def test_has_ccx_coach_role(self): """ Assert that user has coach access on ccx. """ ccx_locator = self.make_ccx() # user have access as coach on ccx self.assertTrue(access.has_ccx_coach_role(self.coach, ccx_locator)) # user dont have access as coach on ccx self.setup_user() self.assertFalse(access.has_ccx_coach_role(self.user, ccx_locator))
def wrapper(request, course_id, **kwargs): """ Wraps the view function, performing access check, loading the course, and modifying the view's call signature. """ course_key = CourseKey.from_string(course_id) ccx = None if isinstance(course_key, CCXLocator): ccx_id = course_key.ccx try: ccx = CustomCourseForEdX.objects.get(pk=ccx_id) except CustomCourseForEdX.DoesNotExist: raise Http404 if ccx: # get permissions for ccx course course = get_course_by_id(course_key, depth=None) is_staff = has_access(request.user, 'staff', course) is_instructor = has_access(request.user, 'instructor', course) # and then set course key to CCX master course course_key = ccx.course_id course = get_course_by_id(course_key, depth=None) # if not course.enable_ccx: # raise Http404 if ccx and (is_staff or is_instructor): return view(request, course, ccx, **kwargs) else: if ccx is not None: if not has_ccx_coach_role(request.user, ccx.ccx_course_id): return HttpResponseForbidden( _('You must be the coach for this ccx to access this view' )) return view(request, course, ccx, **kwargs)