Strange policy on editing exercises
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
IVLE |
Fix Released
|
High
|
Matt Giuca |
Bug Description
The policy for who can a) view the list of exercises, and b) add a new exercise (i.e., the exercise actions which aren't related to a specific exercise) have a very weird policy, which is as follows:
"If the user has edit permission on any offering, allow."
Since the policy on the other exercise actions, implemented in database.py under Exercise, is *not* actually exercise specific ("if the user is an admin, or lectures or tutors for any subject, allow"), it should simply be changed to this rule. Add a static method in Exercise to do this.
This won't actually affect any users at the moment (since currently, any lecturer or tutor for any subject also has edit permission on an offering). However this will change as we change the tutor policy.
Related branches
Changed in ivle: | |
status: | Fix Committed → Fix Released |
Fixed in trunk r1536.