def wrapper(request, *args, **kwargs):
"""
Wrapper for the view that only calls the view if the user is authorized.
"""
def fetch_content():
"""
Extract the forum object from the keyword arguments to the view.
"""
user_group_id = None
content_user_group_id = None
if "thread_id" in kwargs:
content = cc.Thread.find(kwargs["thread_id"]).to_dict()
elif "comment_id" in kwargs:
content = cc.Comment.find(kwargs["comment_id"]).to_dict()
elif "commentable_id" in kwargs:
content = cc.Commentable.find(
kwargs["commentable_id"]).to_dict()
else:
content = None
if 'username' in content:
(user_group_id, content_user_group_id) = get_user_group_ids(
course_key, content, request.user)
return content, user_group_id, content_user_group_id
course_key = CourseKey.from_string(kwargs['course_id'])
content, user_group_id, content_user_group_id = fetch_content()
if check_permissions_by_view(request.user, course_key, content,
request.view_name, user_group_id,
content_user_group_id):
return func(request, *args, **kwargs)
else:
return JsonError("unauthorized", status=401)
def wrapper(request, *args, **kwargs):
"""
Wrapper for the view that only calls the view if the user is authorized.
"""
def fetch_content():
"""
Extract the forum object from the keyword arguments to the view.
"""
user_group_id = None
content_user_group_id = None
if "thread_id" in kwargs:
content = cc.Thread.find(kwargs["thread_id"]).to_dict()
elif "comment_id" in kwargs:
content = cc.Comment.find(kwargs["comment_id"]).to_dict()
elif "commentable_id" in kwargs:
content = cc.Commentable.find(kwargs["commentable_id"]).to_dict()
else:
content = None
if 'username' in content:
(user_group_id, content_user_group_id) = get_user_group_ids(course_key, content, request.user)
return content, user_group_id, content_user_group_id
course_key = CourseKey.from_string(kwargs['course_id'])
content, user_group_id, content_user_group_id = fetch_content()
if check_permissions_by_view(request.user, course_key, content,
request.view_name, user_group_id, content_user_group_id):
return func(request, *args, **kwargs)
else:
return JsonError("unauthorized", status=401)
def get_ability(course_id, content, user):
"""
Return a dictionary of forums-oriented actions and the user's permission to perform them
"""
(user_group_id,
content_user_group_id) = get_user_group_ids(course_id, content, user)
return {
'editable':
check_permissions_by_view(
user, course_id, content, "update_thread"
if content['type'] == 'thread' else "update_comment",
user_group_id, content_user_group_id),
'can_reply':
check_permissions_by_view(
user,
course_id,
content,
"create_comment"
if content['type'] == 'thread' else "create_sub_comment",
),
'can_delete':
check_permissions_by_view(
user, course_id, content, "delete_thread"
if content['type'] == 'thread' else "delete_comment",
user_group_id, content_user_group_id),
# 'can_openclose': check_permissions_by_view(
# user,
# course_id,
# content,
# "openclose_thread" if content['type'] == 'thread' else False,
# user_group_id,
# content_user_group_id
# ),
'can_vote':
not is_content_authored_by(content, user)
and check_permissions_by_view(
user, course_id, content, "vote_for_thread"
if content['type'] == 'thread' else "vote_for_comment"),
'can_report':
not is_content_authored_by(content, user)
and (check_permissions_by_view(
user, course_id, content, "flag_abuse_for_thread"
if content['type'] == 'thread' else "flag_abuse_for_comment")
or GlobalStaff().has_user(user))
}
def get_ability(course_id, content, user):
"""
Return a dictionary of forums-oriented actions and the user's permission to perform them
"""
(user_group_id, content_user_group_id) = get_user_group_ids(course_id, content, user)
return {
'editable': check_permissions_by_view(
user,
course_id,
content,
"update_thread" if content['type'] == 'thread' else "update_comment",
user_group_id,
content_user_group_id
),
'can_reply': check_permissions_by_view(
user, course_id, content, "create_comment" if content['type'] == 'thread' else "create_sub_comment",
),
'can_delete': check_permissions_by_view(
user,
course_id,
content,
"delete_thread" if content['type'] == 'thread' else "delete_comment",
user_group_id,
content_user_group_id
),
'can_openclose': check_permissions_by_view(
user,
course_id,
content,
"openclose_thread" if content['type'] == 'thread' else False,
user_group_id,
content_user_group_id
),
'can_vote': not is_content_authored_by(content, user) and check_permissions_by_view(
user,
course_id,
content,
"vote_for_thread" if content['type'] == 'thread' else "vote_for_comment"
),
'can_report': not is_content_authored_by(content, user) and (check_permissions_by_view(
user,
course_id,
content,
"flag_abuse_for_thread" if content['type'] == 'thread' else "flag_abuse_for_comment"
) or GlobalStaff().has_user(user))
}
