User Context: Test Sessions

- added checking for test session status for Advisor, Instructor, and Student roles - the test session is only available when the role has the Allow Test Sessions permission
UniTime · May 14, 2024 · 69eaada · 69eaada
1 parent 2b291e6
commit 69eaada
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 9 deletions.
diff --git a/JavaSource/org/unitime/timetable/security/context/UniTimeUserContext.java b/JavaSource/org/unitime/timetable/security/context/UniTimeUserContext.java
@@ -148,6 +148,7 @@ protected UniTimeUserContext(String userId, String login, String name, String pa
 					.setParameter("id", userId).list()) {
 				if (advisor.getRole() == null || !advisor.getRole().isEnabled()) continue;
 				if (ApplicationProperty.AuthorizationAdvisorMustHaveStudents.isTrue() && advisor.getStudents().isEmpty()) continue;
+				if ((advisor.getSession().getStatusType() == null || advisor.getSession().getStatusType().isTestSession()) && !advisor.getRole().hasRight(Right.AllowTestSessions)) continue;
 				if (iName == null && advisor.hasName()) iName = advisor.getName(DepartmentalInstructor.sNameFormatLastFirstMiddle);
 				if (iEmail == null) iEmail = advisor.getEmail();
 				RoleAuthority authority = new RoleAuthority(advisor.getUniqueId(), advisor.getRole());
@@ -163,22 +164,28 @@ protected UniTimeUserContext(String userId, String login, String name, String pa
 						.setParameter("id", userId).list()) {
 					if (iName == null) iName = instructor.getName(DepartmentalInstructor.sNameFormatLastFirstMiddle);
 					if (iEmail == null) iEmail = instructor.getEmail();
-					List<? extends UserAuthority> authorities = getAuthorities(Roles.ROLE_INSTRUCTOR, instructor.getDepartment().getSession());
-					UserAuthority authority = (authorities.isEmpty() ? null : authorities.get(0));
-					if (authority == null) {
-						authority = new RoleAuthority(instructor.getUniqueId(), instructorRole);
-						authority.addQualifier(instructor.getDepartment().getSession());
-						addAuthority(authority);
-						sessions.add(instructor.getDepartment().getSession());
+					if ((instructor.getDepartment().getSession().getStatusType() != null && !instructor.getDepartment().getSession().getStatusType().isTestSession())
+							|| Roles.getRole(Roles.ROLE_INSTRUCTOR, hibSession).hasRight(Right.AllowTestSessions)) {
+						List<? extends UserAuthority> authorities = getAuthorities(Roles.ROLE_INSTRUCTOR, instructor.getDepartment().getSession());
+						UserAuthority authority = (authorities.isEmpty() ? null : authorities.get(0));
+						if (authority == null) {
+							authority = new RoleAuthority(instructor.getUniqueId(), instructorRole);
+							authority.addQualifier(instructor.getDepartment().getSession());
+							addAuthority(authority);
+							sessions.add(instructor.getDepartment().getSession());
+						}
+						authority.addQualifier(instructor.getDepartment());
 					}
-					authority.addQualifier(instructor.getDepartment());
-					if (instructor.getRole() != null) {
+					if (instructor.getRole() != null && (
+						(instructor.getDepartment().getSession().getStatusType() != null && !instructor.getDepartment().getSession().getStatusType().isTestSession())
+									|| instructor.getRole().hasRight(Right.AllowTestSessions))) {
 						List<? extends UserAuthority> instrRoleAuthorities = getAuthorities(instructor.getRole().getReference(), instructor.getDepartment().getSession());
 						UserAuthority instrRoleAuthority = (instrRoleAuthorities.isEmpty() ? null : instrRoleAuthorities.get(0));
 						if (instrRoleAuthority == null) {
 							instrRoleAuthority = new RoleAuthority(instructor.getUniqueId(), instructor.getRole());
 							instrRoleAuthority.addQualifier(instructor.getDepartment().getSession());
 							addAuthority(instrRoleAuthority);
+							sessions.add(instructor.getDepartment().getSession());
 						}
 						instrRoleAuthority.addQualifier(instructor.getDepartment());
 						instrRoleAuthority.addQualifier(new SimpleQualifier("Role", Roles.ROLE_INSTRUCTOR));
@@ -193,6 +200,7 @@ protected UniTimeUserContext(String userId, String login, String name, String pa
 						.setParameter("id", userId).list()) {
 					if (iName == null) iName = student.getName(DepartmentalInstructor.sNameFormatLastFirstMiddle);
 					if (iEmail == null) iEmail = student.getEmail();
+					if ((student.getSession().getStatusType() == null || student.getSession().getStatusType().isTestSession()) && !studentRole.hasRight(Right.AllowTestSessions)) continue;
 					UserAuthority authority = new RoleAuthority(student.getUniqueId(), studentRole);
 					authority.addQualifier(student.getSession());
 					authority.addQualifier(student);

diff --git a/WebContent/help/Release-Notes.xml b/WebContent/help/Release-Notes.xml
@@ -150,6 +150,13 @@
 				</line>
 			</description>
 		</item>
+		<item>
+			<name>User Context: Test Sessions</name>
+			<description>
+				<line>Added checking for test session status for Advisor, Instructor, and Student roles.</line>
+				<line>The test session is only available when the role has the Allow Test Sessions permission.</line>
+			</description>
+		</item>
 		<item>
 			<name>Technology Upgrade</name>
 			<description>