public static T GetFilterOptionsByGroup <T>(GroupsRepo groupsRepo, IPrincipal User, string courseId, List <string> groupsIds, bool allowSeeGroupForAnyMember = false) where T : AbstractFilterOptionByCourseAndUsers, new()
{
var result = new T {
CourseId = courseId
};
/* if groupsIds contains "all" (it should be exclusive), get all users. Available only for course admins */
if (groupsIds.Contains("all") && User.HasAccessFor(courseId, CourseRole.CourseAdmin))
{
return(result);
}
/* if groupsIds contains "not-group" (it should be exclusive), get all users not in any groups, available only for course admins */
if (groupsIds.Contains("not-in-group") && User.HasAccessFor(courseId, CourseRole.CourseAdmin))
{
var usersInGroups = groupsRepo.GetUsersIdsForAllGroups(courseId);
result.UserIds = usersInGroups.ToList();
result.IsUserIdsSupplement = true;
return(result);
}
result.UserIds = new List <string>();
/* if groupsIds is empty, get members of all groups user has access to. Available for instructors */
if ((groupsIds.Count == 0 || groupsIds.Any(string.IsNullOrEmpty)) && User.HasAccessFor(courseId, CourseRole.Instructor))
{
var accessibleGroupsIds = groupsRepo.GetMyGroupsFilterAccessibleToUser(courseId, User).Select(g => g.Id).ToList();
var groupUsersIdsQuery = groupsRepo.GetGroupsMembersAsUserIds(accessibleGroupsIds);
result.UserIds = groupUsersIdsQuery.ToList();
return(result);
}
var usersIds = new HashSet <string>();
var groupsIdsInts = groupsIds.Select(s => int.TryParse(s, out var i) ? i : (int?)null).Where(i => i.HasValue).Select(i => i.Value).ToList();
var group2GroupMembersIds = groupsRepo.GetGroupsMembersAsGroupsIdsAndUserIds(groupsIdsInts)
.GroupBy(u => u.GroupId)
.ToDictionary(g => g.Key, g => g.Select(p => p.UserId).ToList());
foreach (var groupIdInt in groupsIdsInts)
{
if (!group2GroupMembersIds.ContainsKey(groupIdInt))
{
continue;
}
var hasAccessToGroup = groupsRepo.IsGroupAvailableForUser(groupIdInt, User);
if (allowSeeGroupForAnyMember)
{
hasAccessToGroup |= group2GroupMembersIds[groupIdInt].Contains(User.Identity.GetUserId());
}
if (hasAccessToGroup)
{
usersIds.AddAll(group2GroupMembersIds[groupIdInt]);
}
}
result.UserIds = usersIds.ToList();
return(result);
}
public async Task <Comment> AddComment(IPrincipal author, string courseId, Guid slideId, int parentCommentId, bool isForInstructorsOnly, string commentText)
{
var commentsPolicy = GetCommentsPolicy(courseId);
var isInstructor = author.HasAccessFor(courseId, CourseRole.Instructor);
var isApproved = commentsPolicy.ModerationPolicy == CommentModerationPolicy.Postmoderation || isInstructor;
/* Instructors' replies are automaticly correct */
var isReply = parentCommentId != -1;
var isCorrectAnswer = isReply && isInstructor && !isForInstructorsOnly;
var comment = db.Comments.Create();
comment.AuthorId = author.Identity.GetUserId();
comment.CourseId = courseId;
comment.SlideId = slideId;
comment.ParentCommentId = parentCommentId;
comment.Text = commentText;
comment.IsApproved = isApproved;
comment.IsCorrectAnswer = isCorrectAnswer;
comment.IsForInstructorsOnly = isForInstructorsOnly;
comment.PublishTime = DateTime.Now;
db.Comments.Add(comment);
await db.SaveChangesAsync();
return(db.Comments.Find(comment.Id));
}
public bool CanUserSeeAllCourseGroups(IPrincipal user, string courseId)
{
return(user.HasAccessFor(courseId, CourseRole.CourseAdmin) /*
* // TODO (andgein): support this feathure in Database.Core
|| user.HasSystemAccess(SystemAccessType.ViewAllGroupMembers)
|| user.HasCourseAccess(courseId, CourseAccessType.ViewAllGroupMembers) */);
}
public List<string> GetVisibleUnits(string courseId, IPrincipal user)
{
var canSeeEverything = user.HasAccessFor(courseId, CourseRole.Tester);
if (canSeeEverything)
return courseManager.GetCourse(courseId).Slides.Select(s => s.Info.UnitName).Distinct().ToList();
return db.Units.Where(u => u.CourseId == courseId && u.PublishTime <= DateTime.Now).Select(u => u.UnitName).ToList();
}
public IEnumerable <Guid> GetVisibleUnitIds(Course course, IPrincipal user)
{
var canSeeEverything = user.HasAccessFor(course.Id, CourseRole.Tester);
if (canSeeEverything)
{
return(course.GetUnitsNotSafe().Select(u => u.Id));
}
return(GetVisibleUnitIds(course));
}
public List <string> GetVisibleUnits(string courseId, IPrincipal user)
{
var canSeeEverything = user.HasAccessFor(courseId, CourseRole.Tester);
if (canSeeEverything)
{
return(courseManager.GetCourse(courseId).Slides.Select(s => s.Info.UnitName).Distinct().ToList());
}
return(db.Units.Where(u => u.CourseId == courseId && u.PublishTime <= DateTime.Now).Select(u => u.UnitName).ToList());
}
public List <Group> GetAvailableForUserGroups(string courseId, IPrincipal user, bool includeArchived = false)
{
if (!user.HasAccessFor(courseId, CourseRole.Instructor))
{
return(new List <Group>());
}
return(GetAvailableForUserGroups(new List <string> {
courseId
}, user, includeArchived));
}
private bool CanModerateComments(IPrincipal user, string courseId)
{
if (!user.Identity.IsAuthenticated)
{
return(false);
}
var hasCourseAccessForCommentEditing = coursesRepo.HasCourseAccess(user.Identity.GetUserId(), courseId, CourseAccessType.EditPinAndRemoveComments);
return(user.HasAccessFor(courseId, CourseRole.CourseAdmin) || hasCourseAccessForCommentEditing);
}
public bool CanRevokeAccess(int groupId, string userId, IPrincipal revokedBy)
{
var revokedById = revokedBy.Identity.GetUserId();
var group = FindGroupById(groupId);
if (group.OwnerId == revokedById || revokedBy.HasAccessFor(group.CourseId, CourseRole.CourseAdmin))
{
return(true);
}
return(db.GroupAccesses.Any(a => a.GroupId == groupId && a.UserId == userId && a.GrantedById == revokedById && a.IsEnabled));
}
private bool CanAddCommentNow(IPrincipal user, string courseId)
{
// Instructors have unlimited comments
if (user.HasAccessFor(courseId, CourseRole.Instructor))
{
return(true);
}
var commentsPolicy = commentsRepo.GetCommentsPolicy(courseId);
return(!commentsRepo.IsUserAddedMaxCommentsInLastTime(user.Identity.GetUserId(),
commentsPolicy.MaxCommentsCountInLastTime,
commentsPolicy.LastTimeForMaxCommentsLimit));
}
public List <Unit> GetVisibleUnits(Course course, IPrincipal user)
{
var canSeeEverything = user.HasAccessFor(course.Id, CourseRole.Tester);
if (canSeeEverything)
{
return(course.Units);
}
var visibleUnitsIds = new HashSet <Guid>(db.UnitAppearances
.Where(u => u.CourseId == course.Id && u.PublishTime <= DateTime.Now)
.Select(u => u.UnitId));
return(course.Units.Where(u => visibleUnitsIds.Contains(u.Id)).ToList());
}
private bool CanAddCommentHere(IPrincipal user, string courseId, bool isReply)
{
if (!User.Identity.IsAuthenticated)
return false;
var commentsPolicy = commentsRepo.GetCommentsPolicy(courseId);
var isInstructor = user.HasAccessFor(courseId, CourseRole.Instructor);
if (!isInstructor && !commentsPolicy.IsCommentsEnabled)
return false;
if (isReply && !isInstructor && commentsPolicy.OnlyInstructorsCanReply)
return false;
return true;
}
public List <NotificationType> GetNotificationTypes(IPrincipal user, string courseId)
{
var notificationTypes = GetAllNotificationTypes();
notificationTypes = notificationTypes
.Where(t => user.HasAccessFor(courseId, t.GetMinCourseRole()) || t.GetMinCourseRole() == CourseRole.Student)
.OrderByDescending(t => t.GetMinCourseRole())
.ThenBy(t => (int)t)
.ToList();
if (!user.IsSystemAdministrator())
{
notificationTypes = notificationTypes.Where(t => !t.IsForSysAdminsOnly()).ToList();
}
return(notificationTypes);
}
public bool IsGroupAvailableForUser(int groupId, IPrincipal user)
{
var group = FindGroupById(groupId);
/* Course admins can see all groups */
if (CanUserSeeAllCourseGroups(user, group.CourseId))
{
return(true);
}
if (!user.HasAccessFor(group.CourseId, CourseRole.Instructor))
{
return(false);
}
var userId = user.Identity.GetUserId();
return(!group.IsDeleted && (group.OwnerId == userId || group.IsPublic));
}
private bool CanAddCommentHere(IPrincipal user, string courseId, bool isReply)
{
if (!User.Identity.IsAuthenticated)
{
return(false);
}
var commentsPolicy = commentsRepo.GetCommentsPolicy(courseId);
var isInstructor = user.HasAccessFor(courseId, CourseRole.Instructor);
if (!isInstructor && !commentsPolicy.IsCommentsEnabled)
{
return(false);
}
if (isReply && !isInstructor && commentsPolicy.OnlyInstructorsCanReply)
{
return(false);
}
return(true);
}
public bool IsGroupAvailableForUser(int groupId, IPrincipal user)
{
var group = FindGroupById(groupId);
if (group == null)
{
return(false);
}
/* Course admins can see all groups */
if (CanUserSeeAllCourseGroups(user, group.CourseId))
{
return(true);
}
if (!user.HasAccessFor(group.CourseId, CourseRole.Instructor))
{
return(false);
}
var userId = user.Identity.GetUserId();
var hasAccess = db.GroupAccesses.Any(a => a.UserId == userId && a.GroupId == groupId && a.IsEnabled);
return(!group.IsDeleted && (group.OwnerId == userId || hasAccess));
}
public async Task<Comment> AddComment(IPrincipal author, string courseId, Guid slideId, int parentCommentId, string commentText)
{
var commentsPolicy = GetCommentsPolicy(courseId);
var isInstructor = author.HasAccessFor(courseId, CourseRole.Instructor);
var isApproved = commentsPolicy.ModerationPolicy == CommentModerationPolicy.Postmoderation || isInstructor;
/* Instructors' replies are automaticly correct */
var isReply = parentCommentId != -1;
var isCorrectAnswer = isReply && isInstructor;
var comment = db.Comments.Create();
comment.AuthorId = author.Identity.GetUserId();
comment.CourseId = courseId;
comment.SlideId = slideId;
comment.ParentCommentId = parentCommentId;
comment.Text = commentText;
comment.IsApproved = isApproved;
comment.IsCorrectAnswer = isCorrectAnswer;
comment.PublishTime = DateTime.Now;
db.Comments.Add(comment);
await db.SaveChangesAsync();
return db.Comments.Find(comment.Id);
}
private bool CanEditAndDeleteComment(IPrincipal user, Comment comment)
{
return user.HasAccessFor(comment.CourseId, CourseRole.Instructor) ||
user.Identity.GetUserId() == comment.AuthorId;
}
public bool CanUserSeeAllCourseGroups(IPrincipal user, string courseId)
{
return(user.HasAccessFor(courseId, CourseRole.CourseAdmin));
}
public bool CanUserSeeAllCourseGroups(IPrincipal user, string courseId)
{
return user.HasAccessFor(courseId, CourseRole.CourseAdmin);
}
public static T GetFilterOptionsByGroup <T>(GroupsRepo groupsRepo, IPrincipal User, string courseId, List <string> groupsIds, bool allowSeeGroupForAnyMember = false) where T : AbstractFilterOptionByCourseAndUsers, new()
{
var result = new T {
CourseId = courseId
};
/* if groupsIds contains "all" (it should be exclusive), get all users. Available only for instructors */
if (groupsIds.Contains("all") && User.HasAccessFor(courseId, CourseRole.Instructor))
{
return(result);
}
/* if groupsIds contains "not-group" (it should be exclusive), get all users not in any groups, available only for course admins */
if (groupsIds.Contains("not-in-group") && User.HasAccessFor(courseId, CourseRole.CourseAdmin))
{
var usersInGroups = groupsRepo.GetUsersIdsForAllGroups(courseId);
result.UsersIds = usersInGroups.ToList();
result.IsUserIdsSupplement = true;
return(result);
}
result.UsersIds = new List <string>();
var usersIds = new HashSet <string>();
/* if groupsIds is empty, get members of all own groups. Available for instructors */
if ((groupsIds.Count == 0 || groupsIds.Any(string.IsNullOrEmpty)) && User.HasAccessFor(courseId, CourseRole.Instructor))
{
var ownGroupsIds = groupsRepo.GetGroupsOwnedByUser(courseId, User).Select(g => g.Id).ToList();
foreach (var ownGroupId in ownGroupsIds)
{
var groupUsersIds = groupsRepo.GetGroupMembers(ownGroupId).Select(u => u.Id);
usersIds.AddAll(groupUsersIds);
}
result.UsersIds = usersIds.ToList();
return(result);
}
foreach (var groupId in groupsIds)
{
int groupIdInt;
if (int.TryParse(groupId, out groupIdInt))
{
var group = groupsRepo.FindGroupById(groupIdInt);
if (group != null)
{
var groupMembersIds = groupsRepo.GetGroupMembers(group.Id).Select(u => u.Id).ToList();
var hasAccessToGroup = groupsRepo.IsGroupAvailableForUser(group.Id, User);
if (allowSeeGroupForAnyMember)
{
hasAccessToGroup |= groupMembersIds.Contains(User.Identity.GetUserId());
}
if (hasAccessToGroup)
{
usersIds.AddAll(groupMembersIds);
}
}
}
}
result.UsersIds = usersIds.ToList();
return(result);
}
private bool CanViewAndAddCommentsForInstructorsOnly(IPrincipal user, string courseId)
{
return(user.HasAccessFor(courseId, CourseRole.Instructor));
}
private bool CanAddCommentNow(IPrincipal user, string courseId)
{
// Instructors have unlimited comments
if (user.HasAccessFor(courseId, CourseRole.Instructor))
return true;
var commentsPolicy = commentsRepo.GetCommentsPolicy(courseId);
return ! commentsRepo.IsUserAddedMaxCommentsInLastTime(user.Identity.GetUserId(),
commentsPolicy.MaxCommentsCountInLastTime,
commentsPolicy.LastTimeForMaxCommentsLimit);
}
public bool CanUserSeeAllCourseGroups(IPrincipal user, string courseId)
{
return(user.HasAccessFor(courseId, CourseRole.CourseAdmin) ||
user.HasSystemAccess(SystemAccessType.ViewAllGroupMembers) ||
user.HasCourseAccess(courseId, CourseAccessType.ViewAllGroupMembers));
}
private bool CanEditAndDeleteComment(IPrincipal user, Comment comment)
{
return(user.HasAccessFor(comment.CourseId, CourseRole.Instructor) ||
user.Identity.GetUserId() == comment.AuthorId);
}
public List<Group> GetAvailableForUserGroups(string courseId, IPrincipal user)
{
if (!user.HasAccessFor(courseId, CourseRole.Instructor))
return new List<Group>();
IEnumerable<Group> groups;
var userId = user.Identity.GetUserId();
/* Course admins can see all groups */
if (CanUserSeeAllCourseGroups(user, courseId))
groups = GetGroups(courseId);
else
/* Other instructor can see only public or own groups */
groups = db.Groups.Where(g => g.CourseId == courseId && !g.IsDeleted && (g.OwnerId == userId || g.IsPublic));
return groups
.OrderBy(g => g.OwnerId != userId)
.ThenBy(g => g.Name)
.ToList();
}
public bool CanRevokeAccess(string courseId, string userId, IPrincipal revokedBy)
{
return(revokedBy.HasAccessFor(courseId, CourseRole.CourseAdmin));
}
public bool IsGroupAvailableForUser(int groupId, IPrincipal user)
{
var group = FindGroupById(groupId);
/* Course admins can see all groups */
if (CanUserSeeAllCourseGroups(user, group.CourseId))
return true;
if (!user.HasAccessFor(group.CourseId, CourseRole.Instructor))
return false;
var userId = user.Identity.GetUserId();
return !group.IsDeleted && (group.OwnerId == userId || group.IsPublic);
}
