def post(self, request, lib_key_str):
"""
Add a user to this content library via email, with permissions specified in the
request body.
"""
key = LibraryLocatorV2.from_string(lib_key_str)
api.require_permission_for_library_key(key, request.user, permissions.CAN_EDIT_THIS_CONTENT_LIBRARY_TEAM)
serializer = ContentLibraryAddPermissionByEmailSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
try:
user = User.objects.get(email=serializer.validated_data.get('email'))
except User.DoesNotExist:
raise ValidationError({'email': _('We could not find a user with that email address.')})
grant = api.get_library_user_permissions(key, user)
if grant:
return Response(
{'email': [_('This user already has access to this library.')]},
status=status.HTTP_400_BAD_REQUEST,
)
try:
api.set_library_user_permissions(key, user, access_level=serializer.validated_data["access_level"])
except api.LibraryPermissionIntegrityError as err:
raise ValidationError(detail=str(err))
grant = api.get_library_user_permissions(key, user)
return Response(ContentLibraryPermissionSerializer(grant).data)
def get(self, request, lib_key_str, username):
"""
Gets the current permissions settings for a particular user.
"""
key = LibraryLocatorV2.from_string(lib_key_str)
api.require_permission_for_library_key(key, request.user, permissions.CAN_VIEW_THIS_CONTENT_LIBRARY_TEAM)
user = get_object_or_404(User, username=username)
grant = api.get_library_user_permissions(key, user)
if not grant:
raise NotFound
return Response(ContentLibraryPermissionSerializer(grant).data)
def put(self, request, lib_key_str, username):
"""
Add a user to this content library, with permissions specified in the
request body.
"""
key = LibraryLocatorV2.from_string(lib_key_str)
api.require_permission_for_library_key(key, request.user, permissions.CAN_EDIT_THIS_CONTENT_LIBRARY_TEAM)
serializer = ContentLibraryPermissionLevelSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = get_object_or_404(User, username=username)
try:
api.set_library_user_permissions(key, user, access_level=serializer.validated_data["access_level"])
except api.LibraryPermissionIntegrityError as err:
raise ValidationError(detail=str(err))
grant = api.get_library_user_permissions(key, user)
return Response(ContentLibraryPermissionSerializer(grant).data)
def _authenticate_and_login(self, usage_key):
"""
Authenticate and authorize the user for this LTI message launch.
We automatically create LTI profile for every valid launch, and
authenticate the LTI user associated with it.
"""
# Check library authorization.
if not ContentLibrary.authorize_lti_launch(
usage_key.lib_key,
issuer=self.launch_data['iss'],
client_id=self.launch_data['aud']
):
return None
# Check LTI profile.
LtiProfile.objects.get_or_create_from_claims(
iss=self.launch_data['iss'],
aud=self.launch_data['aud'],
sub=self.launch_data['sub'])
edx_user = authenticate(
self.request,
iss=self.launch_data['iss'],
aud=self.launch_data['aud'],
sub=self.launch_data['sub'])
if edx_user is not None:
login(self.request, edx_user)
perms = api.get_library_user_permissions(
usage_key.lib_key,
self.request.user)
if not perms:
api.set_library_user_permissions(
usage_key.lib_key,
self.request.user,
api.AccessLevel.ADMIN_LEVEL)
return edx_user
