Exemple #1
0
 def has_permission(self, request, view):
     if request.method == 'POST':
         org = request.data.get('org')
         if not org:
             # Fail happily because OPTIONS goes down this path too with a fake POST.
             # If this is a real POST, we'll complain about the missing org in the view.
             return True
         return CourseEditor.can_create_course(request.user, org)
     else:
         return True  # other write access attempts will be caught by object permissions below
Exemple #2
0
 def has_permission(self, request, view):
     if request.method in SAFE_METHODS:
         return True
     else:
         org = request.data.get('org')
         if not org:
             # Fail happily because OPTIONS goes down this path too with a fake POST.
             # If this is a real POST, we'll complain about the missing org in the view.
             return True
         return CourseEditor.can_create_course(request.user, org)
Exemple #3
0
 def has_permission(self, request, view):
     if self.django_perms.has_permission(request, view):
         return True
     elif request.user.is_staff:
         return True
     elif request.method == 'POST':
         course = request.data.get('course')
         if not course:
             return False
         org, _ = parse_course_key_fragment(course)
         return org and CourseEditor.can_create_course(request.user, org)
     else:
         return True  # other write access attempts will be caught by object permissions below
Exemple #4
0
 def has_permission(self, request, view):
     if self.django_perms.has_permission(request, view):
         return True
     elif request.user.is_staff:
         return True
     elif request.method == 'POST':
         course = request.data.get('course')
         if not course:
             # Fail happily because OPTIONS goes down this path too with a fake POST.
             # If this is a real POST, we'll complain about the missing course in the view.
             return True
         org, _ = parse_course_key_fragment(course)
         return org and CourseEditor.can_create_course(request.user, org)
     else:
         return True  # other write access attempts will be caught by object permissions below
Exemple #5
0
 def has_permission(self, request, view):
     if request.method == 'POST':
         org = request.data.get('org')
         return org and CourseEditor.can_create_course(request.user, org)
     else:
         return True  # other write access attempts will be caught by object permissions below