From d09060bd8ca33a5dbdce1f74bb398391feadecde Mon Sep 17 00:00:00 2001
From: Hiroki Terashima <honchikun@gmail.com>
Date: Tue, 10 Mar 2026 12:35:20 -0700
Subject: [PATCH] feat(DiscussionSummary): Allow teachers to retrieve student
 data

---
 .../student/ClassmateDataController.java      | 13 +++++----
 .../ClassmateDiscussionDataController.java    |  7 ++---
 .../ClassmateSummaryDataController.java       | 28 ++++++++-----------
 3 files changed, 21 insertions(+), 27 deletions(-)

diff --git a/src/main/java/org/wise/portal/presentation/web/controllers/student/ClassmateDataController.java b/src/main/java/org/wise/portal/presentation/web/controllers/student/ClassmateDataController.java
index 60c5bf7e8..439aee09e 100644
--- a/src/main/java/org/wise/portal/presentation/web/controllers/student/ClassmateDataController.java
+++ b/src/main/java/org/wise/portal/presentation/web/controllers/student/ClassmateDataController.java
@@ -57,8 +57,11 @@ protected boolean isStudentInRunAndPeriod(Authentication auth, Run run, Group pe
   }
 
   protected boolean isTeacherOfRun(Authentication auth, Run run) {
-    User user = userService.retrieveUser((TeacherUserDetails) auth.getPrincipal());
-    return user != null && run.isTeacherAssociatedToThisRun(user);
+    if (isTeacher(auth)) {
+      User user = userService.retrieveUser((TeacherUserDetails) auth.getPrincipal());
+      return user != null && run.isTeacherAssociatedToThisRun(user);
+    }
+    return false;
   }
 
   protected boolean isComponentType(Run run, String nodeId, String componentId,
@@ -75,8 +78,7 @@ protected ProjectComponent getProjectComponent(Run run, String nodeId, String co
     return projectContent.getComponent(nodeId, componentId);
   }
 
-  protected List<ProjectComponent> getProjectComponents(Run run)
-      throws IOException, JSONException {
+  protected List<ProjectComponent> getProjectComponents(Run run) throws IOException, JSONException {
     String projectString = projectService.getProjectContent(run.getProject());
     JSONObject projectJSON = new JSONObject(projectString);
     ProjectContent projectContent = new ProjectContent(projectJSON);
@@ -92,8 +94,7 @@ protected List<StudentWork> getStudentWork(Run run, Group period, String nodeId,
     return vleService.getStudentWork(run, period, nodeId, componentId);
   }
 
-  protected List<StudentWork> getLatestStudentWork(Run run, String nodeId,
-      String componentId) {
+  protected List<StudentWork> getLatestStudentWork(Run run, String nodeId, String componentId) {
     return vleService.getLatestStudentWork(run, nodeId, componentId);
   }
 
diff --git a/src/main/java/org/wise/portal/presentation/web/controllers/student/ClassmateDiscussionDataController.java b/src/main/java/org/wise/portal/presentation/web/controllers/student/ClassmateDiscussionDataController.java
index 96faab838..80edefa43 100644
--- a/src/main/java/org/wise/portal/presentation/web/controllers/student/ClassmateDiscussionDataController.java
+++ b/src/main/java/org/wise/portal/presentation/web/controllers/student/ClassmateDiscussionDataController.java
@@ -19,7 +19,7 @@
 import org.wise.vle.domain.work.StudentWork;
 
 @RestController
-@Secured("ROLE_STUDENT")
+@Secured({ "ROLE_STUDENT", "ROLE_TEACHER" })
 @RequestMapping("/api/classmate/discussion")
 public class ClassmateDiscussionDataController extends ClassmateDataController {
 
@@ -28,8 +28,7 @@ public class ClassmateDiscussionDataController extends ClassmateDataController {
   @GetMapping("/student-work/{runId}/{periodId}/{nodeId}/{componentId}")
   public List<StudentWork> getClassmateDiscussionWork(Authentication auth,
       @PathVariable("runId") RunImpl run, @PathVariable Long periodId, @PathVariable String nodeId,
-      @PathVariable String componentId)
-      throws IOException, JSONException, ObjectNotFoundException {
+      @PathVariable String componentId) throws IOException, JSONException, ObjectNotFoundException {
     Group period = groupService.retrieveById(periodId);
     if (isAllowedToGetData(auth, run, period, nodeId, componentId)) {
       return getStudentWork(run, period, nodeId, componentId);
@@ -52,7 +51,7 @@ public List<Annotation> getClassmateDiscussionAnnotations(Authentication auth,
 
   private boolean isAllowedToGetData(Authentication auth, Run run, Group period, String nodeId,
       String componentId) throws IOException, JSONException, ObjectNotFoundException {
-    return isStudentInRunAndPeriod(auth, run, period)
+    return (isTeacherOfRun(auth, run) || isStudentInRunAndPeriod(auth, run, period))
         && isDiscussionComponent(run, nodeId, componentId);
   }
 
diff --git a/src/main/java/org/wise/portal/presentation/web/controllers/student/ClassmateSummaryDataController.java b/src/main/java/org/wise/portal/presentation/web/controllers/student/ClassmateSummaryDataController.java
index 32504873b..1c11fd0ca 100644
--- a/src/main/java/org/wise/portal/presentation/web/controllers/student/ClassmateSummaryDataController.java
+++ b/src/main/java/org/wise/portal/presentation/web/controllers/student/ClassmateSummaryDataController.java
@@ -33,8 +33,7 @@ public class ClassmateSummaryDataController extends ClassmateDataController {
   @GetMapping("/student-work/{runId}/{nodeId}/{componentId}/period/{periodId}")
   public List<StudentWork> getClassmateSummaryWorkInPeriod(Authentication auth,
       @PathVariable("runId") RunImpl run, @PathVariable Long periodId, @PathVariable String nodeId,
-      @PathVariable String componentId)
-      throws IOException, JSONException, ObjectNotFoundException {
+      @PathVariable String componentId) throws IOException, JSONException, ObjectNotFoundException {
     Group period = groupService.retrieveById(periodId);
     if (isAllowedToGetData(auth, run, period, nodeId, componentId)) {
       return getLatestStudentWork(run, period, nodeId, componentId);
@@ -45,8 +44,7 @@ public List<StudentWork> getClassmateSummaryWorkInPeriod(Authentication auth,
   @GetMapping("/student-work/{runId}/{nodeId}/{componentId}/class")
   public List<StudentWork> getClassmateSummaryWorkInClass(Authentication auth,
       @PathVariable("runId") RunImpl run, @PathVariable String nodeId,
-      @PathVariable String componentId)
-      throws IOException, JSONException, ObjectNotFoundException {
+      @PathVariable String componentId) throws IOException, JSONException, ObjectNotFoundException {
     if (isAllowedToGetData(auth, run, nodeId, componentId)) {
       return getLatestStudentWork(run, nodeId, componentId);
     }
@@ -56,8 +54,7 @@ public List<StudentWork> getClassmateSummaryWorkInClass(Authentication auth,
   @GetMapping("/scores/{runId}/{nodeId}/{componentId}/period/{periodId}")
   public List<Annotation> getClassmateSummaryScoresInPeriod(Authentication auth,
       @PathVariable("runId") RunImpl run, @PathVariable Long periodId, @PathVariable String nodeId,
-      @PathVariable String componentId)
-      throws IOException, JSONException, ObjectNotFoundException {
+      @PathVariable String componentId) throws IOException, JSONException, ObjectNotFoundException {
     Group period = groupService.retrieveById(periodId);
     if (isAllowedToGetData(auth, run, period, nodeId, componentId)) {
       return getLatestScoreAnnotations(getAnnotations(run, period, nodeId, componentId));
@@ -68,8 +65,7 @@ public List<Annotation> getClassmateSummaryScoresInPeriod(Authentication auth,
   @GetMapping("/scores/{runId}/{nodeId}/{componentId}/class")
   public List<Annotation> getClassmateSummaryScoresInClass(Authentication auth,
       @PathVariable("runId") RunImpl run, @PathVariable String nodeId,
-      @PathVariable String componentId)
-      throws IOException, JSONException, ObjectNotFoundException {
+      @PathVariable String componentId) throws IOException, JSONException, ObjectNotFoundException {
     if (isAllowedToGetData(auth, run, nodeId, componentId)) {
       return getLatestScoreAnnotations(getAnnotations(run, nodeId, componentId));
     }
@@ -78,25 +74,23 @@ public List<Annotation> getClassmateSummaryScoresInClass(Authentication auth,
 
   private boolean isAllowedToGetData(Authentication auth, Run run, Group period, String nodeId,
       String componentId) throws IOException, JSONException, ObjectNotFoundException {
-    return (isStudent(auth) && isStudentInRunAndPeriod(auth, run, period) &&
-        isValidSummaryComponent(run, nodeId, componentId)) ||
-        (isTeacher(auth) && isTeacherOfRun(auth, run));
+    return (isStudent(auth) && isStudentInRunAndPeriod(auth, run, period)
+        && isValidSummaryComponent(run, nodeId, componentId)) || isTeacherOfRun(auth, run);
   }
 
   private boolean isAllowedToGetData(Authentication auth, Run run, String nodeId,
       String componentId) throws IOException, JSONException, ObjectNotFoundException {
-    return (isStudent(auth) && isStudentInRun(auth, run) &&
-        isValidSummaryComponent(run, nodeId, componentId)) ||
-        (isTeacher(auth) && isTeacherOfRun(auth, run));
+    return (isStudent(auth) && isStudentInRun(auth, run)
+        && isValidSummaryComponent(run, nodeId, componentId)) || isTeacherOfRun(auth, run);
   }
 
   private boolean isValidSummaryComponent(Run run, String nodeId, String componentId)
       throws IOException, JSONException, ObjectNotFoundException {
     List<ProjectComponent> projectComponents = getProjectComponents(run);
     for (ProjectComponent projectComponent : projectComponents) {
-      if (projectComponent.getString("type").equals(SUMMARY_TYPE) &&
-          projectComponent.getString("summaryNodeId").equals(nodeId) &&
-          projectComponent.getString("summaryComponentId").equals(componentId)) {
+      if (projectComponent.getString("type").equals(SUMMARY_TYPE)
+          && projectComponent.getString("summaryNodeId").equals(nodeId)
+          && projectComponent.getString("summaryComponentId").equals(componentId)) {
         return true;
       }
     }