from bridgekeeper import perms, rules from bridgekeeper.rules import Attribute, ManyRelation, Relation, in_current_groups from django.contrib.auth.models import Group # lint-amnesty, pylint: disable=unused-import from openedx.core.djangoapps.content_libraries.models import ContentLibraryPermission # Is the user active (and their email verified)? is_user_active = rules.is_authenticated & rules.is_active # Is the user global staff? is_global_staff = is_user_active & rules.is_staff # Helper rules used to define the permissions below # Does the user have at least read permission for the specified library? has_explicit_read_permission_for_library = ( ManyRelation('permission_grants', (Attribute('user', lambda user: user) | Relation('group', in_current_groups))) # We don't check 'access_level' here because all access levels grant read permission ) # Does the user have at least author permission for the specified library? has_explicit_author_permission_for_library = (ManyRelation( 'permission_grants', (Attribute('user', lambda user: user) | Relation('group', in_current_groups)) & (Attribute('access_level', ContentLibraryPermission.AUTHOR_LEVEL) | Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL)))) # Does the user have admin permission for the specified library? has_explicit_admin_permission_for_library = (ManyRelation( 'permission_grants', (Attribute('user', lambda user: user) | Relation('group', in_current_groups)) & Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL))) ########################### Permissions ###########################
from bridgekeeper.rules import Attribute, ManyRelation, Relation, in_current_groups from django.contrib.auth.models import Group from openedx.core.djangoapps.content_libraries.models import ContentLibraryPermission # Is the user active (and their email verified)? is_user_active = rules.is_authenticated & rules.is_active # Is the user global staff? is_global_staff = is_user_active & rules.is_staff # Helper rules used to define the permissions below # Does the user have at least read permission for the specified library? has_explicit_read_permission_for_library = ( ManyRelation( 'contentlibrarypermission', (Attribute('user', lambda user: user) | Relation('group', in_current_groups)) ) # We don't check 'access_level' here because all access levels grant read permission ) # Does the user have at least author permission for the specified library? has_explicit_author_permission_for_library = ( ManyRelation( 'contentlibrarypermission', (Attribute('user', lambda user: user) | Relation('group', in_current_groups)) & ( Attribute('access_level', ContentLibraryPermission.AUTHOR_LEVEL) | Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL) ) ) ) # Does the user have admin permission for the specified library? has_explicit_admin_permission_for_library = (
from bridgekeeper.rules import blanket_rule, ManyRelation, Is from django.contrib.auth.models import User from profile.models import Profile # check against Module is_convenor = ManyRelation('convenors', 'convenors', User, Is(lambda user: user)) # check against Module is_teaching_assistant = ManyRelation('assistants', 'assistants', User, Is(lambda user: user)) @blanket_rule def is_senior_tutor(user): if not hasattr(user, 'profile'): return False return user.profile.primary_role == Profile.SENIOR_TUTOR
from openedx.core.djangoapps.content_libraries.models import ContentLibraryPermission # Is the user active (and their email verified)? is_user_active = rules.is_authenticated & rules.is_active # Is the user global staff? is_global_staff = is_user_active & rules.is_staff # Helper rules used to define the permissions below # Does the user have at least read permission for the specified library? has_explicit_read_permission_for_library = ( ManyRelation( # In newer versions of bridgekeeper, the 1st and 3rd arguments below aren't needed. 'permission_grants', 'contentlibrarypermission', ContentLibraryPermission, Attribute('user', lambda user: user) | Relation('group', Group, in_current_groups)) # We don't check 'access_level' here because all access levels grant read permission ) # Does the user have at least author permission for the specified library? has_explicit_author_permission_for_library = (ManyRelation( 'permission_grants', 'contentlibrarypermission', ContentLibraryPermission, (Attribute('user', lambda user: user) | Relation('group', Group, in_current_groups)) & (Attribute('access_level', ContentLibraryPermission.AUTHOR_LEVEL) | Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL)))) # Does the user have admin permission for the specified library? has_explicit_admin_permission_for_library = (ManyRelation( 'permission_grants', 'contentlibrarypermission', ContentLibraryPermission,
from bridgekeeper import perms from bridgekeeper.rules import is_authenticated, Attribute, Relation, ManyRelation, Is from .models import Organization is_public_course = ManyRelation("organizations", "organizations", Organization, Attribute("name", matches="MITx")) perms["queries.view_course"] = is_authenticated | is_public_course