StringBuilder();
+ sb.append("select grant.permission");
+ sb.append(" from bgrant as grant");
+ sb.append(" inner join grant.group as baseGroup");
+ sb.append(" inner join baseGroup.members as membership");
+ sb.append(" where membership.identity.key=:identityKey");
+ sb.append(" and grant.resource.key=:resourceKey");
+ sb.append(" and membership.role=grant.role");
+ sb.append(" and membership.role=:currentRole");
+
return dbInstance.getCurrentEntityManager()
- .createNamedQuery("grantedPermissionByIdentityAndResource", String.class)
+ .createQuery(sb.toString(), String.class)
.setParameter("identityKey", identity.getKey())
.setParameter("resourceKey", resource.getKey())
+ .setParameter("currentRole", currentRole)
.getResultList();
}
diff --git a/src/main/java/org/olat/basesecurity/model/GrantImpl.java b/src/main/java/org/olat/basesecurity/model/GrantImpl.java
index 92f324cd282..3436b92c850 100644
--- a/src/main/java/org/olat/basesecurity/model/GrantImpl.java
+++ b/src/main/java/org/olat/basesecurity/model/GrantImpl.java
@@ -28,7 +28,6 @@ import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
-import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
@@ -49,7 +48,6 @@ import org.olat.resource.OLATResourceImpl;
*/
@Entity(name="bgrant")
@Table(name="o_bs_grant")
-@NamedQuery(name="grantedPermissionByIdentityAndResource", query="select grant.permission from bgrant as grant inner join grant.group as baseGroup inner join baseGroup.members as membership where membership.identity.key=:identityKey and grant.resource.key=:resourceKey and membership.role=grant.role")
public class GrantImpl implements Grant, Persistable {
private static final long serialVersionUID = -9157469088175205845L;
diff --git a/src/main/java/org/olat/course/assessment/manager/AssessmentNotificationsHandler.java b/src/main/java/org/olat/course/assessment/manager/AssessmentNotificationsHandler.java
index be00f3ba70d..c8e676c0810 100644
--- a/src/main/java/org/olat/course/assessment/manager/AssessmentNotificationsHandler.java
+++ b/src/main/java/org/olat/course/assessment/manager/AssessmentNotificationsHandler.java
@@ -229,7 +229,7 @@ public class AssessmentNotificationsHandler implements NotificationsHandler {
CourseGroupManager grpMan = course.getCourseEnvironment().getCourseGroupManager();
boolean isLearnResourceManager = organisationService.hasRole(ident, OrganisationRoles.learnresourcemanager);
- return isLearnResourceManager || grpMan.isIdentityCourseAdministrator(ident) || grpMan.isIdentityCourseCoach(ident) || grpMan.hasRight(ident, CourseRights.RIGHT_ASSESSMENT);
+ return isLearnResourceManager || grpMan.isIdentityCourseAdministrator(ident) || grpMan.isIdentityCourseCoach(ident) || grpMan.hasRight(ident, CourseRights.RIGHT_ASSESSMENT, null);
}
/**
@@ -325,7 +325,7 @@ public class AssessmentNotificationsHandler implements NotificationsHandler {
// course admins or users with the course right to have full access to
// the assessment tool will have full access to user tests
CourseGroupManager cgm = course.getCourseEnvironment().getCourseGroupManager();
- final boolean hasFullAccess = cgm.isIdentityCourseAdministrator(identity) || cgm.hasRight(identity, CourseRights.RIGHT_ASSESSMENT);
+ final boolean hasFullAccess = cgm.isIdentityCourseAdministrator(identity) || cgm.hasRight(identity, CourseRights.RIGHT_ASSESSMENT, null);
final Set<Identity> coachedUsers = new HashSet<>();
if (!hasFullAccess) {
// initialize list of users, only when user has not full access
diff --git a/src/main/java/org/olat/course/groupsandrights/CourseGroupManager.java b/src/main/java/org/olat/course/groupsandrights/CourseGroupManager.java
index 2ee6bf84331..0e8737c11bb 100644
--- a/src/main/java/org/olat/course/groupsandrights/CourseGroupManager.java
+++ b/src/main/java/org/olat/course/groupsandrights/CourseGroupManager.java
@@ -28,6 +28,7 @@ package org.olat.course.groupsandrights;
import java.io.File;
import java.util.List;
+import org.olat.basesecurity.GroupRoles;
import org.olat.basesecurity.IdentityRef;
import org.olat.basesecurity.OrganisationRoles;
import org.olat.core.id.Identity;
@@ -71,17 +72,19 @@ public interface CourseGroupManager {
*
* @param identity
* @param courseRight
+ * @param role may be null
* @return true if user has course right, false otherwise
*/
- public boolean hasRight(Identity identity, String courseRight);
+ public boolean hasRight(Identity identity, String courseRight, GroupRoles role);
/**
* Return the users course rights in any of the available right group context of
* this course
* @param identity
+ * @param role
* @return
*/
- public List<String> getRights(Identity identity);
+ public List<String> getRights(Identity identity, GroupRoles role);
/**
* Checks if an identity is in a learning group with the given name in any
diff --git a/src/main/java/org/olat/course/groupsandrights/PersistingCourseGroupManager.java b/src/main/java/org/olat/course/groupsandrights/PersistingCourseGroupManager.java
index 5925e1f0a64..433f86a2443 100644
--- a/src/main/java/org/olat/course/groupsandrights/PersistingCourseGroupManager.java
+++ b/src/main/java/org/olat/course/groupsandrights/PersistingCourseGroupManager.java
@@ -30,6 +30,7 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
+import org.apache.logging.log4j.Logger;
import org.olat.basesecurity.GroupRoles;
import org.olat.basesecurity.IdentityRef;
import org.olat.basesecurity.OrganisationRoles;
@@ -37,7 +38,6 @@ import org.olat.basesecurity.OrganisationService;
import org.olat.core.CoreSpringFactory;
import org.olat.core.id.Identity;
import org.olat.core.id.OLATResourceable;
-import org.apache.logging.log4j.Logger;
import org.olat.core.logging.Tracing;
import org.olat.core.util.StringHelper;
import org.olat.course.export.CourseEnvironmentMapper;
@@ -160,13 +160,13 @@ public class PersistingCourseGroupManager implements CourseGroupManager {
}
@Override
- public boolean hasRight(Identity identity, String courseRight) {
- return rightManager.hasBGRight(courseRight, identity, getCourseResource());
+ public boolean hasRight(Identity identity, String courseRight, GroupRoles role) {
+ return rightManager.hasBGRight(courseRight, identity, getCourseResource(), role);
}
@Override
- public List<String> getRights(Identity identity) {
- return rightManager.getBGRights(identity, getCourseResource());
+ public List<String> getRights(Identity identity, GroupRoles role) {
+ return rightManager.getBGRights(identity, getCourseResource(), role);
}
@Override
diff --git a/src/main/java/org/olat/course/nodes/STCourseNode.java b/src/main/java/org/olat/course/nodes/STCourseNode.java
index e210131bef3..9c058862ede 100644
--- a/src/main/java/org/olat/course/nodes/STCourseNode.java
+++ b/src/main/java/org/olat/course/nodes/STCourseNode.java
@@ -30,6 +30,7 @@ import java.util.ArrayList;
import java.util.List;
import org.apache.logging.log4j.Logger;
+import org.olat.basesecurity.GroupRoles;
import org.olat.core.commons.controllers.linkchooser.CustomLinkTreeModel;
import org.olat.core.commons.fullWebApp.LayoutMain3ColsController;
import org.olat.core.commons.fullWebApp.popup.BaseFullWebappPopupLayoutFactory;
@@ -177,7 +178,13 @@ public class STCourseNode extends AbstractAccessableCourseNode {
userCourseEnv.getCourseEnvironment().isPreview(), courseRepoKey);
// check if user is allowed to edit the page in the run view
CourseGroupManager cgm = userCourseEnv.getCourseEnvironment().getCourseGroupManager();
- boolean hasEditRights = userCourseEnv.isAdmin() || cgm.hasRight(ureq.getIdentity(),CourseRights.RIGHT_COURSEEDITOR)
+ GroupRoles role = GroupRoles.owner;
+ if (userCourseEnv.isParticipant()) {
+ role = GroupRoles.participant;
+ } else if (userCourseEnv.isCoach()) {
+ role = GroupRoles.coach;
+ }
+ boolean hasEditRights = userCourseEnv.isAdmin() || cgm.hasRight(ureq.getIdentity(),CourseRights.RIGHT_COURSEEDITOR, role)
|| (getModuleConfiguration().getBooleanSafe(SPEditController.CONFIG_KEY_ALLOW_COACH_EDIT, false) && userCourseEnv.isCoach());
if (hasEditRights) {
diff --git a/src/main/java/org/olat/course/nodes/bc/BCCourseNodeRunController.java b/src/main/java/org/olat/course/nodes/bc/BCCourseNodeRunController.java
index da413d33473..4dae9580542 100644
--- a/src/main/java/org/olat/course/nodes/bc/BCCourseNodeRunController.java
+++ b/src/main/java/org/olat/course/nodes/bc/BCCourseNodeRunController.java
@@ -161,7 +161,13 @@ public class BCCourseNodeRunController extends BasicController implements Activa
VFSContainer courseContainer = null;
if(scallback.canWrite() && scallback.canCopy()) {
- if (userCourseEnv.isAdmin() || cgm.hasRight(getIdentity(), CourseRights.RIGHT_COURSEEDITOR)) {
+ GroupRoles role = GroupRoles.owner;
+ if (userCourseEnv.isParticipant()) {
+ role = GroupRoles.participant;
+ } else if (userCourseEnv.isCoach()) {
+ role = GroupRoles.coach;
+ }
+ if (userCourseEnv.isAdmin() || cgm.hasRight(getIdentity(), CourseRights.RIGHT_COURSEEDITOR, role)) {
// use course folder as copy source
courseContainer = courseEnv.getCourseFolderContainer();
}
diff --git a/src/main/java/org/olat/course/nodes/cal/CourseCalendars.java b/src/main/java/org/olat/course/nodes/cal/CourseCalendars.java
index d15630a79bd..15503956dca 100644
--- a/src/main/java/org/olat/course/nodes/cal/CourseCalendars.java
+++ b/src/main/java/org/olat/course/nodes/cal/CourseCalendars.java
@@ -24,6 +24,7 @@ import java.util.Collections;
import java.util.List;
import java.util.Map;
+import org.olat.basesecurity.GroupRoles;
import org.olat.collaboration.CollaborationTools;
import org.olat.collaboration.CollaborationToolsFactory;
import org.olat.commons.calendar.CalendarManager;
@@ -126,8 +127,14 @@ public class CourseCalendars {
// add course group calendars
Roles roles = ureq.getUserSession().getRoles();
+ GroupRoles role = GroupRoles.owner;
+ if (userCourseEnv.isParticipant()) {
+ role = GroupRoles.participant;
+ } else if (userCourseEnv.isCoach()) {
+ role = GroupRoles.coach;
+ }
boolean isGroupManager = roles.isGroupManager() || userCourseEnv.isAdmin()
- || cgm.hasRight(identity, CourseRights.RIGHT_GROUPMANAGEMENT);
+ || cgm.hasRight(identity, CourseRights.RIGHT_GROUPMANAGEMENT, role);
boolean readOnly = userCourseEnv.isCourseReadOnly();
if (isGroupManager) {
diff --git a/src/main/java/org/olat/course/nodes/dialog/security/DialogCallback.java b/src/main/java/org/olat/course/nodes/dialog/security/DialogCallback.java
index f86993fed2f..dbe2f48d2b8 100644
--- a/src/main/java/org/olat/course/nodes/dialog/security/DialogCallback.java
+++ b/src/main/java/org/olat/course/nodes/dialog/security/DialogCallback.java
@@ -25,6 +25,7 @@
package org.olat.course.nodes.dialog.security;
+import org.olat.basesecurity.GroupRoles;
import org.olat.core.commons.services.notifications.SubscriptionContext;
import org.olat.course.groupsandrights.CourseRights;
import org.olat.course.nodes.dialog.DialogSecurityCallback;
@@ -48,9 +49,15 @@ class DialogCallback implements DialogSecurityCallback {
this.isUploader = isUploader;
this.isModerator = isModerator;
this.isPoster = isPoster;
+ GroupRoles role = GroupRoles.owner;
+ if (userCourseEnv.isParticipant()) {
+ role = GroupRoles.participant;
+ } else if (userCourseEnv.isCoach()) {
+ role = GroupRoles.coach;
+ }
this.isCourseEditor = userCourseEnv.getCourseEnvironment().getCourseGroupManager().hasRight(
userCourseEnv.getIdentityEnvironment().getIdentity(),
- CourseRights.RIGHT_COURSEEDITOR);
+ CourseRights.RIGHT_COURSEEDITOR, role);
this.isGuestOnly = userCourseEnv.getIdentityEnvironment().getRoles().isGuestOnly();
}
diff --git a/src/main/java/org/olat/course/nodes/ms/MSCoachRunController.java b/src/main/java/org/olat/course/nodes/ms/MSCoachRunController.java
index 345dedce840..ab48df4b19f 100644
--- a/src/main/java/org/olat/course/nodes/ms/MSCoachRunController.java
+++ b/src/main/java/org/olat/course/nodes/ms/MSCoachRunController.java
@@ -21,6 +21,7 @@ package org.olat.course.nodes.ms;
import java.util.List;
+import org.olat.basesecurity.GroupRoles;
import org.olat.core.gui.UserRequest;
import org.olat.core.gui.components.Component;
import org.olat.core.gui.components.stack.TooledStackedPanel;
@@ -61,9 +62,10 @@ public class MSCoachRunController extends BasicController {
stackPanel.setCssClass("o_ms_stack_panel");
putInitialPanel(stackPanel);
+ GroupRoles role = userCourseEnv.isCoach()? GroupRoles.coach: GroupRoles.owner;
// see CourseRuntimeController.doAssessmentTool(ureq);
boolean hasAssessmentRight = userCourseEnv.getCourseEnvironment().getCourseGroupManager()
- .getRights(getIdentity()).contains(CourseRights.RIGHT_ASSESSMENT);
+ .hasRight(getIdentity(), CourseRights.RIGHT_ASSESSMENT, role);
RepositoryEntry courseEntry = userCourseEnv.getCourseEnvironment().getCourseGroupManager().getCourseEntry();
RepositoryEntrySecurity reSecurity = repositoryManager.isAllowed(ureq, courseEntry);
diff --git a/src/main/java/org/olat/course/nodes/sp/SPRunController.java b/src/main/java/org/olat/course/nodes/sp/SPRunController.java
index 9312a4d3346..7bb3d75e308 100644
--- a/src/main/java/org/olat/course/nodes/sp/SPRunController.java
+++ b/src/main/java/org/olat/course/nodes/sp/SPRunController.java
@@ -27,6 +27,7 @@ package org.olat.course.nodes.sp;
import java.util.List;
+import org.olat.basesecurity.GroupRoles;
import org.olat.core.commons.controllers.linkchooser.CustomLinkTreeModel;
import org.olat.core.commons.fullWebApp.LayoutMain3ColsController;
import org.olat.core.commons.fullWebApp.popup.BaseFullWebappPopupLayoutFactory;
@@ -139,8 +140,14 @@ public class SPRunController extends BasicController implements Activateable2 {
if(isFileTypeEditable(fileName)) {
CourseGroupManager cgm = userCourseEnv.getCourseEnvironment().getCourseGroupManager();
+ GroupRoles role = GroupRoles.owner;
+ if (userCourseEnv.isParticipant()) {
+ role = GroupRoles.participant;
+ } else if (userCourseEnv.isCoach()) {
+ role = GroupRoles.coach;
+ }
return (config.getBooleanSafe(SPEditController.CONFIG_KEY_ALLOW_COACH_EDIT, false) && userCourseEnv.isCoach())
- || userCourseEnv.isAdmin() || cgm.hasRight(getIdentity(), CourseRights.RIGHT_COURSEEDITOR);
+ || userCourseEnv.isAdmin() || cgm.hasRight(getIdentity(), CourseRights.RIGHT_COURSEEDITOR, role);
}
return false;
diff --git a/src/main/java/org/olat/course/run/CourseRuntimeController.java b/src/main/java/org/olat/course/run/CourseRuntimeController.java
index 44c960d4bd4..3b8caab2da9 100644
--- a/src/main/java/org/olat/course/run/CourseRuntimeController.java
+++ b/src/main/java/org/olat/course/run/CourseRuntimeController.java
@@ -26,6 +26,7 @@ import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import org.olat.NewControllerFactory;
+import org.olat.basesecurity.GroupRoles;
import org.olat.commons.calendar.CalendarModule;
import org.olat.commons.info.ui.InfoSecurityCallback;
import org.olat.core.CoreSpringFactory;
@@ -320,7 +321,8 @@ public class CourseRuntimeController extends RepositoryEntryRuntimeController im
courseRightsCache = new HashMap<>();
if(!reSecurity.isEntryAdmin() && !isGuestOnly) {
- List<String> rights = cgm.getRights(getIdentity());
+ GroupRoles role = GroupRoles.valueOf(reSecurity.getCurrentRole().name());
+ List<String> rights = cgm.getRights(getIdentity(), role);
courseRightsCache.put(CourseRights.RIGHT_GROUPMANAGEMENT, Boolean.valueOf(rights.contains(CourseRights.RIGHT_GROUPMANAGEMENT)));
courseRightsCache.put(CourseRights.RIGHT_MEMBERMANAGEMENT, Boolean.valueOf(rights.contains(CourseRights.RIGHT_MEMBERMANAGEMENT)));
courseRightsCache.put(CourseRights.RIGHT_COURSEEDITOR, Boolean.valueOf(rights.contains(CourseRights.RIGHT_COURSEEDITOR)));
diff --git a/src/main/java/org/olat/course/run/preview/PreviewCourseGroupManager.java b/src/main/java/org/olat/course/run/preview/PreviewCourseGroupManager.java
index 9d87eb121e2..eb97cf0d569 100644
--- a/src/main/java/org/olat/course/run/preview/PreviewCourseGroupManager.java
+++ b/src/main/java/org/olat/course/run/preview/PreviewCourseGroupManager.java
@@ -114,12 +114,12 @@ final class PreviewCourseGroupManager implements CourseGroupManager {
}
@Override
- public boolean hasRight(Identity identity, String courseRight) {
+ public boolean hasRight(Identity identity, String courseRight, GroupRoles role) {
return !courseRight.equals(CourseRights.RIGHT_COURSEEDITOR);
}
@Override
- public List<String> getRights(Identity identity) {
+ public List<String> getRights(Identity identity, GroupRoles role) {
return new ArrayList<>(1);
}
diff --git a/src/main/java/org/olat/group/right/BGRightManager.java b/src/main/java/org/olat/group/right/BGRightManager.java
index 5b942e54fbc..43f71c6ec28 100644
--- a/src/main/java/org/olat/group/right/BGRightManager.java
+++ b/src/main/java/org/olat/group/right/BGRightManager.java
@@ -29,6 +29,7 @@ import java.util.Collection;
import java.util.List;
import org.olat.basesecurity.Group;
+import org.olat.basesecurity.GroupRoles;
import org.olat.basesecurity.IdentityRef;
import org.olat.group.BusinessGroup;
import org.olat.resource.OLATResource;
@@ -96,18 +97,20 @@ public interface BGRightManager {
* @param bgRight
* @param identity
* @param resource
+ * @param role may be null
* @return true if an identity is in a group that has this business group
* right in the given resource
*/
- public boolean hasBGRight(String bgRight, IdentityRef identity, OLATResource resource);
+ public boolean hasBGRight(String bgRight, IdentityRef identity, OLATResource resource, GroupRoles role);
/**
*
* @param identity
* @param resource
+ * @param role
* @return
*/
- public List<String> getBGRights(IdentityRef identity, OLATResource resource);
+ public List<String> getBGRights(IdentityRef identity, OLATResource resource, GroupRoles role);
/**
* @param rightGroup
diff --git a/src/main/java/org/olat/group/right/BGRightManagerImpl.java b/src/main/java/org/olat/group/right/BGRightManagerImpl.java
index bb5778beb2c..117d4ffed4f 100644
--- a/src/main/java/org/olat/group/right/BGRightManagerImpl.java
+++ b/src/main/java/org/olat/group/right/BGRightManagerImpl.java
@@ -107,18 +107,16 @@ public class BGRightManagerImpl implements BGRightManager {
}
@Override
- public boolean hasBGRight(String bgRight, IdentityRef identity, OLATResource resource) {
- return groupDao.hasGrant(identity, bgRight, resource);
+ public boolean hasBGRight(String bgRight, IdentityRef identity, OLATResource resource, GroupRoles role) {
+ String roleStr = role != null? role.name(): null;
+ return groupDao.hasGrant(identity, bgRight, resource, roleStr);
}
@Override
- public List<String> getBGRights(IdentityRef identity, OLATResource resource) {
- return groupDao.getPermissions(identity, resource);
+ public List<String> getBGRights(IdentityRef identity, OLATResource resource, GroupRoles role) {
+ return groupDao.getPermissions(identity, resource, role.name());
}
- /**
- * @see org.olat.group.right.BGRightManager#findBGRights(org.olat.group.BusinessGroup)
- */
@Override
public List<String> findBGRights(BusinessGroup group, BGRightsRole role) {
GroupRoles groupRole = null;
diff --git a/src/main/java/org/olat/restapi/repository/course/AbstractCourseNodeWebService.java b/src/main/java/org/olat/restapi/repository/course/AbstractCourseNodeWebService.java
index 22d73407a22..1d38720b2c3 100644
--- a/src/main/java/org/olat/restapi/repository/course/AbstractCourseNodeWebService.java
+++ b/src/main/java/org/olat/restapi/repository/course/AbstractCourseNodeWebService.java
@@ -269,7 +269,7 @@ public abstract class AbstractCourseNodeWebService {
RepositoryService repositoryService = CoreSpringFactory.getImpl(RepositoryService.class);
return repositoryService.hasRoleExpanded(identity, cgm.getCourseEntry(),
OrganisationRoles.administrator.name(), OrganisationRoles.learnresourcemanager.name(),
- GroupRoles.owner.name()) || cgm.hasRight(identity, CourseRights.RIGHT_COURSEEDITOR);
+ GroupRoles.owner.name()) || cgm.hasRight(identity, CourseRights.RIGHT_COURSEEDITOR, null);
} catch (Exception e) {
return false;
}
diff --git a/src/main/java/org/olat/restapi/repository/course/CourseAssessmentWebService.java b/src/main/java/org/olat/restapi/repository/course/CourseAssessmentWebService.java
index 20f104d8049..1386b270d60 100644
--- a/src/main/java/org/olat/restapi/repository/course/CourseAssessmentWebService.java
+++ b/src/main/java/org/olat/restapi/repository/course/CourseAssessmentWebService.java
@@ -551,7 +551,7 @@ public class CourseAssessmentWebService {
CourseGroupManager cgm = course.getCourseEnvironment().getCourseGroupManager();
return repositoryService.hasRoleExpanded(identity, cgm.getCourseEntry(),
OrganisationRoles.administrator.name(), OrganisationRoles.learnresourcemanager.name(),
- GroupRoles.owner.name()) || cgm.hasRight(identity, CourseRights.RIGHT_ASSESSMENT);
+ GroupRoles.owner.name()) || cgm.hasRight(identity, CourseRights.RIGHT_ASSESSMENT, null);
} catch (Exception e) {
return false;
}
diff --git a/src/main/java/org/olat/restapi/security/RestSecurityHelper.java b/src/main/java/org/olat/restapi/security/RestSecurityHelper.java
index 7057d919cad..74b8ff66400 100644
--- a/src/main/java/org/olat/restapi/security/RestSecurityHelper.java
+++ b/src/main/java/org/olat/restapi/security/RestSecurityHelper.java
@@ -91,7 +91,7 @@ public class RestSecurityHelper {
CourseGroupManager cgm = course.getCourseEnvironment().getCourseGroupManager();
UserRequest ureq = getUserRequest(request);
Identity identity = ureq.getIdentity();
- return cgm.isIdentityCourseAdministrator(identity) || cgm.hasRight(identity, CourseRights.RIGHT_GROUPMANAGEMENT);
+ return cgm.isIdentityCourseAdministrator(identity) || cgm.hasRight(identity, CourseRights.RIGHT_GROUPMANAGEMENT, null);
} catch (Exception e) {
return false;
}
@@ -105,7 +105,7 @@ public class RestSecurityHelper {
UserRequest ureq = getUserRequest(request);
Identity identity = ureq.getIdentity();
CourseGroupManager cgm = course.getCourseEnvironment().getCourseGroupManager();
- return cgm.hasRight(identity, CourseRights.RIGHT_GROUPMANAGEMENT);
+ return cgm.hasRight(identity, CourseRights.RIGHT_GROUPMANAGEMENT, null);
}
return false;
} catch (Exception e) {
diff --git a/src/test/java/org/olat/basesecurity/manager/GroupDAOTest.java b/src/test/java/org/olat/basesecurity/manager/GroupDAOTest.java
index e9a3383b892..b1079d618ff 100644
--- a/src/test/java/org/olat/basesecurity/manager/GroupDAOTest.java
+++ b/src/test/java/org/olat/basesecurity/manager/GroupDAOTest.java
@@ -420,10 +420,29 @@ public class GroupDAOTest extends OlatTestCase {
groupDao.addGrant(group, role, "hasGrant-perm", resource);
dbInstance.commitAndCloseSession();
- boolean hasGrant = groupDao.hasGrant(id, "hasGrant-perm", resource);
+ boolean hasGrant = groupDao.hasGrant(id, "hasGrant-perm", resource, role);
Assert.assertTrue(hasGrant);
}
+
+ @Test
+ public void hasGrant_currentRole() {
+ Identity id = JunitTestHelper.createAndPersistIdentityAsRndUser("grant-1-");
+ Group group = groupDao.createGroup();
+ String role1 = "hasGrant-role-1";
+ groupDao.addMembershipTwoWay(group, id, role1);
+ String role2 = "hasGrant-role-2";
+ groupDao.addMembershipTwoWay(group, id, role2);
+ OLATResource resource = JunitTestHelper.createRandomResource();
+ groupDao.addGrant(group, role1, "hasGrant-perm", resource);
+ dbInstance.commitAndCloseSession();
+
+ boolean hasGrantRole1 = groupDao.hasGrant(id, "hasGrant-perm", resource, role1);
+ Assert.assertTrue(hasGrantRole1);
+ boolean hasGrantRole2 = groupDao.hasGrant(id, "hasGrant-perm", resource, role2);
+ Assert.assertFalse(hasGrantRole2);
+ }
+
@Test
public void getPermissions() {
Identity id = JunitTestHelper.createAndPersistIdentityAsRndUser("grant-1-");
@@ -434,7 +453,7 @@ public class GroupDAOTest extends OlatTestCase {
groupDao.addGrant(group, role, "getPermissions-perm", resource);
dbInstance.commitAndCloseSession();
- List<String> permissions = groupDao.getPermissions(id, resource);
+ List<String> permissions = groupDao.getPermissions(id, resource, role);
Assert.assertNotNull(permissions);
Assert.assertEquals(1, permissions.size());
Assert.assertEquals("getPermissions-perm", permissions.get(0));
@@ -449,42 +468,48 @@ public class GroupDAOTest extends OlatTestCase {
String role2 = "getPermissions-role-2";
groupDao.addMembershipTwoWay(group, id, role2);
OLATResource resource = JunitTestHelper.createRandomResource();
- groupDao.addGrant(group, role1, "getPermissions-perm-1", resource);
- groupDao.addGrant(group, role2, "getPermissions-perm-2", resource);
+ groupDao.addGrant(group, role1, "getPermissions-perm-1-1", resource);
+ groupDao.addGrant(group, role1, "getPermissions-perm-1-2", resource);
+ groupDao.addGrant(group, role2, "getPermissions-perm-2-1", resource);
+ groupDao.addGrant(group, role2, "getPermissions-perm-2-2", resource);
dbInstance.commitAndCloseSession();
- List<String> permissions = groupDao.getPermissions(id, resource);
+ List<String> permissions = groupDao.getPermissions(id, resource, role2);
Assert.assertNotNull(permissions);
Assert.assertEquals(2, permissions.size());
- Assert.assertTrue(permissions.contains("getPermissions-perm-1"));
- Assert.assertTrue(permissions.contains("getPermissions-perm-2"));
+ Assert.assertFalse(permissions.contains("getPermissions-perm-1-1"));
+ Assert.assertFalse(permissions.contains("getPermissions-perm-1-2"));
+ Assert.assertTrue(permissions.contains("getPermissions-perm-2-1"));
+ Assert.assertTrue(permissions.contains("getPermissions-perm-2-2"));
}
@Test
public void addRemoveGrant() {
Identity id = JunitTestHelper.createAndPersistIdentityAsRndUser("addremove-1-");
Group group = groupDao.createGroup();
- groupDao.addMembershipTwoWay(group, id, "addremove-1");
- groupDao.addMembershipTwoWay(group, id, "addremove-2");
+ String role1 = "addremove-1";
+ groupDao.addMembershipTwoWay(group, id, role1);
+ String role2 = "addremove-2";
+ groupDao.addMembershipTwoWay(group, id, role2);
OLATResource resource = JunitTestHelper.createRandomResource();
- groupDao.addGrant(group, "addremove-1", "addremove-1-perm", resource);
- groupDao.addGrant(group, "addremove-2", "addremove-2-perm", resource);
+ groupDao.addGrant(group, role1, "addremove-1-perm", resource);
+ groupDao.addGrant(group, role2, "addremove-2-perm", resource);
dbInstance.commitAndCloseSession();
//setup check
- boolean hasPerm1 = groupDao.hasGrant(id, "addremove-1-perm", resource);
+ boolean hasPerm1 = groupDao.hasGrant(id, "addremove-1-perm", resource, role1);
Assert.assertTrue(hasPerm1);
- boolean hasPerm2 = groupDao.hasGrant(id, "addremove-2-perm", resource);
+ boolean hasPerm2 = groupDao.hasGrant(id, "addremove-2-perm", resource, role2);
Assert.assertTrue(hasPerm2);
//remove perm 1
- groupDao.removeGrant(group, "addremove-1", "addremove-1-perm", resource);
+ groupDao.removeGrant(group, role1, "addremove-1-perm", resource);
dbInstance.commitAndCloseSession();
//check
- boolean hasStillPerm1 = groupDao.hasGrant(id, "addremove-1-perm", resource);
+ boolean hasStillPerm1 = groupDao.hasGrant(id, "addremove-1-perm", resource, role1);
Assert.assertFalse(hasStillPerm1);
- boolean hasStillPerm2 = groupDao.hasGrant(id, "addremove-2-perm", resource);
+ boolean hasStillPerm2 = groupDao.hasGrant(id, "addremove-2-perm", resource, role2);
Assert.assertTrue(hasStillPerm2);
}
@@ -492,37 +517,39 @@ public class GroupDAOTest extends OlatTestCase {
public void addRemoveGrants() {
Identity id = JunitTestHelper.createAndPersistIdentityAsRndUser("addremove-1-");
Group group = groupDao.createGroup();
- groupDao.addMembershipTwoWay(group, id, "addremove-1");
- groupDao.addMembershipTwoWay(group, id, "addremove-2");
+ String role1 = "addremove-1";
+ groupDao.addMembershipTwoWay(group, id, role1);
+ String role2 = "addremove-2";
+ groupDao.addMembershipTwoWay(group, id, role2);
OLATResource resource = JunitTestHelper.createRandomResource();
- groupDao.addGrant(group, "addremove-1", "addremove-1-perm", resource);
- groupDao.addGrant(group, "addremove-1", "addremove-11-perm", resource);
- groupDao.addGrant(group, "addremove-2", "addremove-2-perm", resource);
- groupDao.addGrant(group, "addremove-2", "addremove-22-perm", resource);
+ groupDao.addGrant(group, role1, "addremove-1-perm", resource);
+ groupDao.addGrant(group, role1, "addremove-11-perm", resource);
+ groupDao.addGrant(group, role2, "addremove-2-perm", resource);
+ groupDao.addGrant(group, role2, "addremove-22-perm", resource);
dbInstance.commitAndCloseSession();
//setup check
- boolean hasPerm1 = groupDao.hasGrant(id, "addremove-1-perm", resource);
+ boolean hasPerm1 = groupDao.hasGrant(id, "addremove-1-perm", resource, role1);
Assert.assertTrue(hasPerm1);
- boolean hasPerm11 = groupDao.hasGrant(id, "addremove-11-perm", resource);
+ boolean hasPerm11 = groupDao.hasGrant(id, "addremove-11-perm", resource, role1);
Assert.assertTrue(hasPerm11);
- boolean hasPerm2 = groupDao.hasGrant(id, "addremove-2-perm", resource);
+ boolean hasPerm2 = groupDao.hasGrant(id, "addremove-2-perm", resource, role2);
Assert.assertTrue(hasPerm2);
- boolean hasPerm22 = groupDao.hasGrant(id, "addremove-22-perm", resource);
+ boolean hasPerm22 = groupDao.hasGrant(id, "addremove-22-perm", resource, role2);
Assert.assertTrue(hasPerm22);
//remove perm 1
- groupDao.removeGrants(group, "addremove-1", resource);
+ groupDao.removeGrants(group, role1, resource);
dbInstance.commitAndCloseSession();
//check
- boolean hasStillPerm1 = groupDao.hasGrant(id, "addremove-1-perm", resource);
+ boolean hasStillPerm1 = groupDao.hasGrant(id, "addremove-1-perm", resource, role1);
Assert.assertFalse(hasStillPerm1);
- boolean hasStillPerm11 = groupDao.hasGrant(id, "addremove-11-perm", resource);
+ boolean hasStillPerm11 = groupDao.hasGrant(id, "addremove-11-perm", resource, role1);
Assert.assertFalse(hasStillPerm11);
- boolean hasStillPerm2 = groupDao.hasGrant(id, "addremove-2-perm", resource);
+ boolean hasStillPerm2 = groupDao.hasGrant(id, "addremove-2-perm", resource, role2);
Assert.assertTrue(hasStillPerm2);
- boolean hasStillPerm22 = groupDao.hasGrant(id, "addremove-22-perm", resource);
+ boolean hasStillPerm22 = groupDao.hasGrant(id, "addremove-22-perm", resource, role2);
Assert.assertTrue(hasStillPerm22);
}
}
\ No newline at end of file
diff --git a/src/test/java/org/olat/course/groupsandrights/CourseGroupManagementTest.java b/src/test/java/org/olat/course/groupsandrights/CourseGroupManagementTest.java
index 78e38387950..2b157f8faa9 100644
--- a/src/test/java/org/olat/course/groupsandrights/CourseGroupManagementTest.java
+++ b/src/test/java/org/olat/course/groupsandrights/CourseGroupManagementTest.java
@@ -139,13 +139,13 @@ public class CourseGroupManagementTest extends OlatTestCase {
// test rights
DBFactory.getInstance().closeSession();
- assertTrue(gm.hasRight(id1, CourseRights.RIGHT_ARCHIVING));
- assertTrue(gm.hasRight(id1, CourseRights.RIGHT_COURSEEDITOR));
- assertTrue(gm.hasRight(id1, CourseRights.RIGHT_GROUPMANAGEMENT));
- assertFalse(gm.hasRight(id1, CourseRights.RIGHT_ASSESSMENT));
- assertTrue(gm.hasRight(id1, CourseRights.RIGHT_COURSEEDITOR));
- assertTrue(gm.hasRight(id1, CourseRights.RIGHT_COURSEEDITOR));
- assertFalse(gm.hasRight(id2, CourseRights.RIGHT_COURSEEDITOR));
+ assertTrue(gm.hasRight(id1, CourseRights.RIGHT_ARCHIVING, GroupRoles.participant));
+ assertTrue(gm.hasRight(id1, CourseRights.RIGHT_COURSEEDITOR, GroupRoles.participant));
+ assertTrue(gm.hasRight(id1, CourseRights.RIGHT_GROUPMANAGEMENT, GroupRoles.participant));
+ assertFalse(gm.hasRight(id1, CourseRights.RIGHT_ASSESSMENT, GroupRoles.participant));
+ assertTrue(gm.hasRight(id1, CourseRights.RIGHT_COURSEEDITOR, GroupRoles.participant));
+ assertTrue(gm.hasRight(id1, CourseRights.RIGHT_COURSEEDITOR, GroupRoles.participant));
+ assertFalse(gm.hasRight(id2, CourseRights.RIGHT_COURSEEDITOR, GroupRoles.participant));
// test context
DBFactory.getInstance().closeSession();
@@ -215,13 +215,13 @@ public class CourseGroupManagementTest extends OlatTestCase {
// test rights
DBFactory.getInstance().closeSession();
- assertTrue(gm.hasRight(id1, CourseRights.RIGHT_ARCHIVING));
- assertTrue(gm.hasRight(id1, CourseRights.RIGHT_COURSEEDITOR));
- assertTrue(gm.hasRight(id1, CourseRights.RIGHT_GROUPMANAGEMENT));
- assertFalse(gm.hasRight(id1, CourseRights.RIGHT_ASSESSMENT));
- assertTrue(gm.hasRight(id1, CourseRights.RIGHT_COURSEEDITOR));
- assertTrue(gm.hasRight(id1, CourseRights.RIGHT_COURSEEDITOR));
- assertFalse(gm.hasRight(id2, CourseRights.RIGHT_COURSEEDITOR));
+ assertTrue(gm.hasRight(id1, CourseRights.RIGHT_ARCHIVING, GroupRoles.participant));
+ assertTrue(gm.hasRight(id1, CourseRights.RIGHT_COURSEEDITOR, GroupRoles.participant));
+ assertTrue(gm.hasRight(id1, CourseRights.RIGHT_GROUPMANAGEMENT, GroupRoles.participant));
+ assertFalse(gm.hasRight(id1, CourseRights.RIGHT_ASSESSMENT, GroupRoles.participant));
+ assertTrue(gm.hasRight(id1, CourseRights.RIGHT_COURSEEDITOR, GroupRoles.participant));
+ assertTrue(gm.hasRight(id1, CourseRights.RIGHT_COURSEEDITOR, GroupRoles.participant));
+ assertFalse(gm.hasRight(id2, CourseRights.RIGHT_COURSEEDITOR, GroupRoles.participant));
// test context
DBFactory.getInstance().closeSession();
diff --git a/src/test/java/org/olat/group/test/BGRightManagerTest.java b/src/test/java/org/olat/group/test/BGRightManagerTest.java
index d4a2f1ab19d..5c3cbf97ef4 100644
--- a/src/test/java/org/olat/group/test/BGRightManagerTest.java
+++ b/src/test/java/org/olat/group/test/BGRightManagerTest.java
@@ -129,10 +129,10 @@ public class BGRightManagerTest extends OlatTestCase {
dbInstance.commitAndCloseSession();
//check if the right is set
- boolean right = rightManager.hasBGRight("bgr.has-right", identity, resource.getOlatResource());
+ boolean right = rightManager.hasBGRight("bgr.has-right", identity, resource.getOlatResource(), null);
Assert.assertTrue(right);
//check if a dummy is not set
- boolean notright = rightManager.hasBGRight("bgrblabla", identity, resource.getOlatResource());
+ boolean notright = rightManager.hasBGRight("bgrblabla", identity, resource.getOlatResource(), null);
Assert.assertFalse(notright);
}
@@ -147,10 +147,10 @@ public class BGRightManagerTest extends OlatTestCase {
dbInstance.commitAndCloseSession();
//check if the right is set
- boolean right = rightManager.hasBGRight("bgr.has-right", identity, resource.getOlatResource());
+ boolean right = rightManager.hasBGRight("bgr.has-right", identity, resource.getOlatResource(), null);
Assert.assertTrue(right);
//check if a dummy is not set
- boolean notright = rightManager.hasBGRight("bgrblabla", identity, resource.getOlatResource());
+ boolean notright = rightManager.hasBGRight("bgrblabla", identity, resource.getOlatResource(), null);
Assert.assertFalse(notright);
}
@@ -167,7 +167,7 @@ public class BGRightManagerTest extends OlatTestCase {
//check if the rights are set
List<String> rights = rightManager.findBGRights(group, BGRightsRole.tutor);
Assert.assertEquals(1, rights.size());
- Assert.assertTrue(rightManager.hasBGRight("bgr.right1", identity, resource.getOlatResource()));
+ Assert.assertTrue(rightManager.hasBGRight("bgr.right1", identity, resource.getOlatResource(), null));
}
@Test
@@ -185,7 +185,7 @@ public class BGRightManagerTest extends OlatTestCase {
Assert.assertEquals(1, rights.size());
Assert.assertTrue(rights.contains("bgr.right1"));
//check that a participant cannot have a tutor right
- Assert.assertFalse(rightManager.hasBGRight("bgr.right1", identity, resource.getOlatResource()));
+ Assert.assertFalse(rightManager.hasBGRight("bgr.right1", identity, resource.getOlatResource(), null));
}
@Test
@@ -213,14 +213,14 @@ public class BGRightManagerTest extends OlatTestCase {
Assert.assertEquals("bgr.right2", participantRights.get(0));
//id1 -> right2
- Assert.assertFalse(rightManager.hasBGRight("bgr.right1", identity1, resource.getOlatResource()));
- Assert.assertTrue(rightManager.hasBGRight("bgr.right2", identity1, resource.getOlatResource()));
+ Assert.assertFalse(rightManager.hasBGRight("bgr.right1", identity1, resource.getOlatResource(), null));
+ Assert.assertTrue(rightManager.hasBGRight("bgr.right2", identity1, resource.getOlatResource(), null));
//id2 -> right1 and right2
- Assert.assertTrue(rightManager.hasBGRight("bgr.right1", identity2, resource.getOlatResource()));
- Assert.assertTrue(rightManager.hasBGRight("bgr.right2", identity2, resource.getOlatResource()));
+ Assert.assertTrue(rightManager.hasBGRight("bgr.right1", identity2, resource.getOlatResource(), null));
+ Assert.assertTrue(rightManager.hasBGRight("bgr.right2", identity2, resource.getOlatResource(), null));
//id3 -> right2
- Assert.assertTrue(rightManager.hasBGRight("bgr.right1", identity3, resource.getOlatResource()));
- Assert.assertFalse(rightManager.hasBGRight("bgr.right2", identity3, resource.getOlatResource()));
+ Assert.assertTrue(rightManager.hasBGRight("bgr.right1", identity3, resource.getOlatResource(), null));
+ Assert.assertFalse(rightManager.hasBGRight("bgr.right2", identity3, resource.getOlatResource(), null));
}
@Test
@@ -276,8 +276,8 @@ public class BGRightManagerTest extends OlatTestCase {
//check if the rights are set
List<String> rights = rightManager.findBGRights(group, BGRightsRole.participant);
Assert.assertEquals(2, rights.size());
- Assert.assertTrue(rightManager.hasBGRight("bgr.removeright1", identity, resource.getOlatResource()));
- Assert.assertTrue(rightManager.hasBGRight("bgr.removeright2", identity, resource.getOlatResource()));
+ Assert.assertTrue(rightManager.hasBGRight("bgr.removeright1", identity, resource.getOlatResource(), null));
+ Assert.assertTrue(rightManager.hasBGRight("bgr.removeright2", identity, resource.getOlatResource(), null));
//remove right 1
rightManager.removeBGRight("bgr.removeright1", group.getBaseGroup(), resource.getOlatResource(), BGRightsRole.participant);
@@ -287,8 +287,8 @@ public class BGRightManagerTest extends OlatTestCase {
List<String> rightsAfterDelete = rightManager.findBGRights(group, BGRightsRole.participant);
Assert.assertEquals(1, rightsAfterDelete.size());
Assert.assertTrue(rightsAfterDelete.contains("bgr.removeright2"));
- Assert.assertFalse(rightManager.hasBGRight("bgr.removeright1", identity, resource.getOlatResource()));
- Assert.assertTrue(rightManager.hasBGRight("bgr.removeright2", identity, resource.getOlatResource()));
+ Assert.assertFalse(rightManager.hasBGRight("bgr.removeright1", identity, resource.getOlatResource(), null));
+ Assert.assertTrue(rightManager.hasBGRight("bgr.removeright2", identity, resource.getOlatResource(), null));
}
@Test
@@ -312,8 +312,8 @@ public class BGRightManagerTest extends OlatTestCase {
//check if the rights are set
List<String> rights = rightManager.findBGRights(group, BGRightsRole.participant);
Assert.assertEquals(2, rights.size());
- Assert.assertFalse(rightManager.hasBGRight("bgr.removeright1", participant, resource1.getOlatResource()));
- Assert.assertTrue(rightManager.hasBGRight("bgr.removeright2", participant, resource1.getOlatResource()));
+ Assert.assertFalse(rightManager.hasBGRight("bgr.removeright1", participant, resource1.getOlatResource(), null));
+ Assert.assertTrue(rightManager.hasBGRight("bgr.removeright2", participant, resource1.getOlatResource(), null));
//remove tutor right 1
rightManager.removeBGRight("bgr.removeright1", group.getBaseGroup(), resource1.getOlatResource(), BGRightsRole.tutor);
@@ -359,8 +359,8 @@ public class BGRightManagerTest extends OlatTestCase {
//check if the rights are set
List<String> rights = rightManager.findBGRights(group, BGRightsRole.participant);
Assert.assertEquals(2, rights.size());
- Assert.assertFalse(rightManager.hasBGRight("bgr.removeright1", participant, resource1.getOlatResource()));
- Assert.assertTrue(rightManager.hasBGRight("bgr.removeright2", participant, resource1.getOlatResource()));
+ Assert.assertFalse(rightManager.hasBGRight("bgr.removeright1", participant, resource1.getOlatResource(), null));
+ Assert.assertTrue(rightManager.hasBGRight("bgr.removeright2", participant, resource1.getOlatResource(), null));
//remove tutor right 1
rightManager.removeBGRights(group, resource1.getOlatResource(), BGRightsRole.tutor);
@@ -462,13 +462,13 @@ public class BGRightManagerTest extends OlatTestCase {
Assert.assertEquals(2, grants.size()); // read, parti, archiving, courseeditor
DBFactory.getInstance().closeSession(); // simulate user clicks
- assertFalse(rightManager.hasBGRight(CourseRights.RIGHT_ARCHIVING, id1, c2.getOlatResource()));
- assertTrue(rightManager.hasBGRight(CourseRights.RIGHT_ARCHIVING, id1, c1.getOlatResource()));
- assertTrue(rightManager.hasBGRight(CourseRights.RIGHT_ARCHIVING, id2, c1.getOlatResource()));
- assertFalse(rightManager.hasBGRight(CourseRights.RIGHT_GROUPMANAGEMENT, id2, c1.getOlatResource()));
- assertFalse(rightManager.hasBGRight(CourseRights.RIGHT_ARCHIVING, id3, c2.getOlatResource()));
- assertTrue(rightManager.hasBGRight(CourseRights.RIGHT_COURSEEDITOR, id3, c2.getOlatResource()));
- assertFalse(rightManager.hasBGRight(CourseRights.RIGHT_COURSEEDITOR, id3, c1.getOlatResource()));
+ assertFalse(rightManager.hasBGRight(CourseRights.RIGHT_ARCHIVING, id1, c2.getOlatResource(), null));
+ assertTrue(rightManager.hasBGRight(CourseRights.RIGHT_ARCHIVING, id1, c1.getOlatResource(), null));
+ assertTrue(rightManager.hasBGRight(CourseRights.RIGHT_ARCHIVING, id2, c1.getOlatResource(), null));
+ assertFalse(rightManager.hasBGRight(CourseRights.RIGHT_GROUPMANAGEMENT, id2, c1.getOlatResource(), null));
+ assertFalse(rightManager.hasBGRight(CourseRights.RIGHT_ARCHIVING, id3, c2.getOlatResource(), null));
+ assertTrue(rightManager.hasBGRight(CourseRights.RIGHT_COURSEEDITOR, id3, c2.getOlatResource(), null));
+ assertFalse(rightManager.hasBGRight(CourseRights.RIGHT_COURSEEDITOR, id3, c1.getOlatResource(), null));
Assert.assertEquals(2, rightManager.findBGRights(g1, BGRightsRole.participant).size());
Assert.assertEquals(1, rightManager.findBGRights(g2, BGRightsRole.participant).size());
@@ -480,9 +480,9 @@ public class BGRightManagerTest extends OlatTestCase {
rightManager.removeBGRight(CourseRights.RIGHT_COURSEEDITOR, g3.getBaseGroup(), c2.getOlatResource(), BGRightsRole.participant);
DBFactory.getInstance().closeSession(); // simulate user clicks
- assertFalse(rightManager.hasBGRight(CourseRights.RIGHT_ARCHIVING, id1, c1.getOlatResource()));
- assertFalse(rightManager.hasBGRight(CourseRights.RIGHT_ARCHIVING, id2, c1.getOlatResource()));
- assertFalse(rightManager.hasBGRight(CourseRights.RIGHT_COURSEEDITOR, id3, c2.getOlatResource()));
+ assertFalse(rightManager.hasBGRight(CourseRights.RIGHT_ARCHIVING, id1, c1.getOlatResource(), null));
+ assertFalse(rightManager.hasBGRight(CourseRights.RIGHT_ARCHIVING, id2, c1.getOlatResource(), null));
+ assertFalse(rightManager.hasBGRight(CourseRights.RIGHT_COURSEEDITOR, id3, c2.getOlatResource(), null));
Assert.assertEquals(0, rightManager.findBGRights(g1, BGRightsRole.participant).size());
Assert.assertEquals(0, rightManager.findBGRights(g2, BGRightsRole.participant).size());
--
GitLab