def test_changing_viewability(self): exp = exp_domain.Exploration.create_default_exploration( self.EXP_ID, 'A title', 'A category') exp_services.save_new_exploration(self.user_id_a, exp) self.assertFalse( rights_manager.Actor(self.user_id_b).can_view(self.EXP_ID)) self.assertTrue(rights_manager.Actor( self.user_id_a).can_change_private_viewability(self.EXP_ID)) self.assertFalse(rights_manager.Actor( self.user_id_b).can_change_private_viewability(self.EXP_ID)) self.assertTrue(rights_manager.Actor( self.user_id_admin).can_change_private_viewability(self.EXP_ID)) with self.assertRaisesRegexp(Exception, 'already the current value'): rights_manager.set_private_viewability( self.user_id_a, self.EXP_ID, False) with self.assertRaisesRegexp(Exception, 'cannot be changed'): rights_manager.set_private_viewability( self.user_id_b, self.EXP_ID, True) rights_manager.set_private_viewability( self.user_id_a, self.EXP_ID, True) self.assertTrue( rights_manager.Actor(self.user_id_a).can_view(self.EXP_ID)) self.assertTrue( rights_manager.Actor(self.user_id_b).can_view(self.EXP_ID)) rights_manager.set_private_viewability( self.user_id_a, self.EXP_ID, False) self.assertTrue( rights_manager.Actor(self.user_id_a).can_view(self.EXP_ID)) self.assertFalse( rights_manager.Actor(self.user_id_b).can_view(self.EXP_ID)) rights_manager.publish_exploration(self.user_id_a, self.EXP_ID) self.assertFalse(rights_manager.Actor( self.user_id_a).can_change_private_viewability(self.EXP_ID)) rights_manager.unpublish_exploration(self.user_id_admin, self.EXP_ID) self.assertTrue(rights_manager.Actor( self.user_id_a).can_change_private_viewability(self.EXP_ID)) self.assertFalse(rights_manager.Actor( self.user_id_b).can_change_private_viewability(self.EXP_ID)) self.assertTrue(rights_manager.Actor( self.user_id_admin).can_change_private_viewability(self.EXP_ID))
def put(self, exploration_id): """Updates the editing rights for the given exploration.""" exploration = exp_services.get_exploration_by_id(exploration_id) version = self.payload.get('version') _require_valid_version(version, exploration.version) is_public = self.payload.get('is_public') is_publicized = self.payload.get('is_publicized') is_community_owned = self.payload.get('is_community_owned') new_member_username = self.payload.get('new_member_username') new_member_role = self.payload.get('new_member_role') viewable_if_private = self.payload.get('viewable_if_private') if new_member_username: if not rights_manager.Actor(self.user_id).can_modify_roles( exploration_id): raise self.UnauthorizedUserException( 'Only an owner of this exploration can add or change ' 'roles.') new_member_id = user_services.get_user_id_from_username( new_member_username) if new_member_id is None: raise Exception( 'Sorry, we could not find the specified user.') rights_manager.assign_role( self.user_id, exploration_id, new_member_id, new_member_role) elif is_public is not None: exploration = exp_services.get_exploration_by_id(exploration_id) if is_public: try: exploration.validate(strict=True) except utils.ValidationError as e: raise self.InvalidInputException(e) rights_manager.publish_exploration( self.user_id, exploration_id) exp_services.index_explorations_given_ids([exploration_id]) else: rights_manager.unpublish_exploration( self.user_id, exploration_id) exp_services.delete_documents_from_search_index([ exploration_id]) elif is_publicized is not None: exploration = exp_services.get_exploration_by_id(exploration_id) if is_publicized: try: exploration.validate(strict=True) except utils.ValidationError as e: raise self.InvalidInputException(e) rights_manager.publicize_exploration( self.user_id, exploration_id) else: rights_manager.unpublicize_exploration( self.user_id, exploration_id) elif is_community_owned: exploration = exp_services.get_exploration_by_id(exploration_id) try: exploration.validate(strict=True) except utils.ValidationError as e: raise self.InvalidInputException(e) rights_manager.release_ownership(self.user_id, exploration_id) elif viewable_if_private is not None: rights_manager.set_private_viewability( self.user_id, exploration_id, viewable_if_private) else: raise self.InvalidInputException( 'No change was made to this exploration.') self.render_json({ 'rights': rights_manager.get_exploration_rights( exploration_id).to_dict() })
def put(self, exploration_id): """Updates the editing rights for the given exploration.""" exploration = exp_services.get_exploration_by_id(exploration_id) version = self.payload.get('version') _require_valid_version(version, exploration.version) is_public = self.payload.get('is_public') is_publicized = self.payload.get('is_publicized') is_community_owned = self.payload.get('is_community_owned') new_member_username = self.payload.get('new_member_username') new_member_role = self.payload.get('new_member_role') viewable_if_private = self.payload.get('viewable_if_private') if new_member_username: if not rights_manager.Actor( self.user_id).can_modify_roles(exploration_id): raise self.UnauthorizedUserException( 'Only an owner of this exploration can add or change ' 'roles.') new_member_id = user_services.get_user_id_from_username( new_member_username) if new_member_id is None: raise Exception('Sorry, we could not find the specified user.') rights_manager.assign_role(self.user_id, exploration_id, new_member_id, new_member_role) elif is_public is not None: exploration = exp_services.get_exploration_by_id(exploration_id) if is_public: try: exploration.validate(strict=True) except utils.ValidationError as e: raise self.InvalidInputException(e) rights_manager.publish_exploration(self.user_id, exploration_id) exp_services.index_explorations_given_ids([exploration_id]) else: rights_manager.unpublish_exploration(self.user_id, exploration_id) exp_services.delete_documents_from_search_index( [exploration_id]) elif is_publicized is not None: exploration = exp_services.get_exploration_by_id(exploration_id) if is_publicized: try: exploration.validate(strict=True) except utils.ValidationError as e: raise self.InvalidInputException(e) rights_manager.publicize_exploration(self.user_id, exploration_id) else: rights_manager.unpublicize_exploration(self.user_id, exploration_id) elif is_community_owned: exploration = exp_services.get_exploration_by_id(exploration_id) try: exploration.validate(strict=True) except utils.ValidationError as e: raise self.InvalidInputException(e) rights_manager.release_ownership(self.user_id, exploration_id) elif viewable_if_private is not None: rights_manager.set_private_viewability(self.user_id, exploration_id, viewable_if_private) else: raise self.InvalidInputException( 'No change was made to this exploration.') self.render_json({ 'rights': rights_manager.get_exploration_rights(exploration_id).to_dict() })