def has_explicit_access_to_dashboard(user, obj): # pylint: disable=unused-argument
"""
Check that if request user has explicit access to `ENTERPRISE_DASHBOARD_ADMIN_ROLE` feature role.
Returns:
boolean: whether the request user has access or not
"""
return user_has_access_via_database(user, ENTERPRISE_DASHBOARD_ADMIN_ROLE,
EnterpriseFeatureUserRoleAssignment)
def test_user_has_no_access_via_database(self):
"""
Access check should return false if RoleAssignment does not exist for user
"""
assert not user_has_access_via_database(
self.user,
'coupon-manager',
ConcreteUserRoleAssignment,
)
def has_explicit_access_to_reporting_api(user, obj):
"""
Check that if request user has explicit access to `ENTERPRISE_REPORTING_CONFIG_ADMIN_ROLE` feature role.
Returns:
boolean: whether the request user has access or not
"""
return user_has_access_via_database(
user, ENTERPRISE_REPORTING_CONFIG_ADMIN_ROLE,
EnterpriseFeatureUserRoleAssignment, obj)
def has_explicit_access_to_catalog(user, obj):
"""
Check that if request user has explicit access to `ENTERPRISE_CATALOG_ADMIN_ROLE` feature role.
Returns:
boolean: whether the request user has access or not
"""
return user_has_access_via_database(user, ENTERPRISE_CATALOG_ADMIN_ROLE,
EnterpriseFeatureUserRoleAssignment,
obj)
def request_user_has_refund_access(user):
"""
Check that if request user has explicit access to `ORDER_MANAGER_ROLE` feature role.
Returns:
boolean: whether the request user has access or not
"""
if user.is_authenticated:
return user_has_access_via_database(user, ORDER_MANAGER_ROLE,
EcommerceFeatureRoleAssignment)
return False
def request_user_has_explicit_access(user, context):
"""
Check that if request user has explicit access to `ENTERPRISE_COUPON_ADMIN_ROLE` feature role.
Returns:
boolean: whether the request user has access or not
"""
if not context:
return False
return user_has_access_via_database(user,
ENTERPRISE_COUPON_ADMIN_ROLE,
EcommerceFeatureRoleAssignment,
context=context)
def test_user_has_access_via_database(self):
"""
Access check should return true if RoleAssignment exists for user
"""
ConcreteUserRoleAssignment.objects.create(
user=self.user,
role=self.role
)
assert user_has_access_via_database(
self.user,
'coupon-manager',
ConcreteUserRoleAssignment,
)
def has_explicit_access_to_catalog_learner(user, context):
"""
Check that if request user has explicit access to `ENTERPRISE_CATALOG_LEARNER_ROLE` feature role.
Returns:
boolean: whether the request user has access or not
"""
if not context:
return False
return user_has_access_via_database(
user,
ENTERPRISE_CATALOG_LEARNER_ROLE,
EnterpriseCatalogRoleAssignment,
context,
)
def has_explicit_access_to_subscriptions_admin(user, subscription_plan):
"""
Check that if request user has explicit access to `SUBSCRIPTIONS_ADMIN_ROLE` feature role.
Returns:
boolean: whether the request user has access.
"""
if not subscription_plan:
return False
return user_has_access_via_database(
user,
constants.SUBSCRIPTIONS_ADMIN_ROLE,
SubscriptionsRoleAssignment,
str(subscription_plan.enterprise_customer_uuid),
)
def test_user_has_access_via_database_with_context(self):
"""
Access check should return true if RoleAssignment exists for user.
This case handles checking if the context matches.
"""
ConcreteUserRoleAssignment.objects.create(
user=self.user,
role=self.role
)
assert user_has_access_via_database(
self.user,
'coupon-manager',
ConcreteUserRoleAssignment,
'a-test-context'
)
def has_explicit_access_to_classroom_admin(user, school_uuid):
"""
Check that if request user has explicit access to `SUBSCRIPTIONS_ADMIN_ROLE` feature role.
Returns:
boolean: whether the request user has access.
"""
if not school_uuid:
return False
return user_has_access_via_database(
user,
constants.CLASSROOM_TEACHER_ROLE,
ClassroomRoleAssignment,
str(school_uuid),
)
def request_user_has_explicit_access(*args, **kwargs): # pylint: disable=unused-argument
"""
Check that if request user has explicit access to `ENTERPRISE_DATA_ADMIN_ROLE` feature role.
Returns:
boolean: whether the request user has access or not
"""
request = crum.get_current_request()
__, __, request_kwargs = resolve(request.path)
enterprise_id_in_request = request_kwargs.get('enterprise_id')
return user_has_access_via_database(request.user,
ENTERPRISE_DATA_ADMIN_ROLE,
EnterpriseDataRoleAssignment,
enterprise_id_in_request)
def request_user_has_explicit_access(user, context):
"""
Check that if request user has explicit access to `ENTERPRISE_COUPON_ADMIN_ROLE` feature role.
Returns:
boolean: whether the request user has access or not
"""
if not waffle.switch_is_active(USE_ROLE_BASED_ACCESS_CONTROL):
return True
if not context:
return False
return user_has_access_via_database(
user,
ENTERPRISE_COUPON_ADMIN_ROLE,
EcommerceFeatureRoleAssignment,
context=context
)
def test_user_has_no_access_via_database_no_context(self):
"""
Access check should return false if RoleAssignment does not exist for user.
This case handles checking if the context matches.
"""
ConcreteUserRoleAssignmentNoContext.objects.create(
user=self.user,
role=self.role
)
assert not user_has_access_via_database(
self.user,
'coupon-manager',
ConcreteUserRoleAssignment,
'not_the_right_context'
)
def has_explicit_access_to_dashboard(user, obj):
"""
Check that if request user has explicit access to `ENTERPRISE_DASHBOARD_ADMIN_ROLE` feature role.
Params:
user: An ``auth.User`` instance.
obj: An ``EnterpriseCustomer`` instance.
Returns:
boolean: whether the request user has access or not
"""
return user_has_access_via_database(
user,
ENTERPRISE_DASHBOARD_ADMIN_ROLE,
EnterpriseFeatureUserRoleAssignment,
obj,
)
def test_user_has_access_via_database_with_all_access_context(self):
"""
Access check should return true if RoleAssignment exists for user.
This case handles checking if the role assignement has `ALL_ACCESS_CONTEXT` context.
"""
ConcreteUserRoleAssignment.objects.create(
user=self.user,
role=self.role
)
with patch('tests.models.ConcreteUserRoleAssignment.get_context', return_value=ALL_ACCESS_CONTEXT):
assert user_has_access_via_database(
self.user,
'coupon-manager',
ConcreteUserRoleAssignment,
'some_context'
)
def has_explicit_access_to_subscriptions_learner(user,
enterprise_customer_uuid):
"""
Check that if request user has explicit access to `SUBSCRIPTIONS_LEARNER_ROLE` feature role.
Returns:
boolean: whether the request user has access.
"""
if not enterprise_customer_uuid:
return False
return user_has_access_via_database(
user,
constants.SUBSCRIPTIONS_LEARNER_ROLE,
SubscriptionsRoleAssignment,
str(enterprise_customer_uuid),
)
