def get(self):
"""Handles REST GET verb and returns an object as JSON payload."""
assert self.app_context.is_editable_fs()
key = self.request.get('key')
if not permissions.can_view(self.app_context,
constants.SCOPE_COURSE_SETTINGS):
transforms.send_json_response(self, 401, 'Access denied.',
{'key': key})
return
# Load data if possible.
fs = self.app_context.fs.impl
filename = fs.physical_to_logical('/course.yaml')
try:
stream = fs.get(filename)
except: # pylint: disable=bare-except
stream = None
if not stream:
transforms.send_json_response(self, 404, 'Object not found.',
{'key': key})
return
# Prepare data.
json_payload = self.process_get()
transforms.send_json_response(
self,
200,
'Success.',
payload_dict=json_payload,
xsrf_token=crypto.XsrfTokenManager.create_xsrf_token(
self.XSRF_ACTION))
def get(self):
"""Handles REST GET verb and returns an object as JSON payload."""
assert self.app_context.is_editable_fs()
key = self.request.get('key')
if not permissions.can_view(self.app_context,
constants.SCOPE_COURSE_SETTINGS):
transforms.send_json_response(
self, 401, 'Access denied.', {'key': key})
return
# Load data if possible.
fs = self.app_context.fs.impl
filename = fs.physical_to_logical('/course.yaml')
try:
stream = fs.get(filename)
except: # pylint: disable=bare-except
stream = None
if not stream:
transforms.send_json_response(
self, 404, 'Object not found.', {'key': key})
return
# Prepare data.
json_payload = self.process_get()
transforms.send_json_response(
self, 200, 'Success.',
payload_dict=json_payload,
xsrf_token=crypto.XsrfTokenManager.create_xsrf_token(
self.XSRF_ACTION))
def _render_course_outline_to_html(handler, course):
"""Renders course outline to HTML."""
units = []
for unit in course.get_units():
if course.get_parent_unit(unit.unit_id):
continue # Will be rendered as part of containing element.
if unit.type == verify.UNIT_TYPE_ASSESSMENT:
units.append(_render_assessment_outline(handler, unit))
elif unit.type == verify.UNIT_TYPE_LINK:
units.append(_render_link_outline(handler, unit))
elif unit.type == verify.UNIT_TYPE_UNIT:
units.append(_render_unit_outline(handler, course, unit))
elif unit.type == verify.UNIT_TYPE_CUSTOM:
units.append(_render_custom_unit_outline(handler, course, unit))
else:
raise Exception('Unknown unit type: %s.' % unit.type)
is_course_availability_editable = permissions.can_edit_property(
handler.app_context, constants.SCOPE_COURSE_SETTINGS,
'course/course:now_available')
any_course_setting_viewable = permissions.can_view(
handler.app_context, constants.SCOPE_COURSE_SETTINGS)
template_values = {
'course': {
'title': course.title,
'can_add_or_remove': roles.Roles.is_course_admin(
handler.app_context),
'can_reorder': roles.Roles.is_user_allowed(
handler.app_context, custom_module,
constants.COURSE_OUTLINE_REORDER_PERMISSION),
'settings_viewable': any_course_setting_viewable,
'availability': {
'url': handler.get_action_url('course_availability'),
'xsrf_token': handler.create_xsrf_token('course_availability'),
'param': not handler.app_context.now_available,
'now_available': handler.app_context.now_available,
'is_editable': is_course_availability_editable,
}
},
'units': units,
'add_lesson_xsrf_token': handler.create_xsrf_token('add_lesson'),
'unit_lesson_title_xsrf_token': handler.create_xsrf_token(
unit_lesson_editor.UnitLessonTitleRESTHandler.XSRF_TOKEN),
'unit_title_template': resources_display.get_unit_title_template(
course.app_context),
'extra_info_title': ', '.join(COURSE_OUTLINE_EXTRA_INFO_TITLES)
}
for item_type in unit_lesson_editor.UnitLessonEditor.CAN_EDIT_DRAFT:
action_name = '%s_%s' % (
unit_lesson_editor.UnitLessonEditor.ACTION_POST_SET_DRAFT_STATUS,
item_type)
token_name = 'status_xsrf_token_%s' % item_type
template_values[token_name] = handler.create_xsrf_token(action_name)
return jinja2.Markup(
handler.get_template(
'course_outline.html', [os.path.dirname(__file__)]
).render(template_values))
def _render_course_outline_to_html(handler, course):
"""Renders course outline to HTML."""
units = []
for unit in course.get_units():
if course.get_parent_unit(unit.unit_id):
continue # Will be rendered as part of containing element.
if unit.type == verify.UNIT_TYPE_ASSESSMENT:
units.append(_render_assessment_outline(handler, unit))
elif unit.type == verify.UNIT_TYPE_LINK:
units.append(_render_link_outline(handler, unit))
elif unit.type == verify.UNIT_TYPE_UNIT:
units.append(_render_unit_outline(handler, course, unit))
elif unit.type == verify.UNIT_TYPE_CUSTOM:
units.append(_render_custom_unit_outline(handler, course, unit))
else:
raise Exception('Unknown unit type: %s.' % unit.type)
is_course_availability_editable = permissions.can_edit_property(
handler.app_context, constants.SCOPE_COURSE_SETTINGS,
'course/course:now_available')
any_course_setting_viewable = permissions.can_view(
handler.app_context, constants.SCOPE_COURSE_SETTINGS)
template_values = {
'course': {
'title':
course.title,
'can_add_or_remove':
roles.Roles.is_course_admin(handler.app_context),
'can_reorder':
roles.Roles.is_user_allowed(
handler.app_context, custom_module,
constants.COURSE_OUTLINE_REORDER_PERMISSION),
'settings_viewable':
any_course_setting_viewable,
},
'units':
units,
'add_lesson_xsrf_token':
handler.create_xsrf_token('add_lesson'),
'unit_lesson_title_xsrf_token':
handler.create_xsrf_token(
unit_lesson_editor.UnitLessonTitleRESTHandler.XSRF_TOKEN),
'unit_title_template':
resources_display.get_unit_title_template(course.app_context),
'extra_info_title':
', '.join(COURSE_OUTLINE_EXTRA_INFO_TITLES)
}
return jinja2.Markup(
handler.get_template(
'course_outline.html',
[os.path.dirname(__file__)]).render(template_values))
def test_admin_has_permissions_with_no_configuration_needed(self):
actions.login(self.ADMIN_EMAIL, is_admin=True)
self.assertTrue(permissions.can_view(
self.app_context, constants.SCOPE_COURSE_SETTINGS))
self.assertTrue(permissions.can_edit(
self.app_context, constants.SCOPE_COURSE_SETTINGS))
self.assertTrue(permissions.can_view_property(
self.app_context, constants.SCOPE_COURSE_SETTINGS,
'absolutely/anything'))
self.assertTrue(permissions.can_edit_property(
self.app_context, constants.SCOPE_COURSE_SETTINGS,
'absolutely/anything'))
def test_non_admin_has_no_permissions_with_no_configuration_needed(self):
actions.login(self.IN_ROLE_EMAIL)
self.assertFalse(
permissions.can_view(self.app_context,
constants.SCOPE_COURSE_SETTINGS))
self.assertFalse(
permissions.can_edit(self.app_context,
constants.SCOPE_COURSE_SETTINGS))
self.assertFalse(
permissions.can_view_property(self.app_context,
constants.SCOPE_COURSE_SETTINGS,
'absolutely/anything'))
self.assertFalse(
permissions.can_edit_property(self.app_context,
constants.SCOPE_COURSE_SETTINGS,
'absolutely/anything'))
def can_view(cls, app_context):
return permissions.can_view(app_context, constants.SCOPE_ASSESSMENT)
def can_view(cls, app_context):
return permissions.can_view(app_context, constants.SCOPE_ASSESSMENT)
