Skip to content

Commit

Permalink
Merge pull request #113 from edly-io/rehan/EDLY-1515
Browse files Browse the repository at this point in the history 
Updates permissions for updating Edly staff roles
  • Loading branch information
@rehan99000
rehan99000 authored Jun 22, 2020
2 parents 1c93d6e + ef2f783 commit dc783c3
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 2 deletions.
2 changes: 1 addition & 1 deletion common/djangoapps/student/auth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ def _check_caller_authority(caller, role):
if not (caller.is_authenticated and caller.is_active):
raise PermissionDenied
# superuser
if GlobalStaff().has_user(caller) or GlobalCourseCreatorRole().has_user(caller):
if GlobalStaff().has_user(caller) or caller.groups.filter(name=settings.EDLY_PANEL_ADMIN_USERS_GROUP).exists():
return

if isinstance(role, (GlobalStaff, CourseCreatorRole)):
Expand Down
26 changes: 25 additions & 1 deletion openedx/features/edly/tests/test_utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
from mock import MagicMock

from django.conf import settings
from django.contrib.auth.models import Group
from django.core.exceptions import PermissionDenied
from django.http import HttpResponse
from django.test import TestCase
from django.test.client import RequestFactory
Expand Down Expand Up @@ -176,14 +178,25 @@ def test_update_course_creator_status(self):
assert self._get_course_creator_status(self.user) == 'unrequested'
assert not auth.user_has_role(self.user, CourseCreatorRole())

self.admin_user.is_staff = False
self.admin_user.save()
with self.assertRaises(PermissionDenied):
update_course_creator_status(self.admin_user, self.user, True)

edly_panel_admin_user_group, __ = Group.objects.get_or_create(name=settings.EDLY_PANEL_ADMIN_USERS_GROUP)
self.admin_user.groups.add(edly_panel_admin_user_group)
update_course_creator_status(self.admin_user, self.user, False)
assert self._get_course_creator_status(self.user) == 'unrequested'
assert not auth.user_has_role(self.user, CourseCreatorRole())

@skip_unless_cms
@mock.patch('course_creators.admin.render_to_string', mock.Mock(side_effect=mock_render_to_string, autospec=True))
def test_set_global_course_creator_status(self):
"""
Test that "set_global_course_creator_status" method sets/removes a User as Global Course Creator correctly.
"""
self._create_edly_sub_organization()
response = cookies_api.set_logged_in_edly_cookies(self.request, HttpResponse(), self.user)
response = cookies_api.set_logged_in_edly_cookies(self.request, HttpResponse(), self.user, cookie_settings(self.request))
self._copy_cookies_to_request(response, self.request)
edly_user_info_cookie = self.request.COOKIES.get(settings.EDLY_USER_INFO_COOKIE_NAME)
edx_org = get_edx_org_from_cookie(edly_user_info_cookie)
Expand All @@ -196,3 +209,14 @@ def test_set_global_course_creator_status(self):
set_global_course_creator_status(self.request, self.user, False)
assert self._get_course_creator_status(self.user) == 'unrequested'
assert not auth.user_has_role(self.user, GlobalCourseCreatorRole(edx_org))

self.admin_user.is_staff = False
self.admin_user.save()
with self.assertRaises(PermissionDenied):
set_global_course_creator_status(self.request, self.user, True)

edly_panel_admin_user_group, __ = Group.objects.get_or_create(name=settings.EDLY_PANEL_ADMIN_USERS_GROUP)
self.admin_user.groups.add(edly_panel_admin_user_group)
set_global_course_creator_status(self.request, self.user, True)
assert self._get_course_creator_status(self.user) == 'granted'
assert auth.user_has_role(self.user, CourseCreatorRole())
6 changes: 6 additions & 0 deletions openedx/features/edly/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import jwt
import waffle
from django.conf import settings
from django.core.exceptions import PermissionDenied
from django.db.models import Q
from django.forms.models import model_to_dict

Expand All @@ -12,6 +13,7 @@
CourseInstructorRole,
CourseStaffRole,
GlobalCourseCreatorRole,
GlobalStaff,
UserBasedRole,
)
from util.organizations_helpers import get_organizations
Expand Down Expand Up @@ -188,6 +190,10 @@ def set_global_course_creator_status(request, user, set_global_creator):
from course_creators.models import CourseCreator

request_user = request.user
is_edly_panel_admin_user = request_user.groups.filter(name=settings.EDLY_PANEL_ADMIN_USERS_GROUP).exists()
if not GlobalStaff().has_user(request_user) and not is_edly_panel_admin_user:
raise PermissionDenied

course_creator, __ = CourseCreator.objects.get_or_create(user=user)
course_creator.state = CourseCreator.GRANTED if set_global_creator else CourseCreator.UNREQUESTED
course_creator.note = 'Global course creator user was updated by panel admin {}'.format(request_user.email)
Expand Down

0 comments on commit dc783c3

Please sign in to comment.