-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unrevealed module model solutions do not give a clear reason for error #1247
Comments
I think this is related to — or a specific instance of — a broader (unreported?) issue: pages that you have no right to access just dump you onto the login screen, and this can happen in a pretty annoying way. For example, let’s say that I’m a random visitor browsing O1’s pages (without being logged in or perhaps even having an account). I’m currently in Chapter 1.6 and using the page-top navigation to move across chapters. I click on Chapter 1.7 to move there → OK. |
Permissions that are constructed with a-plus/exercise/permissions.py Line 77 in 46dba40
Line 120 in 46dba40
a-plus/exercise/permissions.py Lines 20 to 77 in 46dba40
|
Addendum: |
When a permission check fails, the permission's message attribute is used as an error message to the user. However, when permission classes are formed by combining other permission classes with the `OR`, `AND` or `NOT` operators, then the new class does not include the message attribute from the original permissions. This commit detects combined permission classes when the error message is about to be rendered. The message is then taken from the first operand permission. As an example of combined permissions, `ExerciseVisiblePermission` is combined with `OR` from `ExerciseVisiblePermissionBase` and `JWTExerciseReadPermission`. Related to #1247
When a course instance is public (visible without authentication), unauthenticated users used to be able to view chapters that should be hidden based on the course module model solution reveal rule. (This also required that the model solution chapter does not have the audience setting that requires users to authenticate.) This issue is fixed by checking the course module model solution reveal rules in `CachedPoints` even when the user is unauthenticated. In practice, the code only had to be changed so that the module list variable is not set to the empty list when the user is unauthenticated. One function definition also had to be moved out from an if branch. The scenario described in the issue #1247 was effectively already fixed in the previous commit that fixed the permission error messages for permissions that are combined from other permissions with the `OR` operator. This commit focuses on the visibility bug described above. Fixes #1247
When a permission check fails, the permission's message attribute is used as an error message to the user. However, when permission classes are formed by combining other permission classes with the `OR`, `AND` or `NOT` operators, then the new class does not include the message attribute from the original permissions. This commit detects combined permission classes when the error message is about to be rendered. The message is then taken from the first operand permission. As an example of combined permissions, `ExerciseVisiblePermission` is combined with `OR` from `ExerciseVisiblePermissionBase` and `JWTExerciseReadPermission`. Fixes apluslms#1247
When a permission check fails, the permission's message attribute is used as an error message to the user. However, when permission classes are formed by combining other permission classes with the `OR`, `AND` or `NOT` operators, then the new class does not include the message attribute from the original permissions. This commit detects combined permission classes when the error message is about to be rendered. The message is then taken from the first operand permission. As an example of combined permissions, `ExerciseVisiblePermission` is combined with `OR` from `ExerciseVisiblePermissionBase` and `JWTExerciseReadPermission`. Fixes apluslms#1247
When a permission check fails, the permission's message attribute is used as an error message to the user. However, when permission classes are formed by combining other permission classes with the `OR`, `AND` or `NOT` operators, then the new class does not include the message attribute from the original permissions. This commit detects combined permission classes when the error message is about to be rendered. The message is then taken from the first operand permission. As an example of combined permissions, `ExerciseVisiblePermission` is combined with `OR` from `ExerciseVisiblePermissionBase` and `JWTExerciseReadPermission`. Fixes apluslms#1247
When accessing an unrevealed chapter (a model solution chapter whose module hasn't been passed) two things may happen:
The user should be given an explanation in both cases. A login screen should still be shown in the first as the user might have an account but just hasn't logged in.
The text was updated successfully, but these errors were encountered: