Beispiel #1
0
    def apply_limits(self, request, object_list):
        # Exclude archives from these lists
        archives = object_list.filter(source__primary=True,
                                      source__label='archive')
        object_list = object_list.exclude(id__in=[a.id for a in archives])

        tag_string = request.GET.get('tag', '')
        modified = request.GET.get('modified', '')
        vocabulary = dict((key[len('vocabulary-'):], val.split(","))
                          for key, val in request.GET.items()
                          if key.startswith('vocabulary-'))
        invisible = []
        for asset in object_list:
            # Hack -- call the authorization layer directly
            notes = SherdNoteResource()._meta.authorization.apply_limits(
                request, asset.sherdnote_set, False)

            if not cached_course_is_member(asset.course, request.user):
                invisible.append(asset.id)
            elif len(tag_string) > 0 and not self.is_tagged(notes, tag_string):
                invisible.append(asset.id)
            elif len(modified) > 0 and not self.in_date_range(notes, modified):
                invisible.append(asset.id)
            elif (len(vocabulary) > 0 and
                  not self.has_vocabulary(notes, vocabulary)):
                invisible.append(asset.id)

        return object_list.exclude(id__in=invisible).order_by('id')
Beispiel #2
0
    def read(self, coll, course, user):
        if not course:
            return False

        course_collaboration = cached_course_collaboration(course)
        return (coll.context == course_collaboration
                and cached_course_is_member(course, user))
Beispiel #3
0
    def apply_limits(self, request, object_list):
        # Exclude archives from these lists
        archives = object_list.filter(source__primary=True,
                                      source__label='archive')
        object_list = object_list.exclude(id__in=[a.id for a in archives])

        tag_string = request.GET.get('tag', '')
        modified = request.GET.get('modified', '')
        vocabulary = dict((key[len('vocabulary-'):], val.split(","))
                          for key, val in request.GET.items()
                          if key.startswith('vocabulary-'))
        invisible = []
        for asset in object_list:
            # Hack -- call the authorization layer directly
            notes = SherdNoteResource()._meta.authorization.apply_limits(
                request, asset.sherdnote_set, False)

            if not cached_course_is_member(asset.course, request.user):
                invisible.append(asset.id)
            elif len(tag_string) > 0 and not self.is_tagged(notes, tag_string):
                invisible.append(asset.id)
            elif len(modified) > 0 and not self.in_date_range(notes, modified):
                invisible.append(asset.id)
            elif (len(vocabulary) > 0 and
                  not self.has_vocabulary(notes, vocabulary)):
                invisible.append(asset.id)

        return object_list.exclude(id__in=invisible).order_by('id')
Beispiel #4
0
    def apply_limits(self, request, object_list, exclude_global=True):
        if request.user.is_authenticated():
            if exclude_global:
                # only request user's global annotations
                object_list = object_list.exclude(~Q(author=request.user),
                                                  range1__isnull=True)

            # Make sure the requesting user is allowed to see this note
            invisible = []
            courses = {}
            for note in object_list.select_related('asset__course'):
                course = note.asset.course

                # Cache this out per course/user. It's just too slow otherwise
                if not course.id in courses.keys():
                    courses[course.id] = {'whitelist': None}
                    is_faculty = cached_course_is_faculty(course, request.user)
                    if (not course_details.all_selections_are_visible(course)
                            and not is_faculty):
                        courses[course.id]['whitelist'] = list(course.faculty)
                        courses[course.id]['whitelist'].append(request.user)

                if not cached_course_is_member(course, request.user):
                    invisible.append(note.id)
                elif (courses[course.id]['whitelist']
                      and not note.author in courses[course.id]['whitelist']):
                    # apply per course limitations
                    # the user or a faculty member must be the selection author
                    invisible.append(note.id)

            return object_list.exclude(id__in=invisible).order_by('id')
        elif request.public:
            # attribute "public" set on request when requesting a
            # public_to_world essay. all notes are public by default
            return object_list.order_by('id')
        else:
            return []
Beispiel #5
0
    def apply_limits(self, request, object_list, exclude_global=True):
        if request.user.is_authenticated():
            if exclude_global:
                # only request user's global annotations
                object_list = object_list.exclude(~Q(author=request.user),
                                                  range1__isnull=True)

            # Make sure the requesting user is allowed to see this note
            invisible = []
            courses = {}
            for note in object_list.select_related('asset__course'):
                course = note.asset.course

                # Cache this out per course/user. It's just too slow otherwise
                if not course.id in courses.keys():
                    courses[course.id] = {'whitelist': None}
                    is_faculty = cached_course_is_faculty(course, request.user)
                    if (not course_details.all_selections_are_visible(course)
                            and not is_faculty):
                        courses[course.id]['whitelist'] = list(course.faculty)
                        courses[course.id]['whitelist'].append(request.user)

                if not cached_course_is_member(course, request.user):
                    invisible.append(note.id)
                elif (courses[course.id]['whitelist'] and
                        not note.author in courses[course.id]['whitelist']):
                    # apply per course limitations
                    # the user or a faculty member must be the selection author
                    invisible.append(note.id)

            return object_list.exclude(id__in=invisible).order_by('id')
        elif request.public:
            # attribute "public" set on request when requesting a
            # public_to_world essay. all notes are public by default
            return object_list.order_by('id')
        else:
            return []
Beispiel #6
0
    def has_object_permission(self, request, view, obj):
        if not cached_course_is_member(obj.course, request.user):
            raise PermissionDenied

        return True
 def test_cached_course_is_member(self):
     self.assertTrue(
         cached_course_is_member(self.sample_course, self.student_one))
     self.assertTrue(
         cached_course_is_member(self.sample_course, self.student_one))
 def test_cached_course_is_member(self):
     self.assertTrue(cached_course_is_member(self.sample_course,
                                             self.student_one))
     self.assertTrue(cached_course_is_member(self.sample_course,
                                             self.student_one))