Skip to content
Snippets Groups Projects
Select Git revision
  • 14.0
  • 14.0-__main__-sbi
  • 15.0
  • 18.0
  • 17.0
  • 16.0
  • 16.0-__main__-sbi
  • 12.0-suds
  • 12.0 default protected
  • 13.0
  • renovate/configure
  • 9.0
  • 10.0
  • 7.0
  • 8.0
  • 11.0
  • 9.0-ocabot-merge-pr-1088-by-pedrobaeza-bump-nobump
  • 8.0-ocabot-merge-pr-831-by-pedrobaeza-bump-nobump
  • 12.0-old
  • 11.0-ocabot-merge-pr-882-by-pedrobaeza-bump-nobump
  • 17.0_2025-03-14
  • 16.0_2025-03-14
  • 16.0_2025-02-14
  • 17.0_2025-02-14
  • 15.0_2025-02-14
  • 15.0_2025-03-14
  • 14.0_2025-02-14
  • 14.0_2025-03-14
  • 16.0_2025-01-14
  • 17.0_2025-01-14
  • 14.0_2025-01-14
  • 16.0_2024-12-14
  • 17.0_2024-12-14
  • 15.0_2024-12-14
  • 15.0_2025-01-14
  • 15.0_2024-11-14
  • 16.0_2024-11-14
  • 17.0_2024-11-14
  • 16.0_2024-11-05
  • 16.0_2024-10-14
40 results
Blame Permalink
  • David Beguin's avatar
    5798ca28
    [IMP] website_slides : improve get slide access computation · 5798ca28
    David Beguin authored 
    As slides are returned in sudo to the template, the user rights were
checked via a can_access variable set in the template directly.
In order to disable the vote for user that cannot get access to the course
all the checks are now done in backend (also to avoid to get access to slides
in sudo mode with rpc calls). We add now, for each slide on the course view,
the access and vote rights to the template : can_access and can_vote.
Those two are computed in backend, using the user's access right instead of admin's.
But, as if the user is not member of the channel, he cannot get access to the
course slides (expect for Free Peview ones), so the check on can_vote
will crash. This is why we check the access rights before checking can_vote,
for each slides (as free preview slides are still accessible,
even if the user is not in channel members).

The vote widget is disabled if user's can_access or can_vote = False, enabled otherwise.
If user have access but have not enough karma, the controller will handle this
case and return an error to the user telling him he has not enough karma to vote.
If user can vote but cannot access, the controller will handle this
case and return an error to the user telling him he has no access to the lesson.

Task ID: 1943788
PR #31321
    5798ca28
    History
    [IMP] website_slides : improve get slide access computation
    David Beguin authored 
    As slides are returned in sudo to the template, the user rights were
checked via a can_access variable set in the template directly.
In order to disable the vote for user that cannot get access to the course
all the checks are now done in backend (also to avoid to get access to slides
in sudo mode with rpc calls). We add now, for each slide on the course view,
the access and vote rights to the template : can_access and can_vote.
Those two are computed in backend, using the user's access right instead of admin's.
But, as if the user is not member of the channel, he cannot get access to the
course slides (expect for Free Peview ones), so the check on can_vote
will crash. This is why we check the access rights before checking can_vote,
for each slides (as free preview slides are still accessible,
even if the user is not in channel members).

The vote widget is disabled if user's can_access or can_vote = False, enabled otherwise.
If user have access but have not enough karma, the controller will handle this
case and return an error to the user telling him he has not enough karma to vote.
If user can vote but cannot access, the controller will handle this
case and return an error to the user telling him he has no access to the lesson.

Task ID: 1943788
PR #31321
website_slides_templates_lesson.xml 25.62 KiB