Sunday, September 3, 2017¶
Custom permissions for the detail action (continued)¶
We now have a new method lino.core.actions.Action.get_label()
.
This caused also a few code changes in the renderer of ExtJS 6 front end.
This change was needed because
lino.core.actors.Actor._collect_actions()
now attaches also the
library actions, which caused the label property of the actors of
these to be read already during startup for these actions as
well. This caused a problem for actors with a dynamic label because
they do a database lookup (e.g. lino_book.projects.actors
; en
passant I converted the index.rst
file of that demo project to
The label of the actor). Oh yes, this is historically grown and
poorly documented code.
Another question was: Can teachers (in Lino Avanti) confirm an enrolment? This is what changed with the new feature, and it made the Avanti test suite fail. Laura should not have permission to confirm that enrolment because the author is another user (nathalie) and Laura is just a teacher.
>>> from lino import startup
>>> startup('lino_book.projects.adg.settings.demo')
>>> from lino.api.doctest import *
>>> ar = rt.login('laura')
>>> user_type = ar.get_user().user_type
>>> user_type
<users.UserTypes.teacher:100>
>>> user_type.role
...
<lino_avanti.lib.avanti.user_types.Teacher object at ...>
>>> obj = rt.models.courses.Enrolment.objects.get(pk=9)
>>> obj.user
User #5 ('nathalie')
>>> obj.wf1.get_row_permission(ar)
True
>>> ba = obj.wf1.bound_action
>>> ba.actor.get_row_state(obj)
<EnrolmentStates.requested:10>
>>> ba.actor
lino_xl.lib.courses.desktop.Enrolments
>>> ba.actor.get_row_permission(obj, ar, obj.state, ba)
True
>>> obj.get_row_permission(ar, obj.state, ba)
True
>>> obj.manager_roles_required
set([<class 'lino.core.roles.SiteUser'>])
Okay now I see. It’s because I added the SiteUser
role to the Teacher
user type. And that was
correct: teachers are site users.
The manager_roles_required
attribute on Enrolment is not
SiteStaff but :class:`SiteUser
. It is defined as:
manager_roles_required = dd.login_required()
So it is “normal” that every site user can edit the state of
enrolments made by other users. It was rather a bug that in Avanti
this was not allowed because Teacher
(by mistake) was lacking
the SiteUser
role.