Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-40001

getCategoryDefinitions should return the categories that are viewable

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: OPEN
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 11.5 [Tentative], 12.2, 19.0
    • Fix Version/s: None
    • Component/s: edu-services
    • Labels:
      None
    • Test Plan:
      Hide

      Please add a Test Plan here.

      Show
      Please add a Test Plan here.

      Description

      In edu-services the call to getCategoryDefinitions does a permissions check for isUserAbleToViewAssignments. Many places in gradebook it calls this and uses a security advisor to get around this. However all they really want is the categories that a student can view rather than the entire list.

      I think the best thing is just to modify this method to return the viewable list of categories. We could add a separate method but I think this could just be changed to return what you can return.

      +		// get all the categories in the gradebook, use a security advisor in case the current user is the student
      +		SecurityAdvisor gbAdvisor = (String userId, String function, String reference)
      +						-> "gradebook.gradeAll".equals(function) ? SecurityAdvice.ALLOWED : SecurityAdvice.PASS;
      +		securityService.pushAdvisor(gbAdvisor);
      +		List<CategoryDefinition> catDefs = gradebookService.getCategoryDefinitions(getGradebook().getUid());
      +		securityService.popAdvisor(gbAdvisor);
      +
      +		// filter out the categories that don't match the categories of the viewable assignments
      +		return catDefs.stream().filter(def -> catIds.contains(def.getId())).collect(Collectors.toList());
      

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jonespm Matthew Jones
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Git Source Code