Example #1
0
def _has_access_to_location(user, location, access_level, course_context):
    '''
    Returns True if the given user has access_level (= staff or
    instructor) access to a location.  For now this is equivalent to
    having staff / instructor access to the course location.course.

    This means that user is in the staff_* group or instructor_* group, or is an overall admin.

    TODO (vshnayder): this needs to be changed to allow per-course_id permissions, not per-course
    (e.g. staff in 2012 is different from 2013, but maybe some people always have access)

    course is a string: the course field of the location being accessed.
    location = location
    access_level = string, either "staff" or "instructor"
    '''
    if user is None or (not user.is_authenticated()):
        debug("Deny: no user or anon user")
        return False

    if is_masquerading_as_student(user):
        return False

    if GlobalStaff().has_user(user):
        debug("Allow: user.is_staff")
        return True

    if access_level not in ('staff', 'instructor'):
        log.debug("Error in access._has_access_to_location access_level=%s unknown", access_level)
        debug("Deny: unknown access level")
        return False

    staff_access = (
        CourseStaffRole(location, course_context).has_user(user) or
        OrgStaffRole(location).has_user(user)
    )

    if staff_access and access_level == 'staff':
        debug("Allow: user has course staff access")
        return True

    instructor_access = (
        CourseInstructorRole(location, course_context).has_user(user) or
        OrgInstructorRole(location).has_user(user)
    )

    if instructor_access and access_level in ('staff', 'instructor'):
        debug("Allow: user has course instructor access")
        return True

    debug("Deny: user did not have correct access")
    return False
Example #2
0
 def _setstaff_login(self):
     """Makes the test user staff and logs them in"""
     GlobalStaff().add_users(self.user)
     self.client.login(username=self.user.username, password='******')
Example #3
0
 def check_staff():
     if perm != 'global':
         debug("Deny: invalid permission '%s'", perm)
         return False
     return GlobalStaff().has_user(user)
Example #4
0
 def set_staff(self, create, extracted, **kwargs):
     GlobalStaff().add_users(self)