diff --git a/src/main/java/teammates/common/datatransfer/InstructorPrivileges.java b/src/main/java/teammates/common/datatransfer/InstructorPrivileges.java index 71ebaf80b5a..67b865551e9 100644 --- a/src/main/java/teammates/common/datatransfer/InstructorPrivileges.java +++ b/src/main/java/teammates/common/datatransfer/InstructorPrivileges.java @@ -446,6 +446,19 @@ public Map> getSessionLevelPrivileg return copy; } + /** + * Returns the list of sections the instructor has the specified privilege name. + */ + public Map getSectionsWithPrivilege(String privilegeName) { + Map copy = new LinkedHashMap<>(); + sectionLevel.forEach((key, value) -> { + if (isAllowedInSectionLevel(key, privilegeName)) { + copy.put(key, value.getCopy()); + } + }); + return copy; + } + @Override public boolean equals(Object another) { if (!(another instanceof InstructorPrivileges)) { diff --git a/src/main/java/teammates/common/datatransfer/attributes/InstructorAttributes.java b/src/main/java/teammates/common/datatransfer/attributes/InstructorAttributes.java index ab7fb598466..88d561229f8 100644 --- a/src/main/java/teammates/common/datatransfer/attributes/InstructorAttributes.java +++ b/src/main/java/teammates/common/datatransfer/attributes/InstructorAttributes.java @@ -4,8 +4,10 @@ import java.util.ArrayList; import java.util.Comparator; import java.util.List; +import java.util.Map; import java.util.Objects; +import teammates.common.datatransfer.InstructorPermissionSet; import teammates.common.datatransfer.InstructorPrivileges; import teammates.common.datatransfer.InstructorPrivilegesLegacy; import teammates.common.util.Config; @@ -358,6 +360,13 @@ public void setUpdatedAt(Instant updatedAt) { this.updatedAt = updatedAt; } + /** + * Returns a list of sections this instructor has the specified privilege. + */ + public Map getSectionsWithPrivilege(String privilegeName) { + return this.privileges.getSectionsWithPrivilege(privilegeName); + } + /** * Updates with {@link UpdateOptionsWithEmail}. */ diff --git a/src/main/java/teammates/ui/webapi/GateKeeper.java b/src/main/java/teammates/ui/webapi/GateKeeper.java index 4eedb6ac6f1..86efcaa607e 100644 --- a/src/main/java/teammates/ui/webapi/GateKeeper.java +++ b/src/main/java/teammates/ui/webapi/GateKeeper.java @@ -108,7 +108,10 @@ void verifyAccessible(InstructorAttributes instructor, CourseAttributes course, + instructor.getEmail() + "]"); } - if (!instructor.isAllowedForPrivilege(privilegeName)) { + boolean instructorIsAllowedCoursePrivilege = instructor.isAllowedForPrivilege(privilegeName); + boolean instructorIsAllowedSectionPrivilege = + instructor.getSectionsWithPrivilege(privilegeName).size() != 0; + if (!instructorIsAllowedCoursePrivilege && !instructorIsAllowedSectionPrivilege) { throw new UnauthorizedAccessException("Course [" + course.getId() + "] is not accessible to instructor [" + instructor.getEmail() + "] for privilege [" + privilegeName + "]"); } diff --git a/src/main/java/teammates/ui/webapi/GetStudentsAction.java b/src/main/java/teammates/ui/webapi/GetStudentsAction.java index d17f65ac0dd..cd4c522c8c5 100644 --- a/src/main/java/teammates/ui/webapi/GetStudentsAction.java +++ b/src/main/java/teammates/ui/webapi/GetStudentsAction.java @@ -1,6 +1,8 @@ package teammates.ui.webapi; +import java.util.LinkedList; import java.util.List; +import java.util.Set; import teammates.common.datatransfer.attributes.InstructorAttributes; import teammates.common.datatransfer.attributes.StudentAttributes; @@ -40,11 +42,28 @@ void checkSpecificAccessControl() throws UnauthorizedAccessException { public JsonResult execute() { String courseId = getNonNullRequestParamValue(Const.ParamsNames.COURSE_ID); String teamName = getRequestParamValue(Const.ParamsNames.TEAM_NAME); + InstructorAttributes instructor = logic.getInstructorForGoogleId(courseId, userInfo.id); + String privilegeName = Const.InstructorPermissions.CAN_VIEW_STUDENT_IN_SECTIONS; + boolean hasCoursePrivilege = instructor != null + && instructor.isAllowedForPrivilege(privilegeName); + boolean hasSectionPrivilege = instructor != null + && instructor.getSectionsWithPrivilege(privilegeName).size() != 0; - if (teamName == null) { - // request to get all students of a course by instructor + if (teamName == null && hasCoursePrivilege) { + // request to get all course students by instructor with course privilege List studentsForCourse = logic.getStudentsForCourse(courseId); return new JsonResult(new StudentsData(studentsForCourse)); + } else if (teamName == null && hasSectionPrivilege) { + // request to get students by instructor with section privilege + List studentsForCourse = logic.getStudentsForCourse(courseId); + List studentsToReturn = new LinkedList<>(); + Set sectionsWithViewPrivileges = instructor.getSectionsWithPrivilege(privilegeName).keySet(); + studentsForCourse.forEach(student -> { + if (sectionsWithViewPrivileges.contains(student.getSection())) { + studentsToReturn.add(student); + } + }); + return new JsonResult(new StudentsData(studentsToReturn)); } else { // request to get team members by current student List studentsForTeam = logic.getStudentsForTeam(teamName, courseId); @@ -52,7 +71,5 @@ public JsonResult execute() { studentsData.getStudents().forEach(StudentData::hideInformationForStudent); return new JsonResult(studentsData); } - } - }