def dispatch(self, *args, **kwargs): # initialize a few helpful variables here self.record_viewer = self.request.user self.record_owner = None record_owner_name = kwargs.pop("record_owner_name", None) if record_owner_name: self.record_owner = get_object_or_404(User, username=record_owner_name) # Is the current user faculty or a CCNMTL staff member self.is_viewer_faculty = cached_course_is_faculty(self.request.course, self.record_viewer) # Can the record_owner edit the records self.viewing_own_records = self.record_owner == self.record_viewer self.viewing_faculty_records = self.record_owner and cached_course_is_faculty( self.request.course, self.record_owner ) # Does the course allow viewing other user selections? # The viewer can always view their own records + faculty records # If the viewer is faculty, they can view all records self.all_selections_are_visible = all_selections_are_visible(self.request.course) self.visible_authors = [] if not self.all_selections_are_visible and not self.is_viewer_faculty: self.visible_authors = [self.record_viewer.id] # me for user in self.request.course.faculty.all(): self.visible_authors.append(user.id) return super(RestrictedMaterialsMixin, self).dispatch(*args, **kwargs)
def dispatch(self, *args, **kwargs): # initialize a few helpful variables here self.record_viewer = self.request.user self.record_owner = None record_owner_name = kwargs.pop('record_owner_name', None) if record_owner_name: self.record_owner = get_object_or_404(User, username=record_owner_name) # Is the current user faculty or a CCNMTL staff member self.is_viewer_faculty = cached_course_is_faculty( self.request.course, self.record_viewer) # Can the record_owner edit the records self.viewing_own_records = (self.record_owner == self.record_viewer) self.viewing_faculty_records = (self.record_owner and cached_course_is_faculty( self.request.course, self.record_owner)) # Does the course allow viewing other user selections? # The viewer can always view their own records + faculty records # If the viewer is faculty, they can view all records self.all_selections_are_visible = \ all_selections_are_visible(self.request.course) self.visible_authors = [] if not self.all_selections_are_visible and not self.is_viewer_faculty: self.visible_authors = [self.record_viewer.id] # me for user in self.request.course.faculty.all(): self.visible_authors.append(user.id) return super(RestrictedMaterialsMixin, self).dispatch(*args, **kwargs)
def initialize(self, record_owner_name=None): # initialize a few helpful variables here self.record_viewer = self.request.user self.record_owner = None if record_owner_name: self.record_owner = get_object_or_404(User, username=record_owner_name) # Is the current user faculty or a CCNMTL staff member self.is_viewer_faculty = cached_course_is_faculty(self.request.course, self.record_viewer) # Can the record_owner edit the records self.viewing_own_records = (self.record_owner == self.record_viewer) self.viewing_faculty_records = ( self.record_owner and cached_course_is_faculty(self.request.course, self.record_owner)) # Does the course allow viewing other user selections? # The viewer can always view their own records + faculty records # If the viewer is faculty, they can view all records self.all_selections_are_visible = \ all_selections_are_visible(self.request.course) self.all_items_are_visible = \ all_items_are_visible(self.request.course) self.visible_authors = [] if (not self.is_viewer_faculty and (not self.all_selections_are_visible or not self.all_items_are_visible)): self.visible_authors = [self.record_viewer.id] # me for user in self.request.course.faculty.all(): self.visible_authors.append(user.id)
def get_context_data(self, **kwargs): context = super(CourseDetailView, self).get_context_data(**kwargs) course = context.get('object') qs = ExternalCollection.objects.filter(course=course) collections = qs.filter(uploader=False).order_by('title') uploader = qs.filter(uploader=True).first() owners = [] if (course.is_member(self.request.user) and (self.request.user.is_staff or self.request.user.has_perm('assetmgr.can_upload_for'))): owners = UserResource().render_list(self.request, course.members) context.update({ 'course': course, 'classwork_owner': self.request.user, 'information_title': course_information_title(course), 'faculty_feed': Project.objects.faculty_compositions( course, self.request.user), 'is_faculty': cached_course_is_faculty(course, self.request.user), 'discussions': get_course_discussions(course), 'collections': collections, 'uploader': uploader, 'can_upload': False, 'owners': owners, }) return context
def can_read(self, course, viewer, the_collaboration=None, viewer_response=None): # has the author published his work? collaboration = the_collaboration or self.get_collaboration() if (collaboration is None) or \ (not collaboration.permission_to('read', course, viewer)): return False # If this project is an assignment response, verify the parent # assignment's response policy sanctions a read by the viewer if (not self.is_composition() or collaboration.policy_record.policy_name == PUBLISH_WHOLE_WORLD[0]): return True # this project is an assignment parent = collaboration.get_parent() if parent is None: return True # this project does not have a parent assignment # the author & faculty can always view a submitted response if (cached_course_is_faculty(course, viewer) or self.is_participant(viewer)): return True assignment = parent.content_object if (assignment.response_view_policy == RESPONSE_VIEW_ALWAYS[0]): return True elif assignment.response_view_policy == RESPONSE_VIEW_SUBMITTED[0]: viewer_response = ( viewer_response or self._response_by_author(parent.get_children_for_object(self), viewer)) return viewer_response and viewer_response.is_submitted() else: # assignment.response_view_policy == 'never': return False
def can_read(self, course, viewer, the_collaboration=None): # has the author published his work? collaboration = the_collaboration or self.get_collaboration() if (collaboration is None) or \ (not collaboration.permission_to('read', course, viewer)): return False # If this project is an assignment response, verify the parent # assignment's response policy sanctions a read by the viewer if not self.is_composition(): return True # this project is an assignment parent = collaboration.get_parent() if parent is None or parent.content_object is None: return True # this project does not have a parent assignment # the author & faculty can always view a submitted response if (self.is_participant(viewer) or cached_course_is_faculty(course, viewer)): return True assignment = parent.content_object if (assignment.response_view_policy == RESPONSE_VIEW_ALWAYS[0]): return True elif assignment.response_view_policy == RESPONSE_VIEW_SUBMITTED[0]: # can_read if the viewer has submitted his own work # @todo - consider multiple assignment responses # via collaborative authoring. responses = assignment.responses(course, viewer, viewer) return len(responses) > 0 and responses[0].is_submitted() else: # assignment.response_view_policy == 'never': return False
def read(self, coll, course, user): course_collaboration = cached_course_collaboration(course) return coll.context == course_collaboration and ( (course and cached_course_is_faculty(course, user)) or coll.user_id == user.id or (coll.group_id and user in coll.group.user_set.all()) )
def apply_authorization_limits(self, request, object_list): course = self.course or request.course if (all_selections_are_visible(course) or cached_course_is_faculty(course, request.user)): return self.get_unrestricted(request, object_list, course) else: return self.get_restricted(request, object_list, course)
def has_object_permission(self, request, view, obj): # Am I the owner of this asset? if obj.author == request.user: return True if cached_course_is_faculty(obj.course, request.user): return True if not all_items_are_visible(obj.course): raise PermissionDenied return True
def deprecated_course_detail_view(request, course_pk): try: course = get_object_or_404(Course, pk=course_pk) request.course = course request.session[SESSION_KEY] = course except Course.DoesNotExist: return HttpResponseRedirect('/accounts/login/') logged_in_user = request.user classwork_owner = request.user # Viewing your own work by default if 'username' in request.GET: user_name = request.GET['username'] in_course_or_404(user_name, request.course) classwork_owner = get_object_or_404(User, username=user_name) qs = ExternalCollection.objects.filter(course=request.course) collections = qs.filter(uploader=False).order_by('title') uploader = qs.filter(uploader=True).first() owners = [] if (request.course.is_member(logged_in_user) and (logged_in_user.is_staff or logged_in_user.has_perm('assetmgr.can_upload_for'))): owners = UserResource().render_list(request, request.course.members) context = { 'classwork_owner': classwork_owner, 'information_title': course_information_title(course), 'faculty_feed': Project.objects.faculty_compositions(course, logged_in_user), 'is_faculty': cached_course_is_faculty(course, logged_in_user), 'discussions': get_course_discussions(course), 'msg': request.GET.get('msg', ''), 'view': request.GET.get('view', ''), 'collections': collections, 'uploader': uploader, 'can_upload': course_details.can_upload(request.user, request.course), 'owners': owners } return context
def post(self, request, course_pk): from_course_id = request.POST.get('fromCourse', None) from_course = get_object_or_404(Course, id=from_course_id) faculty = [user.id for user in from_course.faculty.all()] include_tags = request.POST.get('include_tags', 'false') == 'true' include_notes = request.POST.get('include_notes', 'false') == 'true' # maps old ids to new objects object_map = {'assets': {}, 'notes': {}, 'projects': {}} owner = request.user if 'on_behalf_of' in request.POST: owner = User.objects.get(id=request.POST.get('on_behalf_of')) if (not in_course(owner.username, request.course) or not cached_course_is_faculty(request.course, owner)): json_stream = json.dumps({ 'success': False, 'message': '%s is not a course member or faculty member' }) return HttpResponse(json_stream, content_type='application/json') if 'asset_ids[]' in request.POST: asset_ids = request.POST.getlist('asset_ids[]') assets = Asset.objects.filter(id__in=asset_ids) object_map = Asset.objects.migrate(assets, request.course, owner, faculty, object_map, include_tags, include_notes) if 'project_ids[]' in request.POST: project_ids = request.POST.getlist('project_ids[]') projects = Project.objects.filter(id__in=project_ids) object_map = Project.objects.migrate(projects, request.course, owner, object_map, include_tags, include_notes) json_stream = json.dumps({ 'success': True, 'asset_count': len(object_map['assets']), 'project_count': len(object_map['projects']), 'note_count': len(object_map['notes']) }) return HttpResponse(json_stream, content_type='application/json')
def triple_homepage(request): if not request.course: return HttpResponseRedirect('/accounts/login/') logged_in_user = request.user classwork_owner = request.user # Viewing your own work by default if 'username' in request.GET: user_name = request.GET['username'] in_course_or_404(user_name, request.course) classwork_owner = get_object_or_404(User, username=user_name) course = request.course qs = ExternalCollection.objects.filter(course=request.course) collections = qs.filter(uploader=False).order_by('title') uploader = qs.filter(uploader=True).first() owners = [] if (request.course.is_member(logged_in_user) and (logged_in_user.is_staff or logged_in_user.has_perm('assetmgr.can_upload_for'))): owners = UserResource().render_list(request, request.course.members) context = { 'classwork_owner': classwork_owner, "information_title": course_information_title(course), 'faculty_feed': Project.objects.faculty_compositions(course, logged_in_user), 'is_faculty': cached_course_is_faculty(course, logged_in_user), 'discussions': get_course_discussions(course), 'msg': request.GET.get('msg', ''), 'view': request.GET.get('view', ''), 'collections': collections, 'uploader': uploader, 'can_upload': course_details.can_upload(request.user, request.course), 'owners': owners } if getattr(settings, 'DJANGOSHERD_FLICKR_APIKEY', None): # MUST only contain string values for now!! # (see templates/assetmgr/bookmarklet.js to see why or fix) context['bookmarklet_vars'] = { 'flickr_apikey': settings.DJANGOSHERD_FLICKR_APIKEY } return context
def post(self, request): from_course_id = request.POST.get('fromCourse', None) from_course = get_object_or_404(Course, id=from_course_id) faculty = [user.id for user in from_course.faculty.all()] include_tags = request.POST.get('include_tags', 'false') == 'true' include_notes = request.POST.get('include_notes', 'false') == 'true' # maps old ids to new objects object_map = {'assets': {}, 'notes': {}, 'projects': {}} owner = request.user if 'on_behalf_of' in request.POST: owner = User.objects.get(id=request.POST.get('on_behalf_of')) if (not in_course(owner.username, request.course) or not cached_course_is_faculty(request.course, owner)): json_stream = json.dumps({ 'success': False, 'message': '%s is not a course member or faculty member'}) return HttpResponse(json_stream, content_type='application/json') if 'asset_ids[]' in request.POST: asset_ids = request.POST.getlist('asset_ids[]') assets = Asset.objects.filter(id__in=asset_ids) object_map = Asset.objects.migrate( assets, request.course, owner, faculty, object_map, include_tags, include_notes) if 'project_ids[]' in request.POST: project_ids = request.POST.getlist('project_ids[]') projects = Project.objects.filter(id__in=project_ids) object_map = Project.objects.migrate( projects, request.course, owner, object_map, include_tags, include_notes) json_stream = json.dumps({ 'success': True, 'asset_count': len(object_map['assets']), 'project_count': len(object_map['projects']), 'note_count': len(object_map['notes'])}) return HttpResponse(json_stream, content_type='application/json')
def get_context_data(self, **kwargs): # Only show courses for which the user is an instructor available_courses = available_courses_query(self.request.user) courses = [] if self.request.user.is_superuser: courses = available_courses else: for course in available_courses: if cached_course_is_faculty(course, self.request.user): courses.append(course) # Only send down the real faculty. Not all us staff members faculty = [] for user in self.request.course.faculty.all(): faculty.append(user) return { "current_course_faculty": faculty, "available_courses": courses }
def can_read(self, course, viewer, the_collaboration=None, viewer_response=None): # has the author published his work? collaboration = the_collaboration or self.get_collaboration() if (collaboration is None) or \ (not collaboration.permission_to('read', course, viewer)): return False # First check: if this is not a composition if (not self.is_composition() or collaboration.policy_record.policy_name == PUBLISH_WHOLE_WORLD[0]): return True parent = collaboration.get_parent() if parent is None: return True # this project does not have a parent assignment # If this project is an assignment response, verify the parent # assignment's response policy sanctions a read by the viewer # the author & faculty can always view a submitted response if ((course and cached_course_is_faculty(course, viewer)) or self.is_participant(viewer)): return True assignment = parent.content_object if (assignment.response_view_policy == RESPONSE_VIEW_ALWAYS[0]): return True elif assignment.response_view_policy == RESPONSE_VIEW_SUBMITTED[0]: viewer_response = (viewer_response or self._response_by_author( parent.get_children_for_object(self), viewer)) return viewer_response and viewer_response.is_submitted() else: # assignment.response_view_policy == 'never' # or a public url is being accessed and the user has changed # security settings return False
def course_detail_view(request): if not request.course: return HttpResponseRedirect('/accounts/login/') logged_in_user = request.user classwork_owner = request.user # Viewing your own work by default if 'username' in request.GET: user_name = request.GET['username'] in_course_or_404(user_name, request.course) classwork_owner = get_object_or_404(User, username=user_name) course = request.course qs = ExternalCollection.objects.filter(course=request.course) collections = qs.filter(uploader=False).order_by('title') uploader = qs.filter(uploader=True).first() owners = [] if (request.course.is_member(logged_in_user) and (logged_in_user.is_staff or logged_in_user.has_perm('assetmgr.can_upload_for'))): owners = UserResource().render_list(request, request.course.members) context = { 'classwork_owner': classwork_owner, 'information_title': course_information_title(course), 'faculty_feed': Project.objects.faculty_compositions(course, logged_in_user), 'is_faculty': cached_course_is_faculty(course, logged_in_user), 'discussions': get_course_discussions(course), 'msg': request.GET.get('msg', ''), 'view': request.GET.get('view', ''), 'collections': collections, 'uploader': uploader, 'can_upload': course_details.can_upload(request.user, request.course), 'owners': owners } return context
def get_queryset(self): qs = Project.objects.visible_assignments_by_course( self.request.course, self.request.user) qs = self.filter_by_title(qs) if cached_course_is_faculty(self.request.course, self.request.user): qs = self.sort_queryset(qs, 'due_date', 'desc') else: # Assignments for the student are sorted by: # * the student's response submitted date asc with nulls first # * timedelta between today and the due_date desc with nulls last # annotate with the timedelta between today and the due_date qs = qs.annotate(due_delta=datetime.now() - F('due_date')) # use a subquery to retrieve the date of the user's response # and annotate the date_submitted my_responses = Project.objects.filter( (Q(author=self.request.user) | Q(participants=self.request.user)), collaboration___parent__object_pk=OuterRef('pk')).distinct() qs = qs.annotate(response_submitted=Subquery( my_responses.values('date_submitted')[:1])) qs = qs.annotate(response_policy=Subquery( my_responses.values( 'collaboration__policy_record__policy_name')[:1])) qs = qs.order_by('-response_submitted', F('due_delta').desc(nulls_last=True)) # Assignments for students can be filtered based on status qs = self.filter_by_status(qs) return qs.select_related('author').prefetch_related( 'participants', 'collaboration__children', 'collaboration__policy_record', 'collaboration__children__content_object')
def get_context_data(self, **kwargs): context = super(CourseDetailView, self).get_context_data(**kwargs) course = context.get('object') qs = ExternalCollection.objects.filter(course=self.request.course) collections = qs.filter(uploader=False).order_by('title') uploader = qs.filter(uploader=True).first() owners = [] if (self.request.course.is_member(self.request.user) and (self.request.user.is_staff or self.request.user.has_perm('assetmgr.can_upload_for'))): owners = UserResource().render_list(self.request, course.members) context.update({ 'course': course, 'classwork_owner': self.request.user, 'information_title': course_information_title(course), 'faculty_feed': Project.objects.faculty_compositions(course, self.request.user), 'is_faculty': cached_course_is_faculty(course, self.request.user), 'owners': owners, 'collections': collections, 'uploader': uploader, 'msg': self.request.GET.get('msg', ''), 'can_upload': course_details.can_upload(self.request.user, self.request.course), }) return context
def apply_limits(self, request, object_list, exclude_global=True): if request.user.is_authenticated(): if exclude_global: # only request user's global annotations object_list = object_list.exclude(~Q(author=request.user), range1__isnull=True) # Make sure the requesting user is allowed to see this note invisible = [] courses = {} for note in object_list.select_related('asset__course'): course = note.asset.course # Cache this out per course/user. It's just too slow otherwise if not course.id in courses.keys(): courses[course.id] = {'whitelist': None} is_faculty = cached_course_is_faculty(course, request.user) if (not course_details.all_selections_are_visible(course) and not is_faculty): courses[course.id]['whitelist'] = list(course.faculty) courses[course.id]['whitelist'].append(request.user) if not cached_course_is_member(course, request.user): invisible.append(note.id) elif (courses[course.id]['whitelist'] and not note.author in courses[course.id]['whitelist']): # apply per course limitations # the user or a faculty member must be the selection author invisible.append(note.id) return object_list.exclude(id__in=invisible).order_by('id') elif request.public: # attribute "public" set on request when requesting a # public_to_world essay. all notes are public by default return object_list.order_by('id') else: return []
def manage(self, coll, course, user): course_collaboration = cached_course_collaboration(course) return coll.context == course_collaboration and ( (course and cached_course_is_faculty(course, user)) or coll.user == user )
def manage(self, coll, course, user): course_collaboration = cached_course_collaboration(course) return (coll.context == course_collaboration and ((course and cached_course_is_faculty(course, user)) or coll.user == user))
def render_assets(request, record_owner, assets): course = request.course logged_in_user = request.user # Is the current user faculty OR staff is_faculty = cached_course_is_faculty(course, logged_in_user) # Can the record_owner edit the records viewing_own_records = (record_owner == logged_in_user) viewing_faculty_records = record_owner and course.is_faculty(record_owner) # Allow the logged in user to add assets to his composition citable = request.GET.get('citable', '') == 'true' # Does the course allow viewing other user selections? owner_selections_are_visible = ( course_details.all_selections_are_visible(course) or viewing_own_records or viewing_faculty_records or is_faculty) # Spew out json for the assets if request.GET.get('annotations', '') == 'true': resource = AssetResource(owner_selections_are_visible, record_owner, {'editable': viewing_own_records, 'citable': citable}) else: resource = AssetSummaryResource({'editable': viewing_own_records, 'citable': citable}) asset_json = resource.render_list(request, assets) active_filters = {} for k, val in request.GET.items(): if (k == 'tag' or k == 'modified' or k.startswith('vocabulary-')): active_filters[k] = val user_resource = UserResource() # #todo -- figure out a cleaner way to do this. Ugli-ness # Collate tag set & vocabulary set for the result set. # Get all visible notes for the returned asset set # These notes may include global annotations for all users, # whereas the rendered set will not active_asset_ids = [a['id'] for a in asset_json] active_notes = [] if record_owner: if owner_selections_are_visible: active_notes = SherdNote.objects.filter( asset__course=course, asset__id__in=active_asset_ids, author__id=record_owner.id) else: if all_selections_are_visible(course) or is_faculty: # Display all tags for the asset set including globals active_notes = SherdNote.objects.filter( asset__course=course, asset__id__in=active_asset_ids) else: whitelist = [f.id for f in course.faculty] whitelist.append(request.user.id) active_notes = SherdNote.objects.filter( asset__course=course, asset__id__in=active_asset_ids, author__id__in=whitelist) tags = [] if len(active_notes) > 0: tags = Tag.objects.usage_for_queryset(active_notes) tags.sort(lambda a, b: cmp(a.name.lower(), b.name.lower())) active_vocabulary = [] note_ids = [n.id for n in active_notes] content_type = ContentType.objects.get_for_model(SherdNote) term_resource = TermResource() for v in Vocabulary.objects.get_for_object(request.course): vocabulary = { 'id': v.id, 'display_name': v.display_name, 'term_set': [] } related = TermRelationship.objects.filter(term__vocabulary=v, content_type=content_type, object_id__in=note_ids) terms = [] for r in related: if r.term.display_name not in terms: the_term = term_resource.render_one(request, r.term) vocabulary['term_set'].append(the_term) terms.append(r.term.display_name) active_vocabulary.append(vocabulary) # Assemble the context data = {'assets': asset_json, 'active_tags': TagResource().render_list(request, tags), 'active_filters': active_filters, 'active_vocabulary': active_vocabulary, 'space_viewer': user_resource.render_one(request, logged_in_user), 'editable': viewing_own_records, 'citable': citable, 'is_faculty': is_faculty} if record_owner: data['space_owner'] = user_resource.render_one(request, record_owner) json_stream = simplejson.dumps(data, indent=2) return HttpResponse(json_stream, mimetype='application/json')
def test_cached_course_is_faculty(self): self.assertTrue( cached_course_is_faculty(self.sample_course, self.instructor_one)) self.assertTrue( cached_course_is_faculty(self.sample_course, self.instructor_one))
def read(self, coll, course, user): return (self.manage(coll, course, user) or cached_course_is_faculty(course, user))
def dispatch(self, *args, **kwargs): if not cached_course_is_faculty(self.request.course, self.request.user): return HttpResponseForbidden("forbidden") return super(LoggedInFacultyMixin, self).dispatch(*args, **kwargs)
def wrap(request, *args, **kwargs): if not cached_course_is_faculty(request.course, request.user): return HttpResponseForbidden("forbidden") return func(request, *args, **kwargs)
def render_assets(request, record_owner, assets): course = request.course logged_in_user = request.user # Is the current user faculty OR staff is_faculty = cached_course_is_faculty(course, logged_in_user) # Can the record_owner edit the records viewing_own_records = (record_owner == logged_in_user) viewing_faculty_records = record_owner and course.is_faculty(record_owner) # Allow the logged in user to add assets to his composition citable = request.GET.get('citable', '') == 'true' # Does the course allow viewing other user selections? owner_selections_are_visible = ( course_details.all_selections_are_visible(course) or viewing_own_records or viewing_faculty_records or is_faculty) # Spew out json for the assets if request.GET.get('annotations', '') == 'true': resource = AssetResource(owner_selections_are_visible, record_owner, { 'editable': viewing_own_records, 'citable': citable }) else: resource = AssetSummaryResource({ 'editable': viewing_own_records, 'citable': citable }) asset_json = resource.render_list(request, assets) active_filters = {} for key, val in request.GET.items(): if (key == 'tag' or key == 'modified' or key.startswith('vocabulary-')): active_filters[key] = val user_resource = UserResource() # #todo -- figure out a cleaner way to do this. Ugli-ness # Collate tag set & vocabulary set for the result set. # Get all visible notes for the returned asset set # These notes may include global annotations for all users, # whereas the rendered set will not active_asset_ids = [a['id'] for a in asset_json] active_notes = [] if record_owner: if owner_selections_are_visible: active_notes = SherdNote.objects.filter( asset__course=course, asset__id__in=active_asset_ids, author__id=record_owner.id) else: if all_selections_are_visible(course) or is_faculty: # Display all tags for the asset set including globals active_notes = SherdNote.objects.filter( asset__course=course, asset__id__in=active_asset_ids) else: whitelist = [f.id for f in course.faculty] whitelist.append(request.user.id) active_notes = SherdNote.objects.filter( asset__course=course, asset__id__in=active_asset_ids, author__id__in=whitelist) tags = [] if len(active_notes) > 0: tags = Tag.objects.usage_for_queryset(active_notes) tags.sort(lambda a, b: cmp(a.name.lower(), b.name.lower())) active_vocabulary = [] note_ids = [n.id for n in active_notes] content_type = ContentType.objects.get_for_model(SherdNote) term_resource = TermResource() for vocab in Vocabulary.objects.get_for_object(request.course): vocabulary = { 'id': vocab.id, 'display_name': vocab.display_name, 'term_set': [] } related = TermRelationship.objects.filter(term__vocabulary=vocab, content_type=content_type, object_id__in=note_ids) terms = [] for rel in related: if rel.term.display_name not in terms: the_term = term_resource.render_one(request, rel.term) vocabulary['term_set'].append(the_term) terms.append(rel.term.display_name) active_vocabulary.append(vocabulary) # Assemble the context data = { 'assets': asset_json, 'active_tags': TagResource().render_list(request, tags), 'active_filters': active_filters, 'active_vocabulary': active_vocabulary, 'space_viewer': user_resource.render_one(request, logged_in_user), 'editable': viewing_own_records, 'citable': citable, 'is_faculty': is_faculty } if record_owner: data['space_owner'] = user_resource.render_one(request, record_owner) json_stream = simplejson.dumps(data, indent=2) return HttpResponse(json_stream, mimetype='application/json')
def test_cached_course_is_faculty(self): self.assertTrue(cached_course_is_faculty(self.sample_course, self.instructor_one)) self.assertTrue(cached_course_is_faculty(self.sample_course, self.instructor_one))
def wrap(request, *args, **kwargs): if request.user is None or request.user.is_anonymous(): return HttpResponseForbidden("forbidden") if not cached_course_is_faculty(request.course, request.user): return HttpResponseForbidden("forbidden") return func(request, *args, **kwargs)
def read(self, coll, course, user): return self.manage(coll, course, user) or cached_course_is_faculty(course, user)
def read(self, coll, course, user): course_collaboration = cached_course_collaboration(course) return (coll.context == course_collaboration and ((course and cached_course_is_faculty(course, user)) or coll.user_id == user.id or (coll.group_id and user in coll.group.user_set.all())))