def check_course_access(course_key, user=None, ip_address=None, url=None): """ Check is the user with this ip_address has access to the given course Arguments: course_key (CourseKey): Location of the course the user is trying to access. Keyword Arguments: user (User): The user making the request. Can be None, in which case the user's profile country will not be checked. ip_address (str): The IP address of the request. url (str): The URL the user is trying to access. Used in log messages. Returns: Boolean: True if the user has access to the course; False otherwise """ # No-op if the country access feature is not enabled if not settings.FEATURES.get('EMBARGO'): return True # First, check whether there are any restrictions on the course. # If not, then we do not need to do any further checks course_is_restricted = RestrictedCourse.is_restricted_course(course_key) if not course_is_restricted: return True # Always give global and course staff access, regardless of embargo settings. if user is not None and has_course_author_access(user, course_key): return True if ip_address is not None: # Retrieve the country code from the IP address # and check it against the allowed countries list for a course user_country_from_ip = _country_code_from_ip(ip_address) if not CountryAccessRule.check_country_access(course_key, user_country_from_ip): log.info((u"Blocking user %s from accessing course %s at %s " u"because the user's IP address %s appears to be " u"located in %s."), getattr(user, 'id', '<Not Authenticated>'), course_key, url, ip_address, user_country_from_ip) return False if user is not None: # Retrieve the country code from the user's profile # and check it against the allowed countries list for a course. user_country_from_profile = _get_user_country_from_profile(user) if not CountryAccessRule.check_country_access( course_key, user_country_from_profile): log.info((u"Blocking user %s from accessing course %s at %s " u"because the user's profile country is %s."), user.id, course_key, url, user_country_from_profile) return False return True
def test_restricted_course_cache_with_save_delete(self): course_id = CourseLocator('abc', '123', 'doremi') RestrictedCourse.objects.create(course_key=course_id) # Warm the cache with self.assertNumQueries(1): RestrictedCourse.is_restricted_course(course_id) RestrictedCourse.is_disabled_access_check(course_id) # it should come from cache with self.assertNumQueries(0): RestrictedCourse.is_restricted_course(course_id) RestrictedCourse.is_disabled_access_check(course_id) self.assertFalse(RestrictedCourse.is_disabled_access_check(course_id)) # add new the course so the cache must get delete and again hit the db new_course_id = CourseLocator('def', '123', 'doremi') RestrictedCourse.objects.create( course_key=new_course_id, disable_access_check=True) with self.assertNumQueries(1): RestrictedCourse.is_restricted_course(new_course_id) RestrictedCourse.is_disabled_access_check(new_course_id) # it should come from cache with self.assertNumQueries(0): RestrictedCourse.is_restricted_course(new_course_id) RestrictedCourse.is_disabled_access_check(new_course_id) self.assertTrue( RestrictedCourse.is_disabled_access_check(new_course_id)) # deleting an object will delete cache also.and hit db on # get the is_restricted course abc = RestrictedCourse.objects.get(course_key=new_course_id) abc.delete() with self.assertNumQueries(1): RestrictedCourse.is_restricted_course(new_course_id) # it should come from cache with self.assertNumQueries(0): RestrictedCourse.is_restricted_course(new_course_id)
def test_restricted_course_cache_with_save_delete(self): course_id = CourseLocator('abc', '123', 'doremi') RestrictedCourse.objects.create(course_key=course_id) # Warm the cache with self.assertNumQueries(1): RestrictedCourse.is_restricted_course(course_id) RestrictedCourse.is_disabled_access_check(course_id) # it should come from cache with self.assertNumQueries(0): RestrictedCourse.is_restricted_course(course_id) RestrictedCourse.is_disabled_access_check(course_id) self.assertFalse(RestrictedCourse.is_disabled_access_check(course_id)) # add new the course so the cache must get delete and again hit the db new_course_id = CourseLocator('def', '123', 'doremi') RestrictedCourse.objects.create(course_key=new_course_id, disable_access_check=True) with self.assertNumQueries(1): RestrictedCourse.is_restricted_course(new_course_id) RestrictedCourse.is_disabled_access_check(new_course_id) # it should come from cache with self.assertNumQueries(0): RestrictedCourse.is_restricted_course(new_course_id) RestrictedCourse.is_disabled_access_check(new_course_id) self.assertTrue( RestrictedCourse.is_disabled_access_check(new_course_id)) # deleting an object will delete cache also.and hit db on # get the is_restricted course abc = RestrictedCourse.objects.get(course_key=new_course_id) abc.delete() with self.assertNumQueries(1): RestrictedCourse.is_restricted_course(new_course_id) # it should come from cache with self.assertNumQueries(0): RestrictedCourse.is_restricted_course(new_course_id)
def check_course_access(course_key, user=None, ip_address=None, url=None): """ Check is the user with this ip_address has access to the given course Arguments: course_key (CourseKey): Location of the course the user is trying to access. Keyword Arguments: user (User): The user making the request. Can be None, in which case the user's profile country will not be checked. ip_address (str): The IP address of the request. url (str): The URL the user is trying to access. Used in log messages. Returns: Boolean: True if the user has access to the course; False otherwise """ # First, check whether there are any restrictions on the course. # If not, then we do not need to do any further checks course_is_restricted = RestrictedCourse.is_restricted_course(course_key) if not course_is_restricted: return True if ip_address is not None: # Retrieve the country code from the IP address # and check it against the allowed countries list for a course user_country_from_ip = _country_code_from_ip(ip_address) if not CountryAccessRule.check_country_access(course_key, user_country_from_ip): log.info( ( u"Blocking user %s from accessing course %s at %s " u"because the user's IP address %s appears to be " u"located in %s." ), getattr(user, 'id', '<Not Authenticated>'), course_key, url, ip_address, user_country_from_ip ) return False if user is not None: # Retrieve the country code from the user's profile # and check it against the allowed countries list for a course. user_country_from_profile = _get_user_country_from_profile(user) if not CountryAccessRule.check_country_access(course_key, user_country_from_profile): log.info( ( u"Blocking user %s from accessing course %s at %s " u"because the user's profile country is %s." ), user.id, course_key, url, user_country_from_profile ) return False return True