def post(self, request, lib_key_str): """ Add a user to this content library via email, with permissions specified in the request body. """ key = LibraryLocatorV2.from_string(lib_key_str) api.require_permission_for_library_key(key, request.user, permissions.CAN_EDIT_THIS_CONTENT_LIBRARY_TEAM) serializer = ContentLibraryAddPermissionByEmailSerializer(data=request.data) serializer.is_valid(raise_exception=True) try: user = User.objects.get(email=serializer.validated_data.get('email')) except User.DoesNotExist: raise ValidationError({'email': _('We could not find a user with that email address.')}) grant = api.get_library_user_permissions(key, user) if grant: return Response( {'email': [_('This user already has access to this library.')]}, status=status.HTTP_400_BAD_REQUEST, ) try: api.set_library_user_permissions(key, user, access_level=serializer.validated_data["access_level"]) except api.LibraryPermissionIntegrityError as err: raise ValidationError(detail=str(err)) grant = api.get_library_user_permissions(key, user) return Response(ContentLibraryPermissionSerializer(grant).data)
def post(self, request): """ Create a new content library. """ if not request.user.has_perm(permissions.CAN_CREATE_CONTENT_LIBRARY): raise PermissionDenied serializer = ContentLibraryMetadataSerializer(data=request.data) serializer.is_valid(raise_exception=True) data = dict(serializer.validated_data) # Converting this over because using the reserved names 'type' and 'license' would shadow the built-in # definitions elsewhere. data['library_type'] = data.pop('type') data['library_license'] = data.pop('license') # Get the organization short_name out of the "key.org" pseudo-field that the serializer added: org_name = data["key"]["org"] # Move "slug" out of the "key.slug" pseudo-field that the serializer added: data["slug"] = data.pop("key")["slug"] try: org = Organization.objects.get(short_name=org_name) except Organization.DoesNotExist: raise ValidationError( detail={ "org": "No such organization '{}' found.".format(org_name) }) try: result = api.create_library(org=org, **data) except api.LibraryAlreadyExists: raise ValidationError( detail={"slug": "A library with that ID already exists."}) # Grant the current user admin permissions on the library: api.set_library_user_permissions(result.key, request.user, api.AccessLevel.ADMIN_LEVEL) return Response(ContentLibraryMetadataSerializer(result).data)
def delete(self, request, lib_key_str, user_id): """ Remove the specified user's permission to access or edit this content library. """ key = LibraryLocatorV2.from_string(lib_key_str) api.require_permission_for_library_key(key, request.user, permissions.CAN_EDIT_THIS_CONTENT_LIBRARY_TEAM) user = get_object_or_404(User, pk=int(user_id)) api.set_library_user_permissions(key, user, access_level=None) return Response({})
def put(self, request, lib_key_str, user_id): """ Add a user to this content library, with permissions specified in the request body. """ key = LibraryLocatorV2.from_string(lib_key_str) api.require_permission_for_library_key(key, request.user, permissions.CAN_EDIT_THIS_CONTENT_LIBRARY_TEAM) serializer = ContentLibraryPermissionLevelSerializer(data=request.data) serializer.is_valid(raise_exception=True) user = get_object_or_404(User, pk=int(user_id)) api.set_library_user_permissions(key, user, access_level=serializer.validated_data["access_level"]) return Response({})
def delete(self, request, lib_key_str, username): """ Remove the specified user's permission to access or edit this content library. """ key = LibraryLocatorV2.from_string(lib_key_str) api.require_permission_for_library_key(key, request.user, permissions.CAN_EDIT_THIS_CONTENT_LIBRARY_TEAM) user = get_object_or_404(User, username=username) try: api.set_library_user_permissions(key, user, access_level=None) except api.LibraryPermissionIntegrityError as err: raise ValidationError(detail=str(err)) return Response({})
def put(self, request, lib_key_str, username): """ Add a user to this content library, with permissions specified in the request body. """ key = LibraryLocatorV2.from_string(lib_key_str) api.require_permission_for_library_key(key, request.user, permissions.CAN_EDIT_THIS_CONTENT_LIBRARY_TEAM) serializer = ContentLibraryPermissionLevelSerializer(data=request.data) serializer.is_valid(raise_exception=True) user = get_object_or_404(User, username=username) try: api.set_library_user_permissions(key, user, access_level=serializer.validated_data["access_level"]) except api.LibraryPermissionIntegrityError as err: raise ValidationError(detail=str(err)) grant = api.get_library_user_permissions(key, user) return Response(ContentLibraryPermissionSerializer(grant).data)
def _authenticate_and_login(self, usage_key): """ Authenticate and authorize the user for this LTI message launch. We automatically create LTI profile for every valid launch, and authenticate the LTI user associated with it. """ # Check library authorization. if not ContentLibrary.authorize_lti_launch( usage_key.lib_key, issuer=self.launch_data['iss'], client_id=self.launch_data['aud'] ): return None # Check LTI profile. LtiProfile.objects.get_or_create_from_claims( iss=self.launch_data['iss'], aud=self.launch_data['aud'], sub=self.launch_data['sub']) edx_user = authenticate( self.request, iss=self.launch_data['iss'], aud=self.launch_data['aud'], sub=self.launch_data['sub']) if edx_user is not None: login(self.request, edx_user) perms = api.get_library_user_permissions( usage_key.lib_key, self.request.user) if not perms: api.set_library_user_permissions( usage_key.lib_key, self.request.user, api.AccessLevel.ADMIN_LEVEL) return edx_user