def can_view_course_outline(app_context):
return (roles.Roles.is_user_allowed(
app_context, custom_module,
constants.COURSE_OUTLINE_REORDER_PERMISSION)
or permissions.can_edit(app_context, constants.SCOPE_UNIT)
or permissions.can_edit(app_context, constants.SCOPE_ASSESSMENT)
or permissions.can_edit(app_context, constants.SCOPE_LINK))
def can_view_course_outline(app_context):
return (
roles.Roles.is_user_allowed(
app_context, custom_module,
constants.COURSE_OUTLINE_REORDER_PERMISSION) or
permissions.can_edit(app_context, constants.SCOPE_UNIT) or
permissions.can_edit(app_context, constants.SCOPE_ASSESSMENT) or
permissions.can_edit(app_context, constants.SCOPE_LINK)
)
def _render_unit_outline(handler, course, unit):
course_writable = handler.app_context.is_editable_fs()
can_view_props = course_writable and permissions.can_edit(
handler.app_context, constants.SCOPE_UNIT)
unit_data = {
'title': unit.title,
'component_type': 'unit',
'view_url': 'unit?unit=%s' % unit.unit_id,
'id': unit.unit_id,
'can_view_props': can_view_props,
'href': handler.canonicalize_url(
'/dashboard?%s') % urllib.urlencode({
'action': 'edit_unit',
'key': unit.unit_id}),
}
if unit.pre_assessment:
assessment = course.find_unit_by_id(unit.pre_assessment)
if assessment:
assessment_outline = _render_assessment_outline(handler, assessment)
assessment_outline['component_type'] = 'pre-assessment'
assessment_outline['not_reorderable'] = True
unit_data['pre_assessment'] = assessment_outline
# Here, just check whether user is course admin to see if lesson contents
# are editable. Eventually, can add specific sub-permissions to lessons,
# if we like.
lessons_editable = (handler.app_context.is_editable_fs() and
roles.Roles.is_course_admin(handler.app_context))
lessons = []
for lesson in course.get_lessons(unit.unit_id):
extras = []
for annotator in COURSE_OUTLINE_EXTRA_INFO_ANNOTATORS:
extra_info = annotator(course, lesson)
if extra_info:
extras.append(extra_info)
lessons.append({
'title': lesson.title,
'component_type': 'lesson',
'view_url': 'unit?unit=%s&lesson=%s' % (
unit.unit_id, lesson.lesson_id),
'id': lesson.lesson_id,
'href': handler.get_action_url('edit_lesson', key=lesson.lesson_id),
'can_view_props': lessons_editable,
'auto_index': lesson.auto_index,
'extras': extras})
unit_data['lessons'] = lessons
if unit.post_assessment:
assessment = course.find_unit_by_id(unit.post_assessment)
if assessment:
assessment_outline = _render_assessment_outline(handler, assessment)
assessment_outline['component_type'] = 'post-assessment'
assessment_outline['not_reorderable'] = True
unit_data['post_assessment'] = assessment_outline
return unit_data
def put(self):
"""Handles REST PUT verb with JSON payload."""
assert self.app_context.is_editable_fs()
request_param = self.request.get('request')
if not request_param:
transforms.send_json_response(
self, 400, 'Missing "request" parameter.')
return
try:
request = transforms.loads(request_param)
except ValueError:
transforms.send_json_response(
self, 400, 'Malformed "request" parameter.')
return
key = request.get('key')
if not key:
transforms.send_json_response(
self, 400, 'Request missing "key" parameter.')
return
payload_param = request.get('payload')
if not payload_param:
transforms.send_json_response(
self, 400, 'Request missing "payload" parameter.')
return
try:
payload = transforms.loads(payload_param)
except ValueError:
transforms.send_json_response(
self, 400, 'Malformed "payload" parameter.')
return
if not self.assert_xsrf_token_or_fail(
request, self.XSRF_ACTION, {'key': key}):
return
if not permissions.can_edit(self.app_context,
constants.SCOPE_COURSE_SETTINGS):
transforms.send_json_response(
self, 401, 'Access denied.', {'key': key})
return
request_data = self.process_put(request, payload)
schema = self.get_course().create_settings_schema()
permissions.SchemaPermissionRegistry.redact_schema_to_permitted_fields(
self.app_context, constants.SCOPE_COURSE_SETTINGS, schema)
schema.redact_entity_to_schema(payload)
if request_data:
course_settings = courses.deep_dict_merge(
request_data, self.get_course_dict())
self.postprocess_put(course_settings, request)
if not self.get_course().save_settings(course_settings):
transforms.send_json_response(self, 412, 'Validation error.')
transforms.send_json_response(self, 200, 'Saved.')
def test_admin_has_permissions_with_no_configuration_needed(self):
actions.login(self.ADMIN_EMAIL, is_admin=True)
self.assertTrue(permissions.can_view(
self.app_context, constants.SCOPE_COURSE_SETTINGS))
self.assertTrue(permissions.can_edit(
self.app_context, constants.SCOPE_COURSE_SETTINGS))
self.assertTrue(permissions.can_view_property(
self.app_context, constants.SCOPE_COURSE_SETTINGS,
'absolutely/anything'))
self.assertTrue(permissions.can_edit_property(
self.app_context, constants.SCOPE_COURSE_SETTINGS,
'absolutely/anything'))
def _render_link_outline(handler, unit):
course_writable = handler.app_context.is_editable_fs()
can_view_props = course_writable and permissions.can_edit(
handler.app_context, constants.SCOPE_LINK)
return {
'title': unit.title,
'view_url': unit.href or '',
'id': unit.unit_id,
'component_type': 'link',
'can_view_props': can_view_props,
'href': handler.canonicalize_url(
'/dashboard?%s') % urllib.urlencode({
'action': 'edit_link',
'key': unit.unit_id}),
}
def _render_assessment_outline(handler, unit):
course_writable = handler.app_context.is_editable_fs()
can_view_props = course_writable and permissions.can_edit(
handler.app_context, constants.SCOPE_ASSESSMENT)
return {
'title': unit.title,
'id': unit.unit_id,
'component_type': 'assessment',
'view_url': 'assessment?name=%s' % unit.unit_id,
'href': handler.canonicalize_url(
'/dashboard?%s') % urllib.urlencode({
'action': 'edit_assessment',
'key': unit.unit_id}),
'can_view_props': can_view_props,
}
def test_non_admin_has_no_permissions_with_no_configuration_needed(self):
actions.login(self.IN_ROLE_EMAIL)
self.assertFalse(
permissions.can_view(self.app_context,
constants.SCOPE_COURSE_SETTINGS))
self.assertFalse(
permissions.can_edit(self.app_context,
constants.SCOPE_COURSE_SETTINGS))
self.assertFalse(
permissions.can_view_property(self.app_context,
constants.SCOPE_COURSE_SETTINGS,
'absolutely/anything'))
self.assertFalse(
permissions.can_edit_property(self.app_context,
constants.SCOPE_COURSE_SETTINGS,
'absolutely/anything'))
def _render_custom_unit_outline(handler, course, unit):
course_writable = handler.app_context.is_editable_fs()
can_view_props = course_writable and permissions.can_edit(
handler.app_context, constants.SCOPE_UNIT)
return {
'title': unit.title,
'component_type': 'custom-unit',
'view_url': unit.custom_unit_url,
'id': unit.unit_id,
'can_view_props': can_view_props,
'href': handler.canonicalize_url(
'/dashboard?%s') % urllib.urlencode({
'action': 'edit_custom_unit',
'key': unit.unit_id,
'unit_type': unit.custom_unit_type})
}
def delete(self):
"""Handles REST DELETE verb with JSON payload."""
key = self.request.get('key')
if not self.assert_xsrf_token_or_fail(self.request, self.XSRF_ACTION,
{'key': key}):
return
if (not permissions.can_edit(self.app_context,
constants.SCOPE_COURSE_SETTINGS)
or not self.is_deletion_allowed()):
transforms.send_json_response(self, 401, 'Access denied.',
{'key': key})
return
entity = self.process_delete()
if self.get_course().save_settings(entity):
transforms.send_json_response(self, 200, 'Deleted.')
def delete(self):
"""Handles REST DELETE verb with JSON payload."""
key = self.request.get('key')
if not self.assert_xsrf_token_or_fail(
self.request, self.XSRF_ACTION, {'key': key}):
return
if (not permissions.can_edit(self.app_context,
constants.SCOPE_COURSE_SETTINGS)
or not self.is_deletion_allowed()):
transforms.send_json_response(
self, 401, 'Access denied.', {'key': key})
return
entity = self.process_delete()
if self.get_course().save_settings(entity):
transforms.send_json_response(self, 200, 'Deleted.')
def _render_link_outline(handler, unit):
course_writable = handler.app_context.is_editable_fs()
can_view_props = course_writable and permissions.can_edit(
handler.app_context, constants.SCOPE_LINK)
return {
'title':
unit.title,
'view_url':
unit.href or '',
'id':
unit.unit_id,
'component_type':
'link',
'can_view_props':
can_view_props,
'href':
handler.canonicalize_url('/dashboard?%s') %
urllib.urlencode({
'action': 'edit_link',
'key': unit.unit_id
}),
}
def _render_assessment_outline(handler, unit):
course_writable = handler.app_context.is_editable_fs()
can_view_props = course_writable and permissions.can_edit(
handler.app_context, constants.SCOPE_ASSESSMENT)
return {
'title':
unit.title,
'id':
unit.unit_id,
'component_type':
'assessment',
'view_url':
'assessment?name=%s' % unit.unit_id,
'href':
handler.canonicalize_url('/dashboard?%s') %
urllib.urlencode({
'action': 'edit_assessment',
'key': unit.unit_id
}),
'can_view_props':
can_view_props,
}
def _render_custom_unit_outline(handler, course, unit):
course_writable = handler.app_context.is_editable_fs()
can_view_props = course_writable and permissions.can_edit(
handler.app_context, constants.SCOPE_UNIT)
return {
'title':
unit.title,
'component_type':
'custom-unit',
'view_url':
unit.custom_unit_url,
'id':
unit.unit_id,
'can_view_props':
can_view_props,
'href':
handler.canonicalize_url('/dashboard?%s') %
urllib.urlencode({
'action': 'edit_custom_unit',
'key': unit.unit_id,
'unit_type': unit.custom_unit_type
})
}
def can_edit(cls, app_context):
return permissions.can_edit(app_context, constants.SCOPE_ASSESSMENT)
def _render_unit_outline(handler, course, unit):
course_writable = handler.app_context.is_editable_fs()
can_view_props = course_writable and permissions.can_edit(
handler.app_context, constants.SCOPE_UNIT)
unit_data = {
'title':
unit.title,
'component_type':
'unit',
'view_url':
'unit?unit=%s' % unit.unit_id,
'id':
unit.unit_id,
'can_view_props':
can_view_props,
'href':
handler.canonicalize_url('/dashboard?%s') %
urllib.urlencode({
'action': 'edit_unit',
'key': unit.unit_id
}),
}
if unit.pre_assessment:
assessment = course.find_unit_by_id(unit.pre_assessment)
if assessment:
assessment_outline = _render_assessment_outline(
handler, assessment)
assessment_outline['component_type'] = 'pre-assessment'
assessment_outline['not_reorderable'] = True
unit_data['pre_assessment'] = assessment_outline
# Here, just check whether user is course admin to see if lesson contents
# are editable. Eventually, can add specific sub-permissions to lessons,
# if we like.
lessons_editable = (handler.app_context.is_editable_fs()
and roles.Roles.is_course_admin(handler.app_context))
lessons = []
for lesson in course.get_lessons(unit.unit_id):
extras = []
for annotator in COURSE_OUTLINE_EXTRA_INFO_ANNOTATORS:
extra_info = annotator(course, lesson)
if extra_info:
extras.append(extra_info)
lessons.append({
'title':
lesson.title,
'component_type':
'lesson',
'view_url':
'unit?unit=%s&lesson=%s' % (unit.unit_id, lesson.lesson_id),
'id':
lesson.lesson_id,
'href':
handler.get_action_url('edit_lesson', key=lesson.lesson_id),
'can_view_props':
lessons_editable,
'auto_index':
lesson.auto_index,
'extras':
extras
})
unit_data['lessons'] = lessons
if unit.post_assessment:
assessment = course.find_unit_by_id(unit.post_assessment)
if assessment:
assessment_outline = _render_assessment_outline(
handler, assessment)
assessment_outline['component_type'] = 'post-assessment'
assessment_outline['not_reorderable'] = True
unit_data['post_assessment'] = assessment_outline
return unit_data
def can_edit(cls, app_context):
return permissions.can_edit(app_context, constants.SCOPE_ASSESSMENT)
