def get_ability(course_id, content, user):
"""
Return a dictionary of forums-oriented actions and the user's permission to perform them
"""
return {
'editable':
check_permissions_by_view(
user, course_id, content, "update_thread"
if content['type'] == 'thread' else "update_comment"),
'can_reply':
check_permissions_by_view(
user, course_id, content, "create_comment"
if content['type'] == 'thread' else "create_sub_comment"),
'can_delete':
check_permissions_by_view(
user, course_id, content, "delete_thread"
if content['type'] == 'thread' else "delete_comment"),
'can_openclose':
check_permissions_by_view(user, course_id, content, "openclose_thread")
if content['type'] == 'thread' else False,
'can_vote':
check_permissions_by_view(
user, course_id, content, "vote_for_thread"
if content['type'] == 'thread' else "vote_for_comment"),
}
def get_ability(course_id, content, user):
return {
'editable': check_permissions_by_view(user, course_id, content, "update_thread" if content['type'] == 'thread' else "update_comment"),
'can_reply': check_permissions_by_view(user, course_id, content, "create_comment" if content['type'] == 'thread' else "create_sub_comment"),
'can_delete': check_permissions_by_view(user, course_id, content, "delete_thread" if content['type'] == 'thread' else "delete_comment"),
'can_openclose': check_permissions_by_view(user, course_id, content, "openclose_thread") if content['type'] == 'thread' else False,
'can_vote': check_permissions_by_view(user, course_id, content, "vote_for_thread" if content['type'] == 'thread' else "vote_for_comment"),
}
def get_ability(course_id, content, user):
return {
'editable': check_permissions_by_view(user, course_id, content, "update_thread" if content['type'] == 'thread' else "update_comment"),
'can_reply': check_permissions_by_view(user, course_id, content, "create_comment" if content['type'] == 'thread' else "create_sub_comment"),
'can_delete': check_permissions_by_view(user, course_id, content, "delete_thread" if content['type'] == 'thread' else "delete_comment"),
'can_openclose': check_permissions_by_view(user, course_id, content, "openclose_thread") if content['type'] == 'thread' else False,
'can_vote': check_permissions_by_view(user, course_id, content, "vote_for_thread" if content['type'] == 'thread' else "vote_for_comment"),
}
def get_ability(course_id, content, user):
"""
Return a dictionary of forums-oriented actions and the user's permission to perform them
"""
return {
'editable': check_permissions_by_view(user, course_id, content, "update_thread" if content['type'] == 'thread' else "update_comment"),
'can_reply': check_permissions_by_view(user, course_id, content, "create_comment" if content['type'] == 'thread' else "create_sub_comment"),
'can_delete': check_permissions_by_view(user, course_id, content, "delete_thread" if content['type'] == 'thread' else "delete_comment"),
'can_openclose': check_permissions_by_view(user, course_id, content, "openclose_thread") if content['type'] == 'thread' else False,
'can_vote': check_permissions_by_view(user, course_id, content, "vote_for_thread" if content['type'] == 'thread' else "vote_for_comment"),
}
def wrapper(request, *args, **kwargs):
"""
Wrapper for the view that only calls the view if the user is authorized.
"""
def fetch_content():
"""
Extract the forum object from the keyword arguments to the view.
"""
user_group_id = None
content_user_group_id = None
if "thread_id" in kwargs:
content = cc.Thread.find(kwargs["thread_id"]).to_dict()
elif "comment_id" in kwargs:
content = cc.Comment.find(kwargs["comment_id"]).to_dict()
elif "commentable_id" in kwargs:
content = cc.Commentable.find(kwargs["commentable_id"]).to_dict()
else:
content = None
if 'username' in content:
(user_group_id, content_user_group_id) = get_user_group_ids(course_key, content, request.user)
return content, user_group_id, content_user_group_id
course_key = CourseKey.from_string(kwargs['course_id'])
content, user_group_id, content_user_group_id = fetch_content()
if check_permissions_by_view(request.user, course_key, content,
request.view_name, user_group_id, content_user_group_id):
return func(request, *args, **kwargs)
else:
return JsonError("unauthorized", status=401)
def wrapper(request, *args, **kwargs):
"""
Wrapper for the view that only calls the view if the user is authorized.
"""
def fetch_content():
"""
Extract the forum object from the keyword arguments to the view.
"""
if "thread_id" in kwargs:
content = cc.Thread.find(kwargs["thread_id"]).to_dict()
elif "comment_id" in kwargs:
content = cc.Comment.find(kwargs["comment_id"]).to_dict()
elif "commentable_id" in kwargs:
content = cc.Commentable.find(
kwargs["commentable_id"]).to_dict()
else:
content = None
return content
course_key = CourseKey.from_string(kwargs['course_id'])
if check_permissions_by_view(request.user, course_key, fetch_content(),
request.view_name):
return func(request, *args, **kwargs)
else:
return JsonError("unauthorized", status=401)
def get_ability(course_id, content, user):
"""
Return a dictionary of forums-oriented actions and the user's permission to perform them
"""
(user_group_id, content_user_group_id) = get_user_group_ids(course_id, content, user)
return {
'editable': check_permissions_by_view(
user,
course_id,
content,
"update_thread" if content['type'] == 'thread' else "update_comment",
user_group_id,
content_user_group_id
),
'can_reply': check_permissions_by_view(user, course_id, content, "create_comment" if content['type'] == 'thread' else "create_sub_comment"),
'can_delete': check_permissions_by_view(
user,
course_id,
content,
"delete_thread" if content['type'] == 'thread' else "delete_comment",
user_group_id,
content_user_group_id
),
#'can_openclose': check_permissions_by_view(
# user,
# course_id,
# content,
# "openclose_thread" if content['type'] == 'thread' else False,
# user_group_id,
# content_user_group_id
#),
'can_vote': not is_content_authored_by(content, user) and check_permissions_by_view(
user,
course_id,
content,
"vote_for_thread" if content['type'] == 'thread' else "vote_for_comment"
),
'can_report': not is_content_authored_by(content, user) and (check_permissions_by_view(
user,
course_id,
content,
"flag_abuse_for_thread" if content['type'] == 'thread' else "flag_abuse_for_comment"
) or GlobalStaff().has_user(user))
}
def get_ability(course_id, content, user):
"""
Return a dictionary of forums-oriented actions and the user's permission to perform them
"""
return {
"editable": check_permissions_by_view(
user, course_id, content, "update_thread" if content["type"] == "thread" else "update_comment"
),
"can_reply": check_permissions_by_view(
user, course_id, content, "create_comment" if content["type"] == "thread" else "create_sub_comment"
),
"can_delete": check_permissions_by_view(
user, course_id, content, "delete_thread" if content["type"] == "thread" else "delete_comment"
),
"can_openclose": check_permissions_by_view(user, course_id, content, "openclose_thread")
if content["type"] == "thread"
else False,
"can_vote": not is_content_authored_by(content, user)
and check_permissions_by_view(
user, course_id, content, "vote_for_thread" if content["type"] == "thread" else "vote_for_comment"
),
"can_report": not is_content_authored_by(content, user)
and check_permissions_by_view(
user,
course_id,
content,
"flag_abuse_for_thread" if content["type"] == "thread" else "flag_abuse_for_comment",
),
}
def wrapper(request, *args, **kwargs):
def fetch_content():
if "thread_id" in kwargs:
content = cc.Thread.find(kwargs["thread_id"]).to_dict()
elif "comment_id" in kwargs:
content = cc.Comment.find(kwargs["comment_id"]).to_dict()
else:
content = None
return content
if check_permissions_by_view(request.user, kwargs['course_id'], fetch_content(), request.view_name):
return fn(request, *args, **kwargs)
else:
return JsonError("unauthorized", status=401)
def wrapper(request, *args, **kwargs):
def fetch_content():
if "thread_id" in kwargs:
content = cc.Thread.find(kwargs["thread_id"]).to_dict()
elif "comment_id" in kwargs:
content = cc.Comment.find(kwargs["comment_id"]).to_dict()
else:
content = None
return content
if check_permissions_by_view(request.user, kwargs['course_id'], fetch_content(), request.view_name):
return fn(request, *args, **kwargs)
else:
return JsonError("unauthorized", status=401)
def wrapper(request, *args, **kwargs):
def fetch_content():
if "thread_id" in kwargs:
content = cc.Thread.find(kwargs["thread_id"]).to_dict()
elif "comment_id" in kwargs:
content = cc.Comment.find(kwargs["comment_id"]).to_dict()
else:
content = None
return content
course_key = SlashSeparatedCourseKey.from_deprecated_string(kwargs['course_id'])
if check_permissions_by_view(request.user, course_key, fetch_content(), request.view_name):
return fn(request, *args, **kwargs)
else:
return JsonError("unauthorized", status=401)
def wrapper(request, *args, **kwargs):
def fetch_content():
if "thread_id" in kwargs:
content = cc.Thread.find(kwargs["thread_id"]).to_dict()
elif "comment_id" in kwargs:
content = cc.Comment.find(kwargs["comment_id"]).to_dict()
else:
content = None
return content
course_key = SlashSeparatedCourseKey.from_deprecated_string(kwargs['course_id'])
if check_permissions_by_view(request.user, course_key, fetch_content(), request.view_name):
return fn(request, *args, **kwargs)
else:
return JsonError("unauthorized", status=401)
def get_ability(course_id, content, user):
"""
Return a dictionary of forums-oriented actions and the user's permission to perform them
"""
(user_group_id, content_user_group_id) = get_user_group_ids(course_id, content, user)
return {
'editable': check_permissions_by_view(
user,
course_id,
content,
"update_thread" if content['type'] == 'thread' else "update_comment",
user_group_id,
content_user_group_id
),
'can_reply': check_permissions_by_view(user, course_id, content, "create_comment" if content['type'] == 'thread' else "create_sub_comment"),
'can_delete': check_permissions_by_view(
user,
course_id,
content,
"delete_thread" if content['type'] == 'thread' else "delete_comment",
user_group_id,
content_user_group_id
),
'can_openclose': check_permissions_by_view(
user,
course_id,
content,
"openclose_thread" if content['type'] == 'thread' else False,
user_group_id,
content_user_group_id
),
'can_vote': not is_content_authored_by(content, user) and check_permissions_by_view(
user,
course_id,
content,
"vote_for_thread" if content['type'] == 'thread' else "vote_for_comment"
),
'can_report': not is_content_authored_by(content, user) and (check_permissions_by_view(
user,
course_id,
content,
"flag_abuse_for_thread" if content['type'] == 'thread' else "flag_abuse_for_comment"
) or GlobalStaff().has_user(user))
}
def wrapper(request, *args, **kwargs):
"""
Wrapper for the view that only calls the view if the user is authorized.
"""
def fetch_content():
"""
Extract the forum object from the keyword arguments to the view.
"""
if "thread_id" in kwargs:
content = cc.Thread.find(kwargs["thread_id"]).to_dict()
elif "comment_id" in kwargs:
content = cc.Comment.find(kwargs["comment_id"]).to_dict()
elif "commentable_id" in kwargs:
content = cc.Commentable.find(kwargs["commentable_id"]).to_dict()
else:
content = None
return content
course_key = SlashSeparatedCourseKey.from_deprecated_string(kwargs["course_id"])
if check_permissions_by_view(request.user, course_key, fetch_content(), request.view_name):
return func(request, *args, **kwargs)
else:
return JsonError("unauthorized", status=401)
def get_ability(course_id, content, user):
return {
"editable": check_permissions_by_view(
user, course_id, content, "update_thread" if content["type"] == "thread" else "update_comment"
),
"can_reply": check_permissions_by_view(
user, course_id, content, "create_comment" if content["type"] == "thread" else "create_sub_comment"
),
"can_endorse": check_permissions_by_view(user, course_id, content, "endorse_comment")
if content["type"] == "comment"
else False,
"can_delete": check_permissions_by_view(
user, course_id, content, "delete_thread" if content["type"] == "thread" else "delete_comment"
),
"can_openclose": check_permissions_by_view(user, course_id, content, "openclose_thread")
if content["type"] == "thread"
else False,
"can_vote": check_permissions_by_view(
user, course_id, content, "vote_for_thread" if content["type"] == "thread" else "vote_for_comment"
),
}
