Sunday, September 3, 2017¶
Custom permissions for the detail action (continued)¶
This change was needed because
lino.core.actors.Actor._collect_actions() now attaches also the
library actions, which caused the label property of the actors of
these to be read already during startup for these actions as
well. This caused a problem for actors with a dynamic label because
they do a database lookup (e.g.
passant I converted the
index.rst file of that demo project to
The label of the actor). Oh yes, this is historically grown and
poorly documented code.
Another question was: Can teachers (in Lino Avanti) confirm an enrolment? This is what changed with the new feature, and it made the Avanti test suite fail. Laura should not have permission to confirm that enrolment because the author is another user (nathalie) and Laura is just a teacher.
>>> from lino import startup >>> startup('lino_book.projects.adg.settings.demo') >>> from lino.api.doctest import * >>> ar = rt.login('laura') >>> user_type = ar.get_user().user_type >>> user_type <users.UserTypes.teacher:100> >>> user_type.role ... <lino_avanti.lib.avanti.user_types.Teacher object at ...>
>>> obj = rt.models.courses.Enrolment.objects.get(pk=9) >>> obj.user User #5 ('nathalie')
>>> obj.wf1.get_row_permission(ar) True
>>> ba = obj.wf1.bound_action >>> ba.actor.get_row_state(obj) <EnrolmentStates.requested:10>
>>> ba.actor lino_xl.lib.courses.desktop.Enrolments
>>> ba.actor.get_row_permission(obj, ar, obj.state, ba) True
>>> obj.get_row_permission(ar, obj.state, ba) True
>>> obj.manager_roles_required set([<class 'lino.core.roles.SiteUser'>])
Okay now I see. It’s because I added the
SiteUser role to the
Teacher user type. And that was
correct: teachers are site users.
manager_roles_required attribute on Enrolment is not
SiteStaff but :class:`SiteUser. It is defined as:
manager_roles_required = dd.login_required()
So it is “normal” that every site user can edit the state of
enrolments made by other users. It was rather a bug that in Avanti
this was not allowed because
Teacher (by mistake) was lacking