from bridgekeeper import perms, rules
from bridgekeeper.rules import Attribute, ManyRelation, Relation, in_current_groups
from django.contrib.auth.models import Group # lint-amnesty, pylint: disable=unused-import
from openedx.core.djangoapps.content_libraries.models import ContentLibraryPermission
# Is the user active (and their email verified)?
is_user_active = rules.is_authenticated & rules.is_active
# Is the user global staff?
is_global_staff = is_user_active & rules.is_staff
# Helper rules used to define the permissions below
# Does the user have at least read permission for the specified library?
has_explicit_read_permission_for_library = (
ManyRelation('permission_grants', (Attribute('user', lambda user: user)
| Relation('group', in_current_groups)))
# We don't check 'access_level' here because all access levels grant read permission
)
# Does the user have at least author permission for the specified library?
has_explicit_author_permission_for_library = (ManyRelation(
'permission_grants', (Attribute('user', lambda user: user)
| Relation('group', in_current_groups)) &
(Attribute('access_level', ContentLibraryPermission.AUTHOR_LEVEL)
| Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL))))
# Does the user have admin permission for the specified library?
has_explicit_admin_permission_for_library = (ManyRelation(
'permission_grants', (Attribute('user', lambda user: user)
| Relation('group', in_current_groups))
& Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL)))
########################### Permissions ###########################
from bridgekeeper.rules import Attribute, ManyRelation, Relation, in_current_groups
from django.contrib.auth.models import Group
from openedx.core.djangoapps.content_libraries.models import ContentLibraryPermission
# Is the user active (and their email verified)?
is_user_active = rules.is_authenticated & rules.is_active
# Is the user global staff?
is_global_staff = is_user_active & rules.is_staff
# Helper rules used to define the permissions below
# Does the user have at least read permission for the specified library?
has_explicit_read_permission_for_library = (
ManyRelation(
'contentlibrarypermission',
(Attribute('user', lambda user: user) | Relation('group', in_current_groups))
)
# We don't check 'access_level' here because all access levels grant read permission
)
# Does the user have at least author permission for the specified library?
has_explicit_author_permission_for_library = (
ManyRelation(
'contentlibrarypermission',
(Attribute('user', lambda user: user) | Relation('group', in_current_groups)) & (
Attribute('access_level', ContentLibraryPermission.AUTHOR_LEVEL) |
Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL)
)
)
)
# Does the user have admin permission for the specified library?
has_explicit_admin_permission_for_library = (
from bridgekeeper.rules import blanket_rule, ManyRelation, Is
from django.contrib.auth.models import User
from profile.models import Profile
# check against Module
is_convenor = ManyRelation('convenors', 'convenors', User,
Is(lambda user: user))
# check against Module
is_teaching_assistant = ManyRelation('assistants', 'assistants', User,
Is(lambda user: user))
@blanket_rule
def is_senior_tutor(user):
if not hasattr(user, 'profile'):
return False
return user.profile.primary_role == Profile.SENIOR_TUTOR
from openedx.core.djangoapps.content_libraries.models import ContentLibraryPermission
# Is the user active (and their email verified)?
is_user_active = rules.is_authenticated & rules.is_active
# Is the user global staff?
is_global_staff = is_user_active & rules.is_staff
# Helper rules used to define the permissions below
# Does the user have at least read permission for the specified library?
has_explicit_read_permission_for_library = (
ManyRelation(
# In newer versions of bridgekeeper, the 1st and 3rd arguments below aren't needed.
'permission_grants',
'contentlibrarypermission',
ContentLibraryPermission,
Attribute('user', lambda user: user)
| Relation('group', Group, in_current_groups))
# We don't check 'access_level' here because all access levels grant read permission
)
# Does the user have at least author permission for the specified library?
has_explicit_author_permission_for_library = (ManyRelation(
'permission_grants', 'contentlibrarypermission', ContentLibraryPermission,
(Attribute('user', lambda user: user)
| Relation('group', Group, in_current_groups)) &
(Attribute('access_level', ContentLibraryPermission.AUTHOR_LEVEL)
| Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL))))
# Does the user have admin permission for the specified library?
has_explicit_admin_permission_for_library = (ManyRelation(
'permission_grants', 'contentlibrarypermission', ContentLibraryPermission,
from bridgekeeper import perms
from bridgekeeper.rules import is_authenticated, Attribute, Relation, ManyRelation, Is
from .models import Organization
is_public_course = ManyRelation("organizations", "organizations", Organization,
Attribute("name", matches="MITx"))
perms["queries.view_course"] = is_authenticated | is_public_course