From 9c2728a9aa5eddaecc4eed218c48214736be4cc3 Mon Sep 17 00:00:00 2001
From: AndreiMPopescu <andrei.m.popescu@tsgforce.com>
Date: Fri, 22 Feb 2019 14:19:31 +0000
Subject: [PATCH 1/2] EF2E-1 Coaches create learner (without proper
 permissions)

---
 kolibri/core/auth/models.py                   |  3 ++
 kolibri/core/auth/permissions/general.py      | 47 ++++++++++++++++
 .../coach/assets/src/modules/pluginModule.js  |  2 +
 .../coach/assets/src/views/ClassListPage.vue  |  6 +--
 .../views/reports/CoachUserCreateModal.vue    | 53 +++++++++++++++++--
 .../src/views/reports/LearnerListPage.vue     | 14 ++++-
 6 files changed, 116 insertions(+), 9 deletions(-)

diff --git a/kolibri/core/auth/models.py b/kolibri/core/auth/models.py
index 5b9a6d485a7..3b971d82ba7 100644
--- a/kolibri/core/auth/models.py
+++ b/kolibri/core/auth/models.py
@@ -64,6 +64,7 @@
 from .permissions.general import IsFromSameFacility
 from .permissions.general import IsOwn
 from .permissions.general import IsSelf
+from .permissions.general import AllowCoach
 from kolibri.core.auth.constants.morango_scope_definitions import FULL_FACILITY
 from kolibri.core.auth.constants.morango_scope_definitions import SINGLE_USER
 from kolibri.core.errors import KolibriValidationError
@@ -522,6 +523,7 @@ class FacilityUser(KolibriAbstractBaseUser, AbstractFacilityDataModel):
     permissions = (
         IsSelf() |  # FacilityUser can be read and written by itself
         IsAdminForOwnFacility() |  # FacilityUser can be read and written by a facility admin
+        AllowCoach() |
         RoleBasedPermissions(  # FacilityUser can be read by admin or coach, and updated by admin, but not created/deleted by non-facility admin
             target_field=".",
             can_be_created_by=(),  # we can't check creation permissions by role, as user doesn't exist yet
@@ -903,6 +905,7 @@ class Membership(AbstractFacilityDataModel):
     morango_model_name = "membership"
 
     permissions = (
+        AllowCoach() |
         IsOwn(read_only=True) |  # users can read their own Memberships
         RoleBasedPermissions(  # Memberships can be read and written by admins, and read by coaches, for the member user
             target_field="user",
diff --git a/kolibri/core/auth/permissions/general.py b/kolibri/core/auth/permissions/general.py
index 356e0aa9280..88e44fbf543 100644
--- a/kolibri/core/auth/permissions/general.py
+++ b/kolibri/core/auth/permissions/general.py
@@ -180,3 +180,50 @@ def readable_by_user_filter(self, user, queryset):
             return queryset.filter(dataset=user.dataset)
         else:
             return queryset.none()
+
+
+class AllowCoach(BasePermissions):
+
+    def __init__(self, field_name=".", read_only=False):
+        self.read_only = read_only
+
+    def _user_is_coach(self, user, obj=None):
+
+        from ..models import Classroom
+
+        # if obj:
+        #     if not hasattr(obj, "dataset") or not user.dataset == obj.dataset:
+        #         return False
+        #
+        # classrooms = Classroom.objects.filter(dataset=user.dataset)
+        #
+        # is_coach = 0
+        #
+        # for classroom in classrooms:
+        #     if user.has_role_for_collection(role_kinds.COACH, classroom):
+        #                 is_coach += 1
+        #
+        # return is_coach > 0
+
+        return True
+
+
+
+    def user_can_create_object(self, user, obj):
+        return (not self.read_only) and self._user_is_coach(user, obj)
+
+    def user_can_read_object(self, user, obj):
+        return self._user_is_coach(user, obj)
+
+    def user_can_update_object(self, user, obj):
+        return (not self.read_only) and self._user_is_coach(user, obj)
+
+    def user_can_delete_object(self, user, obj):
+        return (not self.read_only) and self._user_is_coach(user, obj)
+
+    def readable_by_user_filter(self, user, queryset):
+        if self._user_is_coach(user):
+            return queryset.filter(dataset=user.dataset)
+        else:
+            return queryset.none()
+
diff --git a/kolibri/plugins/coach/assets/src/modules/pluginModule.js b/kolibri/plugins/coach/assets/src/modules/pluginModule.js
index 855c0f6bb1c..61aa231f60d 100644
--- a/kolibri/plugins/coach/assets/src/modules/pluginModule.js
+++ b/kolibri/plugins/coach/assets/src/modules/pluginModule.js
@@ -1,4 +1,5 @@
 import userManagement from '../../../../facility_management/assets/src/modules/userManagement';
+import classAssignMembers from '../../../../facility_management/assets/src/modules/classAssignMembers';
 import getters from './coreCoach/getters';
 import * as actions from './coreCoach/actions';
 import examCreation from './examCreation';
@@ -56,6 +57,7 @@ export default {
     lessonSummary,
     lessonsRoot,
     userManagement,
+    classAssignMembers,
     reports,
   },
 };
diff --git a/kolibri/plugins/coach/assets/src/views/ClassListPage.vue b/kolibri/plugins/coach/assets/src/views/ClassListPage.vue
index 1b2f36ab4cf..0af42e5409f 100644
--- a/kolibri/plugins/coach/assets/src/views/ClassListPage.vue
+++ b/kolibri/plugins/coach/assets/src/views/ClassListPage.vue
@@ -43,7 +43,7 @@
             <td class="core-table-main-col">
               <KRouterLink
                 :text="classroom.name"
-                :to="learnerPageLink(classroom.id)"
+                :to="learnerPageLink(classroom.id, classroom.name)"
               />
             </td>
             <td data-test="coach-names">
@@ -84,10 +84,10 @@
   import { PageNames } from '../constants';
   import { filterAndSortUsers } from '../../../../facility_management/assets/src/userSearchUtils';
 
-  function learnerPageLink(classId) {
+  function learnerPageLink(classId, className) {
     return {
       name: PageNames.LEARNER_LIST,
-      params: { classId },
+      params: { classId, className },
     };
   }
 
diff --git a/kolibri/plugins/coach/assets/src/views/reports/CoachUserCreateModal.vue b/kolibri/plugins/coach/assets/src/views/reports/CoachUserCreateModal.vue
index b5281365409..4debffebd11 100644
--- a/kolibri/plugins/coach/assets/src/views/reports/CoachUserCreateModal.vue
+++ b/kolibri/plugins/coach/assets/src/views/reports/CoachUserCreateModal.vue
@@ -1,7 +1,7 @@
 <template>
 
   <KModal
-    :title="$tr('createNewUserHeader')"
+    :title="$tr('createNewUserHeader',{thisClassName})"
     :submitText="$tr('saveUserButtonLabel')"
     :cancelText="$tr('cancel')"
     :submitDisabled="submitting"
@@ -73,16 +73,21 @@
 
   import { mapActions, mapState, mapGetters } from 'vuex';
   import { UserKinds, ERROR_CONSTANTS } from 'kolibri.coreVue.vuex.constants';
+  import { FacilityUsernameResource } from 'kolibri.resources';
   import { validateUsername } from 'kolibri.utils.validators';
   import CatchErrors from 'kolibri.utils.CatchErrors';
   import KRadioButton from 'kolibri.coreVue.components.KRadioButton';
   import KModal from 'kolibri.coreVue.components.KModal';
   import KTextbox from 'kolibri.coreVue.components.KTextbox';
+  import {
+    filterAndSortUsers,
+    userMatchesFilter,
+  } from '../../../../../device_management/assets/src/userSearchUtils';
 
   export default {
     name: 'CoachUserCreateModal',
     $trs: {
-      createNewUserHeader: 'Create new learner',
+      createNewUserHeader: 'Create new learner in {thisClassName}',
       cancel: 'Cancel',
       name: 'Full name',
       username: 'Username',
@@ -110,8 +115,20 @@
       KModal,
       KTextbox,
     },
+    props: {
+      classId: {
+        type: String,
+        required: true,
+      },
+      className: {
+        type: String,
+        required: true,
+      },
+    },
     data() {
       return {
+        thisClassName: this.className,
+        thisClassId: this.classId,
         fullName: '',
         username: '',
         password: '',
@@ -128,6 +145,8 @@
         passwordBlurred: false,
         confirmedPasswordBlurred: false,
         formSubmitted: false,
+        newUser: [],
+        usernames: [],
       };
     },
     computed: {
@@ -158,8 +177,8 @@
         return Boolean(this.nameIsInvalidText);
       },
       usernameAlreadyExists() {
-        return this.facilityUsers.find(
-          ({ username }) => username.toLowerCase() === this.username.toLowerCase()
+        return this.usernames.find(
+          username => username.toLowerCase() === this.username.toLowerCase()
         );
       },
       usernameIsInvalidText() {
@@ -213,9 +232,13 @@
         );
       },
     },
+    beforeMount() {
+      this.setSuggestions();
+    },
     methods: {
       ...mapActions('userManagement', ['createUser', 'displayModal']),
       ...mapActions(['handleApiError']),
+      ...mapActions('classAssignMembers', ['enrollLearnersInClass']),
       createNewUser() {
         this.usernameAlreadyExistsOnServer = false;
         this.formSubmitted = true;
@@ -231,7 +254,9 @@
             password: this.password,
           }).then(
             () => {
+              this.enrollLearnersInClass({ classId: this.thisClassId, users: this.getUsers() });
               this.close();
+              location.reload();
             },
             error => {
               const usernameAlreadyExistsError = CatchErrors(error, [
@@ -249,6 +274,26 @@
           this.focusOnInvalidField();
         }
       },
+      setSuggestions() {
+        FacilityUsernameResource.fetchCollection({
+          getParams: {
+            facility: this.currentFacilityId,
+          },
+        })
+          .then(users => {
+            this.usernames = users.map(user => user.username);
+          })
+          .catch(() => {
+            this.usernames = [];
+          });
+      },
+      getUsers() {
+        this.newUser.push(
+          filterAndSortUsers(this.facilityUsers, user => userMatchesFilter(user, this.username))[0]
+            .id
+        );
+        return this.newUser;
+      },
       focusOnInvalidField() {
         if (this.nameIsInvalid) {
           this.$refs.name.focus();
diff --git a/kolibri/plugins/coach/assets/src/views/reports/LearnerListPage.vue b/kolibri/plugins/coach/assets/src/views/reports/LearnerListPage.vue
index 2173f2c30f6..0af0b61e3b6 100644
--- a/kolibri/plugins/coach/assets/src/views/reports/LearnerListPage.vue
+++ b/kolibri/plugins/coach/assets/src/views/reports/LearnerListPage.vue
@@ -84,7 +84,11 @@
 
     <p v-if="!standardDataTable.length">{{ $tr('noLearners') }}</p>
 
-    <CoachUserCreateModal v-if="modalShown===Modals.COACH_CREATE_USER" />
+    <CoachUserCreateModal
+      v-if="modalShown===Modals.COACH_CREATE_USER"
+      :classId="thisClassId"
+      :className="thisClassName"
+    />
 
   </div>
 
@@ -154,7 +158,7 @@
       documentTitleForLearners: 'Learners',
     },
     computed: {
-      ...mapState(['classId', 'pageName', 'reportRefreshInterval']),
+      ...mapState(['classId', 'className', 'pageName', 'reportRefreshInterval']),
       ...mapGetters('reports', ['standardDataTable', 'exerciseCount', 'contentCount']),
       ...mapState('reports', ['channelId', 'contentScopeSummary', 'contentScopeId', 'userScope']),
       ...mapGetters(['currentUserId', 'isSuperuser', 'isCoach']),
@@ -173,6 +177,12 @@
       isExercisePage() {
         return this.contentScopeSummary.kind === ContentNodeKinds.EXERCISE;
       },
+      thisClassName() {
+        return this.className;
+      },
+      thisClassId() {
+        return this.classId;
+      },
       isRootLearnerPage() {
         return this.pageName === PageNames.LEARNER_LIST;
       },

From 941bee428bb9b81019256fb4d2d7d6e110747f42 Mon Sep 17 00:00:00 2001
From: AndreiMPopescu <andrei.m.popescu@tsgforce.com>
Date: Thu, 14 Mar 2019 15:26:14 +0000
Subject: [PATCH 2/2] EF2E-1 Permissions have been added properly

---
 kolibri/core/auth/permissions/general.py      | 30 +++++++++--------
 .../views/reports/CoachUserCreateModal.vue    | 33 -------------------
 .../src/views/reports/LearnerListPage.vue     |  2 ++
 3 files changed, 18 insertions(+), 47 deletions(-)

diff --git a/kolibri/core/auth/permissions/general.py b/kolibri/core/auth/permissions/general.py
index 88e44fbf543..32c210167de 100644
--- a/kolibri/core/auth/permissions/general.py
+++ b/kolibri/core/auth/permissions/general.py
@@ -189,23 +189,25 @@ def __init__(self, field_name=".", read_only=False):
 
     def _user_is_coach(self, user, obj=None):
 
+        # Check if the current user is a coach
+
         from ..models import Classroom
 
-        # if obj:
-        #     if not hasattr(obj, "dataset") or not user.dataset == obj.dataset:
-        #         return False
-        #
-        # classrooms = Classroom.objects.filter(dataset=user.dataset)
-        #
-        # is_coach = 0
-        #
-        # for classroom in classrooms:
-        #     if user.has_role_for_collection(role_kinds.COACH, classroom):
-        #                 is_coach += 1
-        #
-        # return is_coach > 0
+        if obj:
+            if not hasattr(obj, "dataset") or not user.dataset == obj.dataset:
+                return False
+
+        classrooms = Classroom.objects.filter(dataset=user.dataset)
+
+        is_coach = 0
+
+        for classroom in classrooms:
+            if user.has_role_for_collection(role_kinds.COACH, classroom):
+                        is_coach += 1
+
+        return is_coach > 0
+
 
-        return True
 
 
 
diff --git a/kolibri/plugins/coach/assets/src/views/reports/CoachUserCreateModal.vue b/kolibri/plugins/coach/assets/src/views/reports/CoachUserCreateModal.vue
index 4debffebd11..333beb0e975 100644
--- a/kolibri/plugins/coach/assets/src/views/reports/CoachUserCreateModal.vue
+++ b/kolibri/plugins/coach/assets/src/views/reports/CoachUserCreateModal.vue
@@ -48,21 +48,6 @@
         :invalidText="confirmedPasswordIsInvalidText"
         @blur="confirmedPasswordBlurred = true"
       />
-
-      <fieldset v-if="coachIsSelected" class="coach-selector">
-        <KRadioButton
-          v-model="classCoach"
-          :label="$tr('classCoachLabel')"
-          :description="$tr('classCoachDescription')"
-          :value="true"
-        />
-        <KRadioButton
-          v-model="classCoach"
-          :label="$tr('facilityCoachLabel')"
-          :description="$tr('facilityCoachDescription')"
-          :value="false"
-        />
-      </fieldset>
     </section>
   </KModal>
 
@@ -76,7 +61,6 @@
   import { FacilityUsernameResource } from 'kolibri.resources';
   import { validateUsername } from 'kolibri.utils.validators';
   import CatchErrors from 'kolibri.utils.CatchErrors';
-  import KRadioButton from 'kolibri.coreVue.components.KRadioButton';
   import KModal from 'kolibri.coreVue.components.KModal';
   import KTextbox from 'kolibri.coreVue.components.KTextbox';
   import {
@@ -96,13 +80,6 @@
       userType: 'User type',
       saveUserButtonLabel: 'Save',
       learner: 'Learner',
-      coach: 'Coach',
-      admin: 'Admin',
-      coachSelectorHeader: 'Coach type',
-      classCoachLabel: 'Class coach',
-      classCoachDescription: "Can only instruct classes that they're assigned to",
-      facilityCoachLabel: 'Facility coach',
-      facilityCoachDescription: 'Can instruct all classes in your facility',
       usernameAlreadyExists: 'Username already exists',
       usernameNotAlphaNumUnderscore: 'Username can only contain letters, numbers, and underscores',
       pwMismatchError: 'Passwords do not match',
@@ -111,7 +88,6 @@
       required: 'This field is required',
     },
     components: {
-      KRadioButton,
       KModal,
       KTextbox,
     },
@@ -153,18 +129,9 @@
       ...mapGetters(['currentFacilityId']),
       ...mapState('userManagement', ['facilityUsers']),
       newUserRole() {
-        if (this.coachIsSelected) {
-          if (this.classCoach) {
-            return UserKinds.ASSIGNABLE_COACH;
-          }
-          return UserKinds.COACH;
-        }
         // Admin or Learner
         return this.kind.value;
       },
-      coachIsSelected() {
-        return this.kind.value === UserKinds.COACH;
-      },
       nameIsInvalidText() {
         if (this.nameBlurred || this.formSubmitted) {
           if (this.fullName === '') {
diff --git a/kolibri/plugins/coach/assets/src/views/reports/LearnerListPage.vue b/kolibri/plugins/coach/assets/src/views/reports/LearnerListPage.vue
index 0af0b61e3b6..a14502fbbc8 100644
--- a/kolibri/plugins/coach/assets/src/views/reports/LearnerListPage.vue
+++ b/kolibri/plugins/coach/assets/src/views/reports/LearnerListPage.vue
@@ -23,6 +23,7 @@
       </KGridItem>
       <KGridItem sizes="100, 50, 50" percentage align="right">
         <KButton
+          v-if="className"
           :text="$tr('newUserButtonLabel')"
           :primary="true"
           @click="displayModal(Modals.COACH_CREATE_USER)"
@@ -121,6 +122,7 @@
     metaInfo() {
       return {
         title: this.documentTitle,
+        className: this.className,
       };
     },
     components: {