MIDNIGHT/enlight-lms
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: return profile details only if the profile is of an LMS user

Browse Source
This commit is contained in:
Jannat Patel
2026-02-19 12:51:30 +05:30
parent c961923fa0
commit 44ca59c64a
1 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lms/lms/api.py
+15 -4
View File
@@ -44,6 +44,8 @@ from lms.lms.utils import (
has_moderator_role, has_moderator_role,
) )
LMS_ROLES = ["Moderator", "Course Creator", "Batch Evaluator", "LMS Student"]
@frappe.whitelist() @frappe.whitelist()
def get_user_info(): def get_user_info():
@@ -1369,8 +1371,7 @@ def get_certification_details(course: str):
@frappe.whitelist() @frappe.whitelist()
def save_role(user: str, role: str, value: int): def save_role(user: str, role: str, value: int):
frappe.only_for("Moderator") frappe.only_for("Moderator")
ALLOWED_ROLES = ["Moderator", "Course Creator", "Batch Evaluator", "LMS Student"] if role not in LMS_ROLES:
if role not in ALLOWED_ROLES:
frappe.throw(_("You do not have permission to modify this role."), frappe.PermissionError) frappe.throw(_("You do not have permission to modify this role."), frappe.PermissionError)
if cint(value): if cint(value):
@@ -1720,11 +1721,21 @@ def get_profile_details(username: str):
], ],
as_dict=True, as_dict=True,
) )
roles = frappe.get_roles(details.name)
details.roles = frappe.get_roles(details.name) if not has_lms_role(roles):
frappe.throw(
_("User does not have permission to access this users profile details."), frappe.PermissionError
)
details.roles = roles
return details return details
def has_lms_role(roles: list):
lms_roles = set(LMS_ROLES)
user_roles = set(roles)
return not lms_roles.isdisjoint(user_roles)
@frappe.whitelist() @frappe.whitelist()
def get_streak_info(): def get_streak_info():
all_dates = fetch_activity_dates(frappe.session.user) all_dates = fetch_activity_dates(frappe.session.user)