MIDNIGHT/enlight-lms
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: check ptype for permission if not admin

Browse Source
This commit is contained in:
Jannat Patel
2026-02-23 11:06:34 +05:30
parent 58826fe30f
commit 14937fd4fc
8 changed files with 23 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/src/pages/JobForm.vue
+1
View File
@@ -189,6 +189,7 @@ const jobDetails = createDocumentResource({
watch( watch(
() => jobDetails?.doc, () => jobDetails?.doc,
() => { () => {
if (!jobDetails.doc) return
if (jobDetails.doc.owner != user.data?.name && !user.data?.is_moderator) { if (jobDetails.doc.owner != user.data?.name && !user.data?.is_moderator) {
router.push({ router.push({
name: 'Jobs', name: 'Jobs',
frontend/src/pages/Lesson.vue
+1 -1
View File
@@ -658,7 +658,7 @@ const getVideoDetails = () => {
const getPlyrSourceDetails = () => { const getPlyrSourceDetails = () => {
let details = [] let details = []
plyrSources.value.forEach(async (source) => { plyrSources.value.forEach((source) => {
if (source.currentTime == source.duration) markProgress() if (source.currentTime == source.duration) markProgress()
let src = cleanYouTubeUrl(source.source) let src = cleanYouTubeUrl(source.source)
details.push({ details.push({
lms/lms/api.py
+3 -7
View File
@@ -31,6 +31,7 @@ from pypika import functions as fn
from lms.lms.doctype.course_lesson.course_lesson import save_progress from lms.lms.doctype.course_lesson.course_lesson import save_progress
from lms.lms.utils import ( from lms.lms.utils import (
LMS_ROLES,
can_modify_batch, can_modify_batch,
can_modify_course, can_modify_course,
get_average_rating, get_average_rating,
@@ -607,12 +608,7 @@ def check_app_permission():
if frappe.session.user == "Administrator": if frappe.session.user == "Administrator":
return True return True
roles = frappe.get_roles() return has_lms_role()
lms_roles = ["Moderator", "Course Creator", "Batch Evaluator", "LMS Student"]
if any(role in roles for role in lms_roles):
return True
return False
@frappe.whitelist() @frappe.whitelist()
@@ -1723,7 +1719,7 @@ def get_profile_details(username: str):
roles = frappe.get_roles(details.name) roles = frappe.get_roles(details.name)
if not has_lms_role(): if not has_lms_role():
frappe.throw( frappe.throw(
_("User does not have permission to access this users profile details."), frappe.PermissionError _("User does not have permission to access this user's profile details."), frappe.PermissionError
) )
details.roles = roles details.roles = roles
return details return details
lms/lms/doctype/lms_badge/lms_badge.py
+5 -2
View File
@@ -70,14 +70,17 @@ def assign_badge(badge_name: str):
["name", "event", "reference_doctype", "condition", "user_field"], ["name", "event", "reference_doctype", "condition", "user_field"],
as_dict=True, as_dict=True,
) )
if not badge:
frappe.throw(_("Badge {0} not found").format(badge_name), frappe.DoesNotExistError)
if not badge.event == "Manual Assignment": if not badge.event == "Manual Assignment":
return return
fields = ["name"] fields = ["name"]
fields.append(badge.user_field) fields.append(badge.user_field)
list = frappe.get_all(badge.reference_doctype, filters=json.loads(badge.condition), fields=fields) docs = frappe.get_all(badge.reference_doctype, filters=json.loads(badge.condition), fields=fields)
for doc in list: for doc in docs:
assignment_name = award(badge, doc.get(badge.user_field)) assignment_name = award(badge, doc.get(badge.user_field))
if assignment_name: if assignment_name:
assignments.append(assignment_name) assignments.append(assignment_name)
lms/lms/doctype/lms_batch/lms_batch.py
+3
View File
@@ -407,6 +407,9 @@ def has_permission(doc, ptype="read", user=None):
if "Moderator" in roles or "Batch Evaluator" in roles: if "Moderator" in roles or "Batch Evaluator" in roles:
return True return True
if ptype not in ("read", "select", "print"):
return False
is_enrolled = frappe.db.exists("LMS Batch Enrollment", {"batch": doc.name, "member": user}) is_enrolled = frappe.db.exists("LMS Batch Enrollment", {"batch": doc.name, "member": user})
if is_enrolled: if is_enrolled:
return True return True
lms/lms/doctype/lms_certificate/lms_certificate.py
+4
View File
@@ -222,6 +222,10 @@ def has_permission(doc, ptype="read", user=None):
roles = frappe.get_roles(user) roles = frappe.get_roles(user)
if "Moderator" in roles or "Course Creator" in roles or "Batch Evaluator" in roles: if "Moderator" in roles or "Course Creator" in roles or "Batch Evaluator" in roles:
return True return True
if doc.owner == user:
return True
if ptype not in ("read", "select", "print"):
return False
return doc.published return doc.published
lms/lms/doctype/lms_live_class/lms_live_class.py
+3
View File
@@ -177,6 +177,9 @@ def has_permission(doc, ptype="read", user=None):
if "Moderator" in roles or "Batch Evaluator" in roles: if "Moderator" in roles or "Batch Evaluator" in roles:
return True return True
if ptype not in ("read", "select", "print"):
return False
return frappe.db.exists( return frappe.db.exists(
"LMS Batch Enrollment", "LMS Batch Enrollment",
{"batch": doc.batch_name, "member": user}, {"batch": doc.batch_name, "member": user},
lms/lms/doctype/lms_program/lms_program.py
+3
View File
@@ -55,6 +55,9 @@ def has_permission(doc, ptype="read", user=None):
if "Moderator" in roles or "Course Creator" in roles: if "Moderator" in roles or "Course Creator" in roles:
return True return True
if ptype not in ("read", "select", "print"):
return False
is_enrolled = frappe.db.exists("LMS Program Member", {"parent": doc.name, "member": user}) is_enrolled = frappe.db.exists("LMS Program Member", {"parent": doc.name, "member": user})
if is_enrolled: if is_enrolled:
return True return True