Changeset 3820 for WAeUP_SRP

Timestamp:

16 Dec 2008, 07:43:06 (16 years ago)

Author:

Henrik Bettermann

Message:

improve security setting for lecturer course editing

Location:

WAeUP_SRP/trunk

Files:

• WAeUPImport.py (modified) (7 diffs)
• skins/waeup_default/get_csv_names.py (modified) (1 diff)
• skins/waeup_ois/getStudyLevelInfo.py (modified) (3 diffs)
• skins/waeup_student/lecturer_course_edit.py (modified) (1 diff)

WAeUP_SRP/trunk/WAeUPImport.py

@@ -679 +679 @@
                            'wf_transition_graduate': 'close',
                            'wf_transition_pay_school_fee': 'close',
+                           'wf_transition_validate_courses': 'close',
                            'fields':
                              ('jamb_reg_no',
@@ -707 +708 @@
                            'wf_transition_graduate': 'close',
                            'wf_transition_pay_school_fee': 'close',
+                           'wf_transition_validate_courses': 'close',
                            'fields':
                              ('matric_no',
@@ -721 +723 @@
                            'wf_transition_graduate': 'close',
                            'wf_transition_pay_school_fee': 'open',
+                           'wf_transition_validate_courses': 'open',
                            'fields':
                              ('firstname',
@@ -738 +741 @@
                            'wf_transition_graduate': 'close',
                            'wf_transition_pay_school_fee': 'open',
+                           'wf_transition_validate_courses': 'open',
                            'fields':
                              ('study_course',
@@ -764 +768 @@
                            'wf_transition_graduate': 'close',
                            'wf_transition_pay_school_fee': 'open',
+                           'wf_transition_validate_courses': 'open',
                            'fields':
                              ()
@@ -802 +807 @@
             d = {}
             transition = mapping.get('reg_transition','admit')
-            if transition not in ('admit','return','pay_school_fee'):
+            if transition not in ('admit','return','pay_school_fee','validate_courses'):
                 msg = "no valid transition provided"
                 break
@@ -896 +901 @@
             current_level = mapping.get('current_level','')
             transition = mapping.get('reg_transition',None)
-            if transition and transition not in ('admit','return','graduate','pay_school_fee'):
+            # the validate_courses import transition is not really useful because it does not execute validate_courses.py
+            if transition and transition not in ('admit','return','graduate','pay_school_fee','validate_courses'):
                 msg = "no valid transition provided"
                 break     

WAeUP_SRP/trunk/skins/waeup_default/get_csv_names.py

@@ -2 +2 @@
 # $Id$
 """
-Return the sessions as an vocabulary
-
 """
 files = context.waeup_tool.get_csv_filenames()

WAeUP_SRP/trunk/skins/waeup_ois/getStudyLevelInfo.py

@@ -98 +98 @@
 complete1 = 0
 for r in normal1:
-   if r['grade']:
+   if r['grade'] and r['atl']:
        complete1 += 1
 if len(normal1) == complete1:
@@ -108 +108 @@
 complete2 = 0
 for r in normal1:
-   if r['grade']:
+   if r['grade'] and r['atl']:
        complete2 += 1
 if len(normal2) == complete2:
@@ -118 +118 @@
 complete3 = 0
 for r in normal1:
-   if r['grade']:
+   if r['grade'] and r['atl']:
        complete3 += 1
 if len(normal3) == complete3:

WAeUP_SRP/trunk/skins/waeup_student/lecturer_course_edit.py

@@ -50 +50 @@
 lecturer_id = getattr(course,'lecturer',None)
 #set_trace()
-if str(lecturer_id) != member_id:
+if str(lecturer_id) != member_id and not context.isSectionOfficer():
     logger.info('%s tried to access course result %s of %s but is not a lecturer of this course' % (member_id,course_id,requested_id))
     return REQUEST.RESPONSE.redirect("%s/srp_anonymous_view" % context.portal_url())