S24 refactor visibility for reuse

gordon-cs / gordon-360-api

The 360° Gordon Experience

11 stars 6 forks source link

S24 refactor visibility for reuse #1058

Open russtuck opened 2 months ago

russtuck commented 2 months ago

This is just a first draft, but I'd appreciate feedback if you have time to look. I know I still need to add code to check KeepPrivate, in order to honor FERPA restrictions on looking up student information.

One obvious question is whether ImposePrivacySettings() will make it unnecessary to distinguish copying the full profile vs. the public profile. I've made the optimistic but probably over-simplistic assumption that it might.

russtuck commented 2 months ago

Notes from conversation w/ J Senning, so I don't forget:

public profile conversion is still necessary -- pulls out what a group can never see, while Impose Privacy pulls out or marks things that depend on the user's privacy settings
just return logical expression (no if() return true, else return fals)
if with assignment can be ? : expression instead

russtuck commented 1 month ago

I think this is a pure refactor. It should not change any behavior, but extracts permission code for easier reuse.

With only casual testing, it appears to be working. Please take a look.

russtuck commented 1 month ago

I was only able to check the schedule security fix for viewing students and faculty as student and faculty.

It needs testing for viewing alumni from both kinds of accounts.