def post(self, request, course_id, rolename):
"""
Implement a handler for the POST method.
"""
kwargs = self._get_request_kwargs(course_id, rolename)
form = CourseDiscussionRolesForm(kwargs, request_user=request.user)
if not form.is_valid():
raise ValidationError(form.errors)
course_id = form.cleaned_data['course_key']
rolename = form.cleaned_data['rolename']
serializer = DiscussionRolesSerializer(data=request.data)
if not serializer.is_valid():
raise ValidationError(serializer.errors)
action = serializer.validated_data['action']
user = serializer.validated_data['user']
try:
update_forum_role(course_id, user, rolename, action)
except Role.DoesNotExist:
raise ValidationError(u"Role '{}' does not exist".format(rolename))
role = form.cleaned_data['role']
data = {'course_id': course_id, 'users': role.users.all()}
context = {
'course_discussion_settings':
get_course_discussion_settings(course_id)
}
serializer = DiscussionRolesListSerializer(data, context=context)
return Response(serializer.data)
def modify_special_forum_contributors(request, course_id):
unique_student_identifier = request.GET.get('unique_student_identifier')
rolename = request.GET.get('rolename')
action = request.GET.get('action')
try:
course_id = _check_rights(course_id, request.user, rolename)
except UnauthorizedAccessError as e:
return HttpResponseBadRequest(e.message)
course = get_course_by_id(course_id)
_check_custom_roles(course_id)
user = get_student_from_identifier(unique_student_identifier)
target_is_instructor = has_access(user, 'instructor', course)
# cannot revoke instructor
if target_is_instructor and action == 'revoke' and rolename == FORUM_ROLE_ADMINISTRATOR:
return HttpResponseBadRequest("Cannot revoke instructor forum admin privileges.")
try:
update_forum_role(course_id, user, rolename, action)
except Role.DoesNotExist:
return HttpResponseBadRequest("Role does not exist.")
response_payload = {
'course_id': course_id.to_deprecated_string(),
'action': action,
}
return JsonResponse(response_payload)
def post(self, request, course_id, rolename):
"""
Implement a handler for the POST method.
"""
kwargs = self._get_request_kwargs(course_id, rolename)
form = CourseDiscussionRolesForm(kwargs, request_user=request.user)
if not form.is_valid():
raise ValidationError(form.errors)
course_id = form.cleaned_data['course_key']
rolename = form.cleaned_data['rolename']
serializer = DiscussionRolesSerializer(data=request.data)
if not serializer.is_valid():
raise ValidationError(serializer.errors)
action = serializer.validated_data['action']
user = serializer.validated_data['user']
try:
update_forum_role(course_id, user, rolename, action)
except Role.DoesNotExist:
raise ValidationError("Role '{}' does not exist".format(rolename))
role = form.cleaned_data['role']
data = {'course_id': course_id, 'users': role.users.all()}
context = {'course_discussion_settings': get_course_discussion_settings(course_id)}
serializer = DiscussionRolesListSerializer(data, context=context)
return Response(serializer.data)
def modify_special_forum_contributors(request, course_id):
unique_student_identifier = request.GET.get('unique_student_identifier')
rolename = request.GET.get('rolename')
action = request.GET.get('action')
try:
course_id = _check_rights(course_id, request.user, rolename)
except UnauthorizedAccessError as e:
return HttpResponseBadRequest(e.message)
course = get_course_by_id(course_id)
_check_custom_roles(course_id)
user = get_student_from_identifier(unique_student_identifier)
target_is_instructor = has_access(user, 'instructor', course)
# cannot revoke instructor
if target_is_instructor and action == 'revoke' and rolename == FORUM_ROLE_ADMINISTRATOR:
return HttpResponseBadRequest("Cannot revoke instructor forum admin privileges.")
try:
update_forum_role(course_id, user, rolename, action)
except Role.DoesNotExist:
return HttpResponseBadRequest("Role does not exist.")
response_payload = {
'course_id': course_id.to_deprecated_string(),
'action': action,
}
return JsonResponse(response_payload)
def update_forum_role_membership(request, course_id):
"""
Modify user's forum role.
The requesting user must be at least staff.
Staff forum admins can access all roles EXCEPT for FORUM_ROLE_ADMINISTRATOR
which is limited to instructors.
No one can revoke an instructors FORUM_ROLE_ADMINISTRATOR status.
Query parameters:
- `email` is the target users email
- `rolename` is one of [FORUM_ROLE_ADMINISTRATOR, FORUM_ROLE_MODERATOR, FORUM_ROLE_COMMUNITY_TA]
- `action` is one of ['allow', 'revoke']
"""
course_id = SlashSeparatedCourseKey.from_deprecated_string(course_id)
course = get_course_by_id(course_id)
has_instructor_access = has_access(request.user, 'instructor', course)
has_forum_admin = has_forum_access(request.user, course_id,
FORUM_ROLE_ADMINISTRATOR)
unique_student_identifier = request.GET.get('unique_student_identifier')
rolename = request.GET.get('rolename')
action = request.GET.get('action')
# default roles require either (staff & forum admin) or (instructor)
if not (has_forum_admin or has_instructor_access):
return HttpResponseBadRequest(
"Operation requires staff & forum admin or instructor access")
# EXCEPT FORUM_ROLE_ADMINISTRATOR requires (instructor)
if rolename == FORUM_ROLE_ADMINISTRATOR and not has_instructor_access:
return HttpResponseBadRequest("Operation requires instructor access.")
if not rolename in [
FORUM_ROLE_ADMINISTRATOR, FORUM_ROLE_MODERATOR,
FORUM_ROLE_COMMUNITY_TA
]:
return HttpResponseBadRequest(
strip_tags("Unrecognized rolename '{}'.".format(rolename)))
user = get_student_from_identifier(unique_student_identifier)
target_is_instructor = has_access(user, 'instructor', course)
# cannot revoke instructor
if target_is_instructor and action == 'revoke' and rolename == FORUM_ROLE_ADMINISTRATOR:
return HttpResponseBadRequest(
"Cannot revoke instructor forum admin privileges.")
try:
update_forum_role(course_id, user, rolename, action)
except Role.DoesNotExist:
return HttpResponseBadRequest("Role does not exist.")
response_payload = {
'course_id': course_id.to_deprecated_string(),
'action': action,
}
return JsonResponse(response_payload)
def update_forum_role_membership(request, course_id):
"""
Modify user's forum role.
The requesting user must be at least staff.
Staff forum admins can access all roles EXCEPT for FORUM_ROLE_ADMINISTRATOR
which is limited to instructors.
No one can revoke an instructors FORUM_ROLE_ADMINISTRATOR status.
Query parameters:
- `email` is the target users email
- `rolename` is one of [FORUM_ROLE_ADMINISTRATOR, FORUM_ROLE_MODERATOR, FORUM_ROLE_COMMUNITY_TA]
- `action` is one of ['allow', 'revoke']
"""
course_id = SlashSeparatedCourseKey.from_deprecated_string(course_id)
course = get_course_by_id(course_id)
has_instructor_access = has_access(request.user, 'instructor', course)
has_forum_admin = has_forum_access(
request.user, course_id, FORUM_ROLE_ADMINISTRATOR
)
unique_student_identifier = request.GET.get('unique_student_identifier')
rolename = request.GET.get('rolename')
action = request.GET.get('action')
# default roles require either (staff & forum admin) or (instructor)
if not (has_forum_admin or has_instructor_access):
return HttpResponseBadRequest(
"Operation requires staff & forum admin or instructor access"
)
# EXCEPT FORUM_ROLE_ADMINISTRATOR requires (instructor)
if rolename == FORUM_ROLE_ADMINISTRATOR and not has_instructor_access:
return HttpResponseBadRequest("Operation requires instructor access.")
if not rolename in [FORUM_ROLE_ADMINISTRATOR, FORUM_ROLE_MODERATOR, FORUM_ROLE_COMMUNITY_TA]:
return HttpResponseBadRequest(strip_tags(
"Unrecognized rolename '{}'.".format(rolename)
))
user = get_student_from_identifier(unique_student_identifier)
target_is_instructor = has_access(user, 'instructor', course)
# cannot revoke instructor
if target_is_instructor and action == 'revoke' and rolename == FORUM_ROLE_ADMINISTRATOR:
return HttpResponseBadRequest("Cannot revoke instructor forum admin privileges.")
try:
update_forum_role(course_id, user, rolename, action)
except Role.DoesNotExist:
return HttpResponseBadRequest("Role does not exist.")
response_payload = {
'course_id': course_id.to_deprecated_string(),
'action': action,
}
return JsonResponse(response_payload)
def modify_special_forum_contributors(request, course_id):
unique_student_identifier = request.GET.get("unique_student_identifier")
rolename = request.GET.get("rolename")
action = request.GET.get("action")
course_id = _check_rights(course_id, request.user, rolename)
course = get_course_by_id(course_id)
_check_custom_roles(course_id)
user = get_student_from_identifier(unique_student_identifier)
target_is_instructor = has_access(user, "instructor", course)
# cannot revoke instructor
if target_is_instructor and action == "revoke" and rolename == FORUM_ROLE_ADMINISTRATOR:
return HttpResponseBadRequest("Cannot revoke instructor forum admin privileges.")
try:
update_forum_role(course_id, user, rolename, action)
except Role.DoesNotExist:
return HttpResponseBadRequest("Role does not exist.")
response_payload = {"course_id": course_id.to_deprecated_string(), "action": action}
return JsonResponse(response_payload)
def test_bad_mode(self):
user = UserFactory()
update_forum_role(self.course.id, user, FORUM_ROLE_MODERATOR,
'robot-not-a-mode')
def test_bad_mode(self):
user = UserFactory()
update_forum_role(self.course.id, user, FORUM_ROLE_MODERATOR, 'robot-not-a-mode')
def test_revoke_badrole(self):
user = self.moderators[0]
update_forum_role(self.course.id, user, 'robot-not-a-real-role', 'allow')
def test_revoke_notallowed(self):
user = UserFactory()
update_forum_role(self.course.id, user, FORUM_ROLE_MODERATOR, 'revoke')
self.assertNotIn(user, self.mod_role.users.all())
def test_revoke_twice(self):
user = self.moderators[0]
update_forum_role(self.course.id, user, FORUM_ROLE_MODERATOR, 'revoke')
self.assertNotIn(user, self.mod_role.users.all())
update_forum_role(self.course.id, user, FORUM_ROLE_MODERATOR, 'revoke')
self.assertNotIn(user, self.mod_role.users.all())
def test_allow_badrole(self):
user = UserFactory.create()
update_forum_role(self.course.id, user, 'robot-not-a-real-role', 'allow')
def test_allow_twice(self):
user = UserFactory.create()
update_forum_role(self.course.id, user, FORUM_ROLE_MODERATOR, 'allow')
self.assertIn(user, self.mod_role.users.all())
update_forum_role(self.course.id, user, FORUM_ROLE_MODERATOR, 'allow')
self.assertIn(user, self.mod_role.users.all())
def test_allow_twice(self):
user = UserFactory.create()
update_forum_role(self.course.id, user, FORUM_ROLE_MODERATOR, 'allow')
self.assertIn(user, self.mod_role.users.all())
update_forum_role(self.course.id, user, FORUM_ROLE_MODERATOR, 'allow')
self.assertIn(user, self.mod_role.users.all())
def test_allow_badrole(self):
user = UserFactory.create()
update_forum_role(self.course.id, user, 'robot-not-a-real-role',
'allow')
def test_revoke_badrole(self):
user = self.moderators[0]
update_forum_role(self.course.id, user, 'robot-not-a-real-role',
'allow')
def test_revoke_notallowed(self):
user = UserFactory()
update_forum_role(self.course.id, user, FORUM_ROLE_MODERATOR, 'revoke')
self.assertNotIn(user, self.mod_role.users.all())
def test_revoke_twice(self):
user = self.moderators[0]
update_forum_role(self.course.id, user, FORUM_ROLE_MODERATOR, 'revoke')
self.assertNotIn(user, self.mod_role.users.all())
update_forum_role(self.course.id, user, FORUM_ROLE_MODERATOR, 'revoke')
self.assertNotIn(user, self.mod_role.users.all())