def _has_access_to_location(user, location, access_level, course_context):
'''
Returns True if the given user has access_level (= staff or
instructor) access to a location. For now this is equivalent to
having staff / instructor access to the course location.course.
This means that user is in the staff_* group or instructor_* group, or is an overall admin.
TODO (vshnayder): this needs to be changed to allow per-course_id permissions, not per-course
(e.g. staff in 2012 is different from 2013, but maybe some people always have access)
course is a string: the course field of the location being accessed.
location = location
access_level = string, either "staff" or "instructor"
'''
if user is None or (not user.is_authenticated()):
debug("Deny: no user or anon user")
return False
if is_masquerading_as_student(user):
return False
if GlobalStaff().has_user(user):
debug("Allow: user.is_staff")
return True
if access_level not in ('staff', 'instructor'):
log.debug("Error in access._has_access_to_location access_level=%s unknown", access_level)
debug("Deny: unknown access level")
return False
staff_access = (
CourseStaffRole(location, course_context).has_user(user) or
OrgStaffRole(location).has_user(user)
)
if staff_access and access_level == 'staff':
debug("Allow: user has course staff access")
return True
instructor_access = (
CourseInstructorRole(location, course_context).has_user(user) or
OrgInstructorRole(location).has_user(user)
)
if instructor_access and access_level in ('staff', 'instructor'):
debug("Allow: user has course instructor access")
return True
debug("Deny: user did not have correct access")
return False
def _setstaff_login(self):
"""Makes the test user staff and logs them in"""
GlobalStaff().add_users(self.user)
self.client.login(username=self.user.username, password='******')
def check_staff():
if perm != 'global':
debug("Deny: invalid permission '%s'", perm)
return False
return GlobalStaff().has_user(user)
def set_staff(self, create, extracted, **kwargs):
GlobalStaff().add_users(self)