Fixing bugs in conditions of ACL policies.

Martin Krulis · Martin Kruliš · commit 6eeed2892dca · 2019-01-28T21:17:28.000+01:00
diff --git a/app/V1Module/presenters/ExercisesPresenter.php b/app/V1Module/presenters/ExercisesPresenter.php
@@ -399,9 +399,8 @@ public function actionAssignments(string $id, bool $archived = false) {
     $exercise = $this->exercises->findOrThrow($id);
 
     $assignments = $exercise->getAssignments()->filter(function (Assignment $assignment) use ($archived) {
-      return $archived ?
-        $this->assignmentAcl->canViewDetail($assignment) :
-        $this->assignmentAcl->canViewDetail($assignment) && $assignment->getGroup() && !$assignment->getGroup()->isArchived();
+      return $this->assignmentAcl->canViewDetail($assignment) && $assignment->getGroup()
+        && ($archived || !$assignment->getGroup()->isArchived());
     })->getValues();
     $this->sendSuccessResponse($this->assignmentViewFactory->getAssignments($assignments));
   }
diff --git a/app/V1Module/security/Policies/AssignmentPermissionPolicy.php b/app/V1Module/security/Policies/AssignmentPermissionPolicy.php
@@ -38,7 +38,6 @@ public function isSupervisor(Identity $identity, Assignment $assignment) {
       return false;
     }
 
-    return $group && $group->isSupervisorOf($user) || $group->isAdminOf($user);
+    return $group && ($group->isSupervisorOf($user) || $group->isAdminOf($user));
   }
-
 }
diff --git a/app/V1Module/security/Policies/AssignmentSolutionPermissionPolicy.php b/app/V1Module/security/Policies/AssignmentSolutionPermissionPolicy.php
@@ -25,7 +25,7 @@ public function isSupervisor(Identity $identity, AssignmentSolution $solution) {
       return false;
     }
 
-    return $group && $group->isSupervisorOf($user) || $group->isAdminOf($user);
+    return $group && ($group->isSupervisorOf($user) || $group->isAdminOf($user));
   }
 
   public function isAuthor(Identity $identity, AssignmentSolution $solution) {
diff --git a/app/V1Module/security/Policies/CommentPermissionPolicy.php b/app/V1Module/security/Policies/CommentPermissionPolicy.php
@@ -50,6 +50,6 @@ public function isSupervisorInGroupOfCommentedSolution(Identity $identity, Comme
     }
 
     $group = $solution->getAssignment()->getGroup();
-    return $group && $group->isSupervisorOf($user) || $group->isAdminOf($user);
+    return $group && ($group->isSupervisorOf($user) || $group->isAdminOf($user));
   }
 }
diff --git a/app/V1Module/security/Policies/ShadowAssignmentPermissionPolicy.php b/app/V1Module/security/Policies/ShadowAssignmentPermissionPolicy.php
@@ -31,7 +31,7 @@ public function isSupervisor(Identity $identity, ShadowAssignment $assignment) {
       return false;
     }
 
-    return $group && $group->isSupervisorOf($user) || $group->isAdminOf($user);
+    return $group && ($group->isSupervisorOf($user) || $group->isAdminOf($user));
   }
 
 }

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,6 @@ public function isSupervisor(Identity $identity, Assignment $assignment) {`
`38`	`38`	`return false;`
`39`	`39`	`}`
`40`	`40`
`41`		`- return $group && $group->isSupervisorOf($user) \|\| $group->isAdminOf($user);`
	`41`	`+ return $group && ($group->isSupervisorOf($user) \|\| $group->isAdminOf($user));`
`42`	`42`	`}`
`43`		`-`
`44`	`43`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ public function isSupervisor(Identity $identity, AssignmentSolution $solution) {`
`25`	`25`	`return false;`
`26`	`26`	`}`
`27`	`27`
`28`		`- return $group && $group->isSupervisorOf($user) \|\| $group->isAdminOf($user);`
	`28`	`+ return $group && ($group->isSupervisorOf($user) \|\| $group->isAdminOf($user));`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`public function isAuthor(Identity $identity, AssignmentSolution $solution) {`
Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,6 @@ public function isSupervisorInGroupOfCommentedSolution(Identity $identity, Comme`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`$group = $solution->getAssignment()->getGroup();`
`53`		`- return $group && $group->isSupervisorOf($user) \|\| $group->isAdminOf($user);`
	`53`	`+ return $group && ($group->isSupervisorOf($user) \|\| $group->isAdminOf($user));`
`54`	`54`	`}`
`55`	`55`	`}`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ public function isSupervisor(Identity $identity, ShadowAssignment $assignment) {`
`31`	`31`	`return false;`
`32`	`32`	`}`
`33`	`33`
`34`		`- return $group && $group->isSupervisorOf($user) \|\| $group->isAdminOf($user);`
	`34`	`+ return $group && ($group->isSupervisorOf($user) \|\| $group->isAdminOf($user));`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`}`