Auto stash before merge of "master" and "origin/master"

guFalcon · guFalcon · commit 28fed71cb5bd · 2025-06-05T09:42:06.000+02:00
diff --git a/md/test-exam-practice-question.md b/md/test-exam-practice-question.md
@@ -1,27 +1,26 @@
 # Question 23
-@@@ #answer 
-## Webservices, REST, SQL-Databases
-@@@
 ## Introduction
-@@@ #practice
-### Practice-question
+@@@ #exam
+## Exam-question: Webservices, REST, SQL-Databases
+
 ```plantuml
-class practice
+class exam
 ```
 ```bash
-class practice
+class exam
 ```
-You are a student making an internship at a big company that wants to re-write the legacy software.
+You are employed at a company that wants to re-structure their legacy software.
 @@@
-@@@ #exam
-### Exam-question
+@@@ #practice
+## Practice-question: Webservices, REST, SQL-Databases
+
 ```plantuml
-class exam
+class practice
 ```
 ```bash
-class exam
+class practice
 ```
-You are employed at a company that wants to re-structure their legacy software.
+You are a student making an internship at a big company that wants to re-write the legacy software.
 @@@
 ## Question
 ```plantuml
diff --git a/md/test-md-file.md b/md/test-md-file.md
@@ -10,14 +10,14 @@ This is a sample text...
 @@@ teacher
 Only visible to the teachers.
 @@@
-@@@ 4bhif
+@@@ teacher, 4bhif
 Only visible to 4bhif and teachers.
 @@@
 @@@ admin
 Admins only!!!
 @@@
 @@@ 4bhif,5bhif, 4ahif
-Special visibility
+Special visibility (4bhif, 5bhif and 4ahif only)
 @@@
 
 ## Test PlantUML
diff --git a/md/test-perms.md b/md/test-perms.md
@@ -2,32 +2,28 @@
 The following paragraph is only visible to teachers:
 @@@ teacher
 >Only visible to teachers.
-
 @@@
 
 # Simple Group Permission
 The following paragraph is only visible to 5BHIF:
 @@@ 5bhif
 >Only visible to 5BHIF.
-
 @@@
 
 # User Permission
-The following paragraph is only visible to Stu Dent
-@@@ Stu Dent
+The following paragraph is only visible to Stu Dent:
+@@@ stu dent
 >Only visible to Stu Dent
-
 @@@
 # NO Nested Permissions!
 Nested permissions don't work due to the way we parse the permission-declarations (regexp).
 
 The following paragraph is only visible to 5BHIF:
 @@@ 5bhif
 >Only visible to users in 5BHIF group.
+@@@
 
 The following paragraph is only visible to teachers in group 5BHIF:
 @@@ teacher
 >Only visible to users being in teachers AND 5bhif groups.
-
-@@@
 @@@
diff --git a/obsidian.js b/obsidian.js
@@ -1217,7 +1217,7 @@ async function getTopdownMenu(req) {
       </label>
     </div>
     ${
-      (await hasSomeRoles(req, ["teacher"]))
+      (await hasSomeRoles(req, ["teacher"], true))
         ? `<div class="flipswitch menu" style="display: inline-block; top: 16px; margin-top: 12px; margin-left: 3px;">
         <input checked="" onchange="toggleViewExam()" id="examFs" class="flipswitch-cb" name="flipswitch" type="checkbox">
         <label for="examFs" class="flipswitch-label">
diff --git a/utils.js b/utils.js
@@ -4,15 +4,15 @@ import { getUserAttributes } from "./middlewares/keycloak-middleware.js";
 /**
  * hasAllRoles(req, ["teacher", "student", "admin", "gluppy"])
  */
-export async function hasAllRoles(req, clientRoles, override = false) {
-  return hasRoles(req, clientRoles, true, override);
+export async function hasAllRoles(req, clientRoles, allowOverride = false) {
+  return hasRoles(req, clientRoles, true, allowOverride);
 }
 
 /**
  * hasSomeRoles(req, ["teacher", "student", "admin", "gluppy"])
  */
-export async function hasSomeRoles(req, clientRoles, override = false) {
-  return hasRoles(req, clientRoles, false, override);
+export async function hasSomeRoles(req, clientRoles, allowOverride = false) {
+  return hasRoles(req, clientRoles, false, allowOverride);
 }
 
 /**
@@ -84,84 +84,89 @@ async function hasClientRoles(req, clientRoles, all) {
 /**
  * Fetches all Keycloak roles of the client and all LDAP roles of the user, previously calculated in the Keycloak-middleware and checks for permissions.
  */
-async function hasRoles(req, clientRoles, all, override) {
+async function hasRoles(req, clientRoles, all, allowOverride) {
   try {
+    //console.log("Checking roles", clientRoles, "all", all, "allowOverride", allowOverride);
+    // The roles to check are empty. So we return true.
     if (
       clientRoles === undefined ||
       clientRoles === null ||
       clientRoles.length == 0
     ) {
       return true;
     }
+
     let clientAccess = null;
     const attributes = await getUserAttributes(req);
     const ccr = await getClientRoles(req, clientRoles);
     // console.log("Client roles", ccr);
     // console.log("Request user rolesCalculated", req.user.rolesCalculated);
-    if (
-      req.user.rolesCalculated !== undefined &&
-      req.user.rolesCalculated !== null
-    ) {
-      // console.log("attributes", attributes);
-      if (attributes && attributes.attributes && attributes.attributes.config) {
-        const a = JSON.parse(attributes.attributes.config);
-        let r = JSON.parse(req.user.rolesCalculated);
-        // console.log("Roles Calculated", r);
-        if (r === undefined || r === null) {
-          r = {};
-        }
-        let name = req.user.name
-        name = name.trim()
-        name = name.toLowerCase()
-        r[name] = true;
-        const cr = await getClientRoles(req, clientRoles);
-        if (cr) {
-          for (const role of cr) {
-            r[role] = "cr";
-          }
-        }
-        const clientViews = clientRoles.filter((role) => role.startsWith("#"));
-        clientRoles = clientRoles.filter((role) => !role.startsWith("#"));
-        if ((r.admin || r.teacher) && override && a.vt == 0) {
-          // Downgrade teacher and admin to student.
-          r.admin = false;
-          r.teacher = false;
-        }
-        if (r.admin) {
-          clientAccess = true;
+    // console.log("attributes", attributes);
+    let a = {ve: 0, vt: 0, va: 0};
+    if (attributes?.attributes?.config) {
+      a = JSON.parse(attributes.attributes.config);
+    }
+    let r = JSON.parse(req.user.rolesCalculated);
+    // console.log("Roles Calculated", r);
+    if (r === undefined || r === null) {
+      r = {};
+    }
+    let name = req.user.name
+    name = name.trim()
+    name = name.toLowerCase()
+    r[name] = true;
+    const cr = await getClientRoles(req, clientRoles);
+    if (cr) {
+      for (const role of cr) {
+        r[role] = true;
+      }
+    }
+    const clientViews = clientRoles.filter((role) => role.startsWith("#"));
+    clientRoles = clientRoles.filter((role) => !role.startsWith("#"));
+    let isAdmin = r.admin || clientRoles.includes("admin");
+    let isTeacher = r.teacher || clientRoles.includes("teacher");
+    if (isTeacher) {
+      r.teachers = true;
+    }
+    if ((isAdmin || isTeacher) && allowOverride && a.vt == 0) {
+      // Downgrade teacher and admin to student.
+      isAdmin = false;
+      isTeacher = false;
+      delete r["teacher"];
+    }
+    if (isAdmin) {
+      clientAccess = true;
+    } else {
+      if (clientRoles.length > 0) {
+        if (all) {
+          clientAccess = clientRoles.every((role) => r[role]);
         } else {
-          if (!clientRoles.includes("admin") && r.teacher) {
-            clientAccess = true;
-          } else {
-            if (clientRoles.length > 0) {
-              if (all) {
-                clientAccess = clientRoles.every((role) => r[role]);
-              } else {
-                clientAccess = clientRoles.some((role) => r[role]);
-              }
-            }
-          }
+          clientAccess = clientRoles.some((role) => r[role]);
         }
-        if (clientAccess === null || clientAccess) {
-          for (const view of clientViews) {
-            const viewRole = view.substring(1);
-            switch (viewRole) {
-              case "exam":
-                // For security reasons hardcoded to only allow teachers and admins to view exam-questions.
-                clientAccess = a.ve == 1 && (r.admin || r.teacher);
-                break;
-              case "practice":
-                clientAccess = a.ve == 0;
-                break;
-              case "answer":
-                clientAccess = a.va == 1;
-                break;
-            }
-          }
+      }
+    }
+    if (clientAccess === null || clientAccess) {
+      for (const view of clientViews) {
+        const viewRole = view.substring(1);
+        switch (viewRole) {
+          case "exam":
+            // For security reasons hardcoded to only allow teachers and admins to view exam-questions.
+            clientAccess = a.ve == 1 && (isAdmin || isTeacher);
+            break;
+          case "practice":
+            clientAccess = a.ve == 0;
+            break;
+          case "answer":
+            clientAccess = a.va == 1;
+            break;
         }
       }
     }
-    return clientAccess || false;
+    console.log("Checking roles:", clientRoles, "all:", all, "allowOverride:", allowOverride, "isAdmin:", isAdmin, "isTeacher:", isTeacher, "studOvr:", a.vt == 0, "Client access:", clientAccess);
+    if (clientAccess === null) {
+      clientAccess = false;
+    }
+    return clientAccess;
   } catch (error) {
     console.error(`Error checking client roles: ${error}`);
     return null;
