Closed fisx closed 7 years ago
conclusion from phone call (as a diff on Access.hs
):
@@ -172,7 +172,7 @@ thereIsAGod nope = if isThere then [minBound..] else nope
capabilities :: CapCtx -> [Capability]
capabilities (CapCtx u ms mp mi mc mup mdt)
| not . checkSpace ms $ rs ^. each . roleScope = []
- | otherwise = mconcat . mconcat $
+ | otherwise = afterthought . mconcat . mconcat $
[ userCapabilities <$> rs
, [ ideaCapabilities (u ^. _Id) r i p | r <- rs, i <- l mi, p <- l mp ]
, [ commentCapabilities (u ^. _Id) r c p | r <- rs, c <- l mc, p <- l mp ]
@@ -184,6 +184,11 @@ capabilities (CapCtx u ms mp mi mc mup mdt)
rs = u ^.. userRoles
l = maybeToList
+ -- Remove 'CanVote' *iff* the user has 'Moderator', but no membership of the
+ -- e'SchoolClass' from 'CapCtx'.
+ afterthought :: [Capability] -> [Capability]
+ afterthought = _
+
Does this extra check only applies to CanVote
, after a review of the capabilities this seems to apply to CanLike
as well.
correct, CanLike
needs to behave the same way as CanVote
with respect to this issue.
Fixed in #1017.
A student with roles [
Student "7a", Moderator]
currently has voting permission in class"7b"
. This should not be.In other words: voting must be restricted to the idea spaces a student is member in. We haven't implemented that because students didn't have access to any idea spaces except the ones they had voting rights. Now that some students have moderator role as well, this no longer holds.
I tried to changes this in
Access.hs
:But that breaks
Enum
andBounded
instances and rules out usingCapability
as kind.Related question: should we allow comment votes for all students, or just students in a particular idea space?