Closed lainets closed 10 months ago
I think this is related to — or a specific instance of — a broader (unreported?) issue: pages that you have no right to access just dump you onto the login screen, and this can happen in a pretty annoying way.
For example, let’s say that I’m a random visitor browsing O1’s pages (without being logged in or perhaps even having an account). I’m currently in Chapter 1.6 and using the page-top navigation to move across chapters.
I click on Chapter 1.7 to move there → OK. I click on Chapter 1.8 → OK. Then it’s the Week 2 ToC → OK. Then to Chapter 2.0 (the weekly bulletin page that is only for enrollees) → BLAM! I’m on the login page with no explanation and the navigation is gone.
Permissions that are constructed with AND
or OR
operations from Django REST framework permissions seem to have had this issue for a long time now. The combined OR
permission does not have the message
attribute from the original permissions, thus A+ loses the intended error message for the permission and the user is not shown any explanatory error messages.
https://github.com/apluslms/a-plus/blob/46dba4057a3a0e8e4e9cebbc3369b3a37c4122d2/exercise/permissions.py#L77 https://github.com/apluslms/a-plus/blob/46dba4057a3a0e8e4e9cebbc3369b3a37c4122d2/authorization/views.py#L120
I think this is related to — or a specific instance of — a broader (unreported?) issue: pages that you have no right to access just dump you onto the login screen, and this can happen in a pretty annoying way.
For example, let’s say that I’m a random visitor browsing O1’s pages (without being logged in or perhaps even having an account). I’m currently in Chapter 1.6 and using the page-top navigation to move across chapters.
I click on Chapter 1.7 to move there → OK. I click on Chapter 1.8 → OK. Then it’s the Week 2 ToC → OK. Then to Chapter 2.0 (the weekly bulletin page that is only for enrollees) → BLAM! I’m on the login page with no explanation and the navigation is gone.
Addendum: The above scenario describes a visitor who is not logged in. A similar thing happens now with logged-in students who have a deadline extension and are forbidden from viewing a chapter that contains solutions (until after their personal deadline has passed). They are now prevented from seeing the page, which is great, but the info on that page could be better, and, more importantly, it would be very nice to still have the navigation controls there in this case.
This was fixed in the v1.20_stable branch in the three commits listed below. The fix needs to be still ported to the master branch.
When accessing an unrevealed chapter (a model solution chapter whose module hasn't been passed) two things may happen:
The user should be given an explanation in both cases. A login screen should still be shown in the first as the user might have an account but just hasn't logged in.