reset password
Author Message
cysun
Posts: 2935
Posted 09:19 Dec 06, 2010 |

For instructor's access to homework files, the easiest way (I think) is to add a section property to the File class. This property is set when a file is uploaded by the homework upload controller, and it's NULL if the file is uploaded through the file manager. And in the file read voter, you can use file.getSection().isInstructor(user) to check if the user has instructor's access to the file.

In the file write voter, you can use file.getParent().getOwner().isSameUser(user) to check if a user is trying to upload to somebody else's folder.

Also remember the viewFolder URL should not be restricted to ROLE_USER; otherwise anonymous users cannot access the public folders.