diff --git a/src/services/lesson/hooks/index.js b/src/services/lesson/hooks/index.js index bcd8b2db2ce..458b64785ab 100644 --- a/src/services/lesson/hooks/index.js +++ b/src/services/lesson/hooks/index.js @@ -3,7 +3,7 @@ const { Configuration } = require('@hpi-schul-cloud/commons'); const { nanoid } = require('nanoid'); const { iff, isProvider } = require('feathers-hooks-common'); -const { NotFound, BadRequest, Forbidden } = require('../../../errors'); +const { NotFound, BadRequest } = require('../../../errors'); const { equal } = require('../../../helper/compare').ObjectId; const { injectUserId, @@ -204,19 +204,6 @@ const restrictToUsersCoursesLessons = async (context) => { return context; }; -const restrictToUsersDraftLessons = async (context) => { - const user = await context.app.service('users').get(context.params.account.userId, { query: { $populate: 'roles' } }); - const userIsStudent = user.roles.filter((u) => u.name === 'student').length > 0; - const lesson = await context.app.service('lessons').get(context.id); - const isDraft = lesson.hidden; - - if (isDraft && userIsStudent) { - throw new Forbidden(`You don't have permission.`); - } - - return context; -}; - const populateWhitelist = { materialIds: [ '_id', @@ -254,7 +241,7 @@ exports.before = () => { get: [ hasPermission('TOPIC_VIEW'), iff(isProvider('external'), getRestrictPopulatesHook(populateWhitelist)), - iff(isProvider('external'), restrictToUsersCoursesLessons, restrictToUsersDraftLessons), + iff(isProvider('external'), restrictToUsersCoursesLessons), ], create: [ checkIfCourseGroupLesson.bind(this, 'COURSEGROUP_CREATE', 'TOPIC_CREATE', true), @@ -267,7 +254,7 @@ exports.before = () => { iff(isProvider('external'), preventPopulate), permitGroupOperation, ifNotLocal(checkCorrectCourseOrTeamId), - iff(isProvider('external'), restrictToUsersCoursesLessons, restrictToUsersDraftLessons), + iff(isProvider('external'), restrictToUsersCoursesLessons), checkIfCourseGroupLesson.bind(this, 'COURSEGROUP_EDIT', 'TOPIC_EDIT', false), ], patch: [