From 8b5cf095c92c6ae0ffe31d006c5298e677f95d25 Mon Sep 17 00:00:00 2001 From: dezhidki Date: Thu, 23 May 2024 17:13:12 +0300 Subject: [PATCH] item.routes: Allow requiring valid sesion when polling document view info Fixes a bug where goto-link reports missing rights when a student actually does not have a valid session. --- timApp/item/routes.py | 6 +++--- timApp/static/scripts/tim/document/viewctrl.ts | 6 +++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/timApp/item/routes.py b/timApp/item/routes.py index 6769b8b3ee..31e4f9b567 100644 --- a/timApp/item/routes.py +++ b/timApp/item/routes.py @@ -290,7 +290,7 @@ def par_info(doc_id, par_id): @view_page.get("/docViewInfo/") -def doc_access_info(doc_name): +def doc_access_info(doc_name: str, require_valid_session: bool = True): doc_info = DocEntry.find_by_path(doc_name, fallback_to_id=True) if not doc_info: raise NotExist() @@ -298,9 +298,9 @@ def doc_access_info(doc_name): cur_user = get_current_user_object() user_message = get_user_global_message(cur_user) - # If there is no valid session, just send out the global message + # If there is no valid session, but we don't require one, just send out the global message # This allows sending global messages even if there is no valid session - if not has_valid_session(cur_user): + if not require_valid_session and not has_valid_session(cur_user): return json_response( { "can_access": False, diff --git a/timApp/static/scripts/tim/document/viewctrl.ts b/timApp/static/scripts/tim/document/viewctrl.ts index 78577a4e30..4ff15cc0fd 100644 --- a/timApp/static/scripts/tim/document/viewctrl.ts +++ b/timApp/static/scripts/tim/document/viewctrl.ts @@ -474,7 +474,11 @@ export class ViewCtrl implements IController { // Check against statePollInterval to allow stopping the polling while (this.docViewInfoPollInterval) { const r = await to( - $http.get(`/docViewInfo/${docPath}`) + $http.get(`/docViewInfo/${docPath}`, { + params: { + require_valid_session: false, + }, + }) ); if (r.ok) {