Exemplo n.º 1
0
from bridgekeeper import perms, rules
from bridgekeeper.rules import Attribute, ManyRelation, Relation, in_current_groups
from django.contrib.auth.models import Group  # lint-amnesty, pylint: disable=unused-import

from openedx.core.djangoapps.content_libraries.models import ContentLibraryPermission

# Is the user active (and their email verified)?
is_user_active = rules.is_authenticated & rules.is_active
# Is the user global staff?
is_global_staff = is_user_active & rules.is_staff

# Helper rules used to define the permissions below

# Does the user have at least read permission for the specified library?
has_explicit_read_permission_for_library = (
    ManyRelation('permission_grants', (Attribute('user', lambda user: user)
                                       | Relation('group', in_current_groups)))
    # We don't check 'access_level' here because all access levels grant read permission
)
# Does the user have at least author permission for the specified library?
has_explicit_author_permission_for_library = (ManyRelation(
    'permission_grants', (Attribute('user', lambda user: user)
                          | Relation('group', in_current_groups)) &
    (Attribute('access_level', ContentLibraryPermission.AUTHOR_LEVEL)
     | Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL))))
# Does the user have admin permission for the specified library?
has_explicit_admin_permission_for_library = (ManyRelation(
    'permission_grants', (Attribute('user', lambda user: user)
                          | Relation('group', in_current_groups))
    & Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL)))

########################### Permissions ###########################
Exemplo n.º 2
0
from bridgekeeper.rules import Attribute, ManyRelation, Relation, in_current_groups
from django.contrib.auth.models import Group

from openedx.core.djangoapps.content_libraries.models import ContentLibraryPermission

# Is the user active (and their email verified)?
is_user_active = rules.is_authenticated & rules.is_active
# Is the user global staff?
is_global_staff = is_user_active & rules.is_staff

# Helper rules used to define the permissions below

# Does the user have at least read permission for the specified library?
has_explicit_read_permission_for_library = (
    ManyRelation(
        'contentlibrarypermission',
        (Attribute('user', lambda user: user) | Relation('group', in_current_groups))
    )
    # We don't check 'access_level' here because all access levels grant read permission
)
# Does the user have at least author permission for the specified library?
has_explicit_author_permission_for_library = (
    ManyRelation(
        'contentlibrarypermission',
        (Attribute('user', lambda user: user) | Relation('group', in_current_groups)) & (
            Attribute('access_level', ContentLibraryPermission.AUTHOR_LEVEL) |
            Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL)
        )
    )
)
# Does the user have admin permission for the specified library?
has_explicit_admin_permission_for_library = (
Exemplo n.º 3
0
from bridgekeeper.rules import blanket_rule, ManyRelation, Is

from django.contrib.auth.models import User

from profile.models import Profile

# check against Module
is_convenor = ManyRelation('convenors', 'convenors', User,
                           Is(lambda user: user))

# check against Module
is_teaching_assistant = ManyRelation('assistants', 'assistants', User,
                                     Is(lambda user: user))


@blanket_rule
def is_senior_tutor(user):
    if not hasattr(user, 'profile'):
        return False
    return user.profile.primary_role == Profile.SENIOR_TUTOR
Exemplo n.º 4
0
from openedx.core.djangoapps.content_libraries.models import ContentLibraryPermission

# Is the user active (and their email verified)?
is_user_active = rules.is_authenticated & rules.is_active
# Is the user global staff?
is_global_staff = is_user_active & rules.is_staff

# Helper rules used to define the permissions below

# Does the user have at least read permission for the specified library?
has_explicit_read_permission_for_library = (
    ManyRelation(
        # In newer versions of bridgekeeper, the 1st and 3rd arguments below aren't needed.
        'permission_grants',
        'contentlibrarypermission',
        ContentLibraryPermission,
        Attribute('user', lambda user: user)
        | Relation('group', Group, in_current_groups))
    # We don't check 'access_level' here because all access levels grant read permission
)
# Does the user have at least author permission for the specified library?
has_explicit_author_permission_for_library = (ManyRelation(
    'permission_grants', 'contentlibrarypermission', ContentLibraryPermission,
    (Attribute('user', lambda user: user)
     | Relation('group', Group, in_current_groups)) &
    (Attribute('access_level', ContentLibraryPermission.AUTHOR_LEVEL)
     | Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL))))
# Does the user have admin permission for the specified library?
has_explicit_admin_permission_for_library = (ManyRelation(
    'permission_grants', 'contentlibrarypermission', ContentLibraryPermission,
Exemplo n.º 5
0
from bridgekeeper import perms
from bridgekeeper.rules import is_authenticated, Attribute, Relation, ManyRelation, Is
from .models import Organization

is_public_course = ManyRelation("organizations", "organizations", Organization,
                                Attribute("name", matches="MITx"))

perms["queries.view_course"] = is_authenticated | is_public_course