Skip to content

Make user and teacher locations actually effective #189

@Schlaumeier5

Description

@Schlaumeier5

The following fields in AccessManager.java:

/**
* User locations that are accessible only to authenticated users.
* These resources require user login for access.
*/
private final String[] USER_LOCATIONS;
/**
* Teacher locations that are accessible only to authenticated teachers.
* These resources require teacher privileges for access.
*/
private final String[] TEACHER_LOCATIONS;

have no current use, use them in AccessManager.hasAccess() similar to ADMIN_LOCATIONS and STUDENT_LOCATIONS:
if (resource.namespace().equals(USER_SPACE) || resource.resource().startsWith("my") && !(user == User.ANONYMOUS)) {
return true;
} else if (resource.namespace().equals(TEACHER_SPACE)) {
return user.isTeacher() || user.isAdmin();
} else if (resource.namespace().equals(ADMIN_SPACE) || Arrays.asList(ADMIN_LOCATIONS).contains(resource.resource())) {
return user.isAdmin();
} else {
return false;
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions