diff --git a/src/ClientServer/Controllers/ControllerWithDb.cs b/src/ClientServer/Controllers/ControllerWithDb.cs
index 62485b9d8e59208a3f68110319465d39ab2314c1..0fdf20f28101b68b33f6a282abb6b54a4e1474f1 100644
--- a/src/ClientServer/Controllers/ControllerWithDb.cs
+++ b/src/ClientServer/Controllers/ControllerWithDb.cs
@@ -130,7 +130,7 @@ namespace ClientServer.Controllers
/// <param name="onSessionEmptyAction">action when the user id was not found on the session, else null -> login action</param>
/// <param name="onDbResultEmptyAction">action when the db result was empty</param>
/// <returns></returns>
- public bool HasSystemPermission(Func<SystemRole, bool> checkPermissionFunc, Action onDbResultEmptyAction = null,
+ public async Task<bool> HasSystemPermission(Func<SystemRole, bool> checkPermissionFunc, Action onDbResultEmptyAction = null,
Action onSessionEmptyAction = null)
{
//int? userId = HttpContext.Session.GetInt32(Constants.SessionUserIdKey);
@@ -147,11 +147,11 @@ namespace ClientServer.Controllers
}
//check if user has permission
- User user = _context.Users
+ User user = await _context.Users
.Where(p => p.Id == userId)
.Include(p => p.SystemRole)
.Include(p => p.SystemRole.SystemRolePermission)
- .FirstOrDefault();
+ .FirstOrDefaultAsync();
if (user == null)
{
diff --git a/src/ClientServer/Controllers/Core/AssessmentStatisticsController.cs b/src/ClientServer/Controllers/Core/AssessmentStatisticsController.cs
index 1863f3999b863f099e950963c2cc3e5fa7ac49b9..3e3a15f0dc87b1546b55b0f18f944a8831214fe3 100644
--- a/src/ClientServer/Controllers/Core/AssessmentStatisticsController.cs
+++ b/src/ClientServer/Controllers/Core/AssessmentStatisticsController.cs
@@ -25,6 +25,14 @@ namespace ClientServer.Controllers.Core
}
+ /// <summary>
+ ///
+ ///
+ /// PERMISSION needs to be checked for every group (where the exercise is connected) individually)
+ /// </summary>
+ /// <param name="userId"></param>
+ /// <param name="pagination"></param>
+ /// <returns></returns>
[HttpPost("all/{userId}")]
public async Task GetAssessmentStatistics(int userId, [FromBody] PaginationPostData pagination)
{
diff --git a/src/ClientServer/Controllers/Core/Exercises/PLangController.cs b/src/ClientServer/Controllers/Core/Exercises/PLangController.cs
index 56c2fe647b838e286e5e5b4575f67e16aed63456..d0581d294094d4ff6abbef68179a4f5606686d30 100644
--- a/src/ClientServer/Controllers/Core/Exercises/PLangController.cs
+++ b/src/ClientServer/Controllers/Core/Exercises/PLangController.cs
@@ -27,7 +27,7 @@ namespace ClientServer.Controllers.Core.Exercises
//user needs permission
- if (base.HasSystemPermission(role => role != null && role.SystemRolePermission.CanChangeSystemSettings) ==
+ if (await HasSystemPermission(role => role != null && role.SystemRolePermission.CanChangeSystemSettings) ==
false)
{
await
diff --git a/src/ClientServer/Controllers/Core/Exercises/ReleaseController.cs b/src/ClientServer/Controllers/Core/Exercises/ReleaseController.cs
index 1bf2cfa1d103038658e822baef9d3a53b5ba9c12..65d3ba4d42745fe2f0c89e613e3f221caba359d1 100644
--- a/src/ClientServer/Controllers/Core/Exercises/ReleaseController.cs
+++ b/src/ClientServer/Controllers/Core/Exercises/ReleaseController.cs
@@ -696,14 +696,6 @@ namespace ClientServer.Controllers.Core.Exercises
int userId = GetUserId();
-
- if (releaseId <= 0)
- {
- await
- Response.WriteAsync(
- Jc.Serialize(new BasicResponse(ResponseCode.InvalidRequest, "invalid release id")));
- return;
- }
//the user group that manages the exercise
var targetUserGroup =
diff --git a/src/ClientServer/Controllers/Core/Exercises/SubmissionController.cs b/src/ClientServer/Controllers/Core/Exercises/SubmissionController.cs
index 9dd5198d9bea85d063b8b53f8983238e8e095ae5..a46c28dac79da7c0125f2325aa14da7afb1e9609 100644
--- a/src/ClientServer/Controllers/Core/Exercises/SubmissionController.cs
+++ b/src/ClientServer/Controllers/Core/Exercises/SubmissionController.cs
@@ -71,6 +71,28 @@ namespace ClientServer.Controllers.Core.Exercises
.FirstOrDefaultAsync(p => p.Id == releaseId)
;
+ if (release == null)
+ {
+ await
+ Response.WriteAsync(
+ Jc.Serialize(new BasicResponse(ResponseCode.NotFound, "release not found")));
+ return;
+ }
+
+ //the user group that manages the exercise
+ var targetUserGroup =
+ await _context.ExerciseReleases.Where(p => p.Id == release.Id)
+ .Select(p => p.Exercise.UserGroupId)
+ .FirstOrDefaultAsync();
+
+ if (!await base.HasGroupPermission(targetUserGroup,
+ permission => permission != null && permission.CanAssessExercises))
+ {
+ await
+ Response.WriteAsync(
+ Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
+ return;
+ }
bool shouldGetPreAssessmentResults = false;
@@ -121,31 +143,6 @@ namespace ClientServer.Controllers.Core.Exercises
}
- if (release == null)
- {
- await
- Response.WriteAsync(
- Jc.Serialize(new BasicResponse(ResponseCode.NotFound, "release not found")));
- return;
- }
-
-
- //the user group that manages the exercise
- var targetUserGroup =
- await _context.ExerciseReleases.Where(p => p.Id == release.Id)
- .Select(p => p.Exercise.UserGroupId)
- .FirstOrDefaultAsync();
-
- if (!await base.HasGroupPermission(targetUserGroup,
- permission => permission != null && permission.CanAssessExercises))
- {
- await
- Response.WriteAsync(
- Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
- return;
- }
-
-
PaginatedData<AssessmentFullBase> assessments;
if (shouldGetPreAssessmentResults)
@@ -181,6 +178,41 @@ namespace ClientServer.Controllers.Core.Exercises
// because we use a link we don't get and need the csrf token...
if (!await base.IsLoggedIn(null, false, true)) return;
+ var release = await _context.ExerciseReleases
+ .Include(p => p.Exercise)
+ .Include(p => p.ExerciseReleaseWithUserAsParticipations)
+ .ThenInclude(p => p.User)
+ .Include(p => p.ExerciseReleaseWithUserAsParticipations)
+ .ThenInclude(p => p.Solutions)
+ .ThenInclude(p => p.Assessment)
+ .FirstOrDefaultAsync(p => p.GeneratedCode == releaseCode)
+ ;
+
+
+ if (release == null)
+ {
+ await
+ Response.WriteAsync(
+ Jc.Serialize(new BasicResponse(ResponseCode.NotFound, "release not found")));
+ return;
+ }
+
+ //the user group that manages the exercise
+ var targetUserGroup =
+ await _context.ExerciseReleases.Where(p => p.Id == release.Id)
+ .Select(p => p.Exercise.UserGroupId)
+ .FirstOrDefaultAsync();
+
+ if (!await base.HasGroupPermission(targetUserGroup,
+ permission => permission != null && permission.CanAssessExercises))
+ {
+ await
+ Response.WriteAsync(
+ Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
+ return;
+ }
+
+
if (csvDelimiter.Trim() == "") {
await
Response.WriteAsync(
@@ -548,26 +580,6 @@ namespace ClientServer.Controllers.Core.Exercises
}
- var release = await _context.ExerciseReleases
- .Include(p => p.Exercise)
- .Include(p => p.ExerciseReleaseWithUserAsParticipations)
- .ThenInclude(p => p.User)
- .Include(p => p.ExerciseReleaseWithUserAsParticipations)
- .ThenInclude(p => p.Solutions)
- .ThenInclude(p => p.Assessment)
- .FirstOrDefaultAsync(p => p.GeneratedCode == releaseCode)
- ;
-
-
- if (release == null)
- {
- await
- Response.WriteAsync(
- Jc.Serialize(new BasicResponse(ResponseCode.NotFound, "release not found")));
- return;
- }
-
-
var pLangs = await _context.PLangs
.ToListAsync();
@@ -579,21 +591,6 @@ namespace ClientServer.Controllers.Core.Exercises
return;
}
- //the user group that manages the exercise
- var targetUserGroup =
- await _context.ExerciseReleases.Where(p => p.Id == release.Id)
- .Select(p => p.Exercise.UserGroupId)
- .FirstOrDefaultAsync();
-
- if (!await base.HasGroupPermission(targetUserGroup,
- permission => permission != null && permission.CanAssessExercises))
- {
- await
- Response.WriteAsync(
- Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
- return;
- }
-
//get all
var paginationData = new PaginationPostData()
diff --git a/src/ClientServer/Controllers/Core/Exercises/TagsController.cs b/src/ClientServer/Controllers/Core/Exercises/TagsController.cs
index 90a7ab41d92e5cb8083f71c3f35afe19fff294f3..44586ac79076ec143eb60031a118fd9732013c3a 100644
--- a/src/ClientServer/Controllers/Core/Exercises/TagsController.cs
+++ b/src/ClientServer/Controllers/Core/Exercises/TagsController.cs
@@ -63,7 +63,7 @@ namespace ClientServer.Controllers.Core.Exercises
{
if (!await base.IsLoggedIn()) return;
- if (base.HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
+ if (await HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
{
await
Response.WriteAsync(Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
@@ -136,7 +136,7 @@ namespace ClientServer.Controllers.Core.Exercises
{
if (!await base.IsLoggedIn()) return;
- if (base.HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
+ if (await HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
{
await
Response.WriteAsync(Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
@@ -214,7 +214,7 @@ namespace ClientServer.Controllers.Core.Exercises
{
if (!await base.IsLoggedIn()) return;
- if (base.HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
+ if (await base.HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
{
await
Response.WriteAsync(Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
@@ -327,7 +327,7 @@ namespace ClientServer.Controllers.Core.Exercises
{
if (!await base.IsLoggedIn()) return;
- if (base.HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
+ if (await HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
{
await
Response.WriteAsync(Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
diff --git a/src/ClientServer/Controllers/Core/Exercises/TutorViewAssessmentController.cs b/src/ClientServer/Controllers/Core/Exercises/TutorViewAssessmentController.cs
index a0ecd8c80faf39fa6aa1739ee2a7accc6a3bee1b..777b409f2ed7dfc2ba5aecb544c5bc2ee43fc64d 100644
--- a/src/ClientServer/Controllers/Core/Exercises/TutorViewAssessmentController.cs
+++ b/src/ClientServer/Controllers/Core/Exercises/TutorViewAssessmentController.cs
@@ -455,6 +455,8 @@ namespace ClientServer.Controllers.Core.Exercises
public async Task GetAssessment(int exerciseReleaseId, int userId, int pLangId)
{
if (!await base.IsLoggedIn()) return;
+
+ if (!await HasPermission(exerciseReleaseId)) return;
//get all automatic assessments for this release
var release = await _context.ExerciseReleases
@@ -472,21 +474,6 @@ namespace ClientServer.Controllers.Core.Exercises
return;
}
- //the user group that manages the exercise
- var targetUserGroup =
- await _context.ExerciseReleases.Where(p => p.Id == release.Id)
- .Select(p => p.Exercise.UserGroupId)
- .FirstOrDefaultAsync();
-
- if (!await base.HasGroupPermission(targetUserGroup,
- permission => permission != null && permission.CanAssessExercises))
- {
- await
- Response.WriteAsync(
- Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
- return;
- }
-
var userReleaseParticipation = await _context.ExerciseReleaseWithUserAsParticipations.Where(p =>
p.ExerciseReleaseId == exerciseReleaseId
&& p.UserId == userId
@@ -547,6 +534,8 @@ namespace ClientServer.Controllers.Core.Exercises
{
if (!await base.IsLoggedIn()) return;
+
+
//get all automatic assessments for this release
var release = await _context.ExerciseReleases
.Include(p => p.Exercise)
@@ -579,20 +568,7 @@ namespace ClientServer.Controllers.Core.Exercises
return;
}
- //the user group that manages the exercise
- var targetUserGroup =
- await _context.ExerciseReleases.Where(p => p.Id == release.Id)
- .Select(p => p.Exercise.UserGroupId)
- .FirstOrDefaultAsync();
-
- if (!await base.HasGroupPermission(targetUserGroup,
- permission => permission != null && permission.CanAssessExercises))
- {
- await
- Response.WriteAsync(
- Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
- return;
- }
+ if (!await HasPermission(release.Id)) return;
var userReleaseParticipation = await _context.ExerciseReleaseWithUserAsParticipations.Where(p =>
p.ExerciseReleaseId == assessmentFullBase.ExerciseReleaseId
@@ -652,7 +628,6 @@ namespace ClientServer.Controllers.Core.Exercises
await
Response.WriteAsync(
Jc.Serialize(new BasicResponse(ResponseCode.Ok, "")));
- return;
}
}
}
diff --git a/src/ClientServer/Controllers/Core/Misc/LangController.cs b/src/ClientServer/Controllers/Core/Misc/LangController.cs
index 45e840ba769ef99a866ef873e9244f0edc5c72b7..6760c59e209df6bffdea7d33837b49a5fb203b28 100644
--- a/src/ClientServer/Controllers/Core/Misc/LangController.cs
+++ b/src/ClientServer/Controllers/Core/Misc/LangController.cs
@@ -30,7 +30,7 @@ namespace ClientServer.Controllers.Core.Exercises
//user needs permission
- if (base.HasSystemPermission(role => role != null && role.SystemRolePermission.CanChangeSystemSettings) ==
+ if (await HasSystemPermission(role => role != null && role.SystemRolePermission.CanChangeSystemSettings) ==
false)
{
await
diff --git a/src/ClientServer/Controllers/Core/SystemSettingsController.cs b/src/ClientServer/Controllers/Core/SystemSettingsController.cs
index 45c30477dcaeb0c79bc8488e49787b638c8dc7f2..4eb45f9ec1aafc0c15b697402fc2b882c790c3b6 100644
--- a/src/ClientServer/Controllers/Core/SystemSettingsController.cs
+++ b/src/ClientServer/Controllers/Core/SystemSettingsController.cs
@@ -104,7 +104,7 @@ namespace ClientServer.Controllers.Core
{
if (!await base.IsLoggedIn()) return;
- if (base.HasSystemPermission(role =>
+ if (await HasSystemPermission(role =>
role != null && role.SystemRolePermission.CanChangeSystemSettings) == false)
{
await
@@ -134,7 +134,7 @@ namespace ClientServer.Controllers.Core
{
if (!await base.IsLoggedIn()) return;
- if (base.HasSystemPermission(role =>
+ if (await HasSystemPermission(role =>
role != null && role.SystemRolePermission.CanChangeSystemSettings) == false)
{
await
@@ -170,6 +170,15 @@ namespace ClientServer.Controllers.Core
{
if (!await base.IsLoggedIn()) return;
+ //this already checks if the user exists
+ if (await HasSystemPermission(role =>
+ role != null && role.SystemRolePermission.CanChangeSystemSettings) == false)
+ {
+ await
+ Response.WriteAsync(
+ Jc.Serialize(new BasicResponse(ResponseCode.NotFound, "no permission")));
+ return;
+ }
var settingsFromBackend = new SystemSettingsFromBackend()
{
@@ -242,7 +251,7 @@ namespace ClientServer.Controllers.Core
var userId = base.GetUserId();
//this already checks if the user exists
- if (base.HasSystemPermission(role =>
+ if (await HasSystemPermission(role =>
role != null && role.SystemRolePermission.CanChangeSystemSettings) == false)
{
await
diff --git a/src/ClientServer/Controllers/Core/Users/GroupController.cs b/src/ClientServer/Controllers/Core/Users/GroupController.cs
index 3c7d1b2fa383b0c1409a97092820249cd437aeba..4db167eb32b3d5703d3455368e638120407d4a25 100644
--- a/src/ClientServer/Controllers/Core/Users/GroupController.cs
+++ b/src/ClientServer/Controllers/Core/Users/GroupController.cs
@@ -33,7 +33,7 @@ namespace ClientServer.Controllers.Core.Users
int userId = GetUserId();
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanCreateGroups))
{
await
@@ -170,7 +170,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanDeleteGroups))
{
await
@@ -731,7 +731,7 @@ namespace ClientServer.Controllers.Core.Users
/// <param name="userId">the user who wants to leave</param>
/// <param name="userGroupRoleId">the current role of the user in the group</param>
/// <returns>null: system settings not found (no creator role), true: user can leave, false: cannot leave</returns>
- public async Task<bool?> HasGroupAtLeastOnCreator(int groupId, int userId, int userGroupRoleId)
+ private async Task<bool?> HasGroupAtLeastOnCreator(int groupId, int userId, int userGroupRoleId)
{
SystemSetting systemSetting = await _context.SystemSettings
.Include(p => p.DefaultGroupRole)
diff --git a/src/ClientServer/Controllers/Core/Users/GroupRolesController.cs b/src/ClientServer/Controllers/Core/Users/GroupRolesController.cs
index 4ed84ab6c944943f334496322595d2052cc44571..504098d788f9f0e94cf26bcee4afdd359238d178 100644
--- a/src/ClientServer/Controllers/Core/Users/GroupRolesController.cs
+++ b/src/ClientServer/Controllers/Core/Users/GroupRolesController.cs
@@ -30,7 +30,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null &&
(
permission.SystemRolePermission.CanCreateRoles
@@ -172,7 +172,7 @@ namespace ClientServer.Controllers.Core.Users
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanCreateRoles))
{
await
@@ -248,7 +248,7 @@ namespace ClientServer.Controllers.Core.Users
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanChangeRoles))
{
await
@@ -328,7 +328,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanDeleteRoles))
{
await
diff --git a/src/ClientServer/Controllers/Core/Users/SystemRolesController.cs b/src/ClientServer/Controllers/Core/Users/SystemRolesController.cs
index cf9eac18f1fc0aa0421dd759fa7dfb6db54e5c41..325479b0a161a4cb699da3cf436284820d22e7fb 100644
--- a/src/ClientServer/Controllers/Core/Users/SystemRolesController.cs
+++ b/src/ClientServer/Controllers/Core/Users/SystemRolesController.cs
@@ -31,7 +31,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null &&
(permission.SystemRolePermission.CanManageNewUsers
|| permission.SystemRolePermission.CanCreateRoles
@@ -89,7 +89,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null &&
(permission.SystemRolePermission.CanManageNewUsers
|| permission.SystemRolePermission.CanCreateRoles
@@ -123,7 +123,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanCreateRoles))
{
await
@@ -202,7 +202,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanChangeRoles))
{
await
@@ -298,7 +298,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanDeleteRoles))
{
await
diff --git a/src/ClientServer/Controllers/Core/Users/UsersController.cs b/src/ClientServer/Controllers/Core/Users/UsersController.cs
index b768c52eb8982480d399cd0e9b2e09b1b1f159ec..04ab0e5b2a9d5de8f851303e6d5ad379cfff8174 100644
--- a/src/ClientServer/Controllers/Core/Users/UsersController.cs
+++ b/src/ClientServer/Controllers/Core/Users/UsersController.cs
@@ -165,7 +165,7 @@ namespace ClientServer.Controllers.Core.Users
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
(permission) => permission != null && permission.SystemRolePermission.CanChangeUserData))
{
await
@@ -240,7 +240,7 @@ namespace ClientServer.Controllers.Core.Users
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
(permission) => permission != null && permission.SystemRolePermission.CanChangeUserData))
{
await
@@ -399,7 +399,7 @@ namespace ClientServer.Controllers.Core.Users
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
(permission) => permission != null && permission.SystemRolePermission.CanManageNewUsers))
{
await
@@ -505,7 +505,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanManageNewUsers))
//TODo or use permission can delete users??
{
@@ -550,7 +550,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanManageNewUsers))
{
await
@@ -577,7 +577,7 @@ namespace ClientServer.Controllers.Core.Users
{
//check if the creating user is allowed to set the role...
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission =>
permission != null && permission.SystemRolePermission.CanChangeOtherUsersSystemRole))
{
@@ -635,7 +635,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
(permission) => permission != null
&& (permission.SystemRolePermission.CanChangeOtherUsersSystemRole
|| permission.SystemRolePermission.CanDeleteActivatedUsers
@@ -748,7 +748,7 @@ namespace ClientServer.Controllers.Core.Users
int ownId = GetUserId();
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanDeleteActivatedUsers))
{
await
@@ -817,7 +817,7 @@ namespace ClientServer.Controllers.Core.Users
int userId = GetUserId();
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanChangeOtherUsersSystemRole))
{
await
diff --git a/src/ClientServer/Controllers/dashboard/DashboardController.cs b/src/ClientServer/Controllers/dashboard/DashboardController.cs
index f2fac83896023c2cb59de9b21f23b46b7e6cb655..94635e275610d142d162f17f128ab68418dfb9f5 100644
--- a/src/ClientServer/Controllers/dashboard/DashboardController.cs
+++ b/src/ClientServer/Controllers/dashboard/DashboardController.cs
@@ -42,7 +42,7 @@ namespace ClientServer.Controllers
{
if (!await base.IsLoggedIn()) return;
- if (!base.HasSystemPermission(role =>
+ if (!await HasSystemPermission(role =>
role != null && role.SystemRolePermission != null && role.SystemRolePermission.CanViewDashboard))
{
await
@@ -127,7 +127,7 @@ namespace ClientServer.Controllers
{
if (!await base.IsLoggedIn()) return;
- if (!base.HasSystemPermission(role =>
+ if (!await HasSystemPermission(role =>
role != null && role.SystemRolePermission != null && role.SystemRolePermission.CanViewDashboard))
{
await
@@ -160,7 +160,7 @@ namespace ClientServer.Controllers
{
if (!await base.IsLoggedIn()) return;
- if (!base.HasSystemPermission(role =>
+ if (!await HasSystemPermission(role =>
role != null && role.SystemRolePermission != null && role.SystemRolePermission.CanViewDashboard))
{
await
@@ -203,7 +203,7 @@ namespace ClientServer.Controllers
{
if (!await base.IsLoggedIn()) return;
- if (!base.HasSystemPermission(role =>
+ if (!await HasSystemPermission(role =>
role != null && role.SystemRolePermission != null && role.SystemRolePermission.CanViewDashboard))
{
await
@@ -240,7 +240,7 @@ namespace ClientServer.Controllers
{
if (!await base.IsLoggedIn()) return;
- if (!base.HasSystemPermission(role =>
+ if (!await HasSystemPermission(role =>
role != null && role.SystemRolePermission != null && role.SystemRolePermission.CanViewDashboard))
{
await Response.WriteAsync(
@@ -298,7 +298,7 @@ namespace ClientServer.Controllers
{
if (!await base.IsLoggedIn()) return;
- if (!base.HasSystemPermission(role =>
+ if (!await HasSystemPermission(role =>
role != null && role.SystemRolePermission != null && role.SystemRolePermission.CanViewDashboard))
{
await
diff --git a/src/ClientServer/Models/Users/SystemRolePermission.cs b/src/ClientServer/Models/Users/SystemRolePermission.cs
index b23795325e1e28f4f2e7816c55d9606a7e591a34..b9df0a6ab2f63e0b0795df9b6f5b20bcdf62aff7 100644
--- a/src/ClientServer/Models/Users/SystemRolePermission.cs
+++ b/src/ClientServer/Models/Users/SystemRolePermission.cs
@@ -40,6 +40,7 @@ namespace ClientServer.Models.Users
/// <summary>
/// true: can change user data (e.g. firstname, lastname...), false: not
+ /// TODO maybe combine CanChangeOtherUsersSystemRole, CanDeleteActivatedUsers, CanChangeUserData to CanManageActivatedUsers/CanManageOldUsers
/// </summary>
public bool CanChangeUserData { get; set; }
@@ -49,11 +50,13 @@ namespace ClientServer.Models.Users
public bool CanManageNewUsers { get; set; }
/// <summary>
/// true: can change the group independent role (system role) of other users, false: not
+ /// TODO maybe combine CanChangeOtherUsersSystemRole, CanDeleteActivatedUsers, CanChangeUserData to CanManageActivatedUsers/CanManageOldUsers
/// </summary>
public bool CanChangeOtherUsersSystemRole { get; set; }
/// <summary>
/// true: can delete activated users, false: not
+ /// TODO maybe combine CanChangeOtherUsersSystemRole, CanDeleteActivatedUsers, CanChangeUserData to CanManageActivatedUsers/CanManageOldUsers
/// </summary>
public bool CanDeleteActivatedUsers { get; set; }