def get_ability(course_id, content, user): """ Return a dictionary of forums-oriented actions and the user's permission to perform them """ return { 'editable': check_permissions_by_view( user, course_id, content, "update_thread" if content['type'] == 'thread' else "update_comment"), 'can_reply': check_permissions_by_view( user, course_id, content, "create_comment" if content['type'] == 'thread' else "create_sub_comment"), 'can_delete': check_permissions_by_view( user, course_id, content, "delete_thread" if content['type'] == 'thread' else "delete_comment"), 'can_openclose': check_permissions_by_view(user, course_id, content, "openclose_thread") if content['type'] == 'thread' else False, 'can_vote': check_permissions_by_view( user, course_id, content, "vote_for_thread" if content['type'] == 'thread' else "vote_for_comment"), }
def get_ability(course_id, content, user): return { 'editable': check_permissions_by_view(user, course_id, content, "update_thread" if content['type'] == 'thread' else "update_comment"), 'can_reply': check_permissions_by_view(user, course_id, content, "create_comment" if content['type'] == 'thread' else "create_sub_comment"), 'can_delete': check_permissions_by_view(user, course_id, content, "delete_thread" if content['type'] == 'thread' else "delete_comment"), 'can_openclose': check_permissions_by_view(user, course_id, content, "openclose_thread") if content['type'] == 'thread' else False, 'can_vote': check_permissions_by_view(user, course_id, content, "vote_for_thread" if content['type'] == 'thread' else "vote_for_comment"), }
def get_ability(course_id, content, user): return { 'editable': check_permissions_by_view(user, course_id, content, "update_thread" if content['type'] == 'thread' else "update_comment"), 'can_reply': check_permissions_by_view(user, course_id, content, "create_comment" if content['type'] == 'thread' else "create_sub_comment"), 'can_delete': check_permissions_by_view(user, course_id, content, "delete_thread" if content['type'] == 'thread' else "delete_comment"), 'can_openclose': check_permissions_by_view(user, course_id, content, "openclose_thread") if content['type'] == 'thread' else False, 'can_vote': check_permissions_by_view(user, course_id, content, "vote_for_thread" if content['type'] == 'thread' else "vote_for_comment"), }
def get_ability(course_id, content, user): """ Return a dictionary of forums-oriented actions and the user's permission to perform them """ return { 'editable': check_permissions_by_view(user, course_id, content, "update_thread" if content['type'] == 'thread' else "update_comment"), 'can_reply': check_permissions_by_view(user, course_id, content, "create_comment" if content['type'] == 'thread' else "create_sub_comment"), 'can_delete': check_permissions_by_view(user, course_id, content, "delete_thread" if content['type'] == 'thread' else "delete_comment"), 'can_openclose': check_permissions_by_view(user, course_id, content, "openclose_thread") if content['type'] == 'thread' else False, 'can_vote': check_permissions_by_view(user, course_id, content, "vote_for_thread" if content['type'] == 'thread' else "vote_for_comment"), }
def wrapper(request, *args, **kwargs): """ Wrapper for the view that only calls the view if the user is authorized. """ def fetch_content(): """ Extract the forum object from the keyword arguments to the view. """ user_group_id = None content_user_group_id = None if "thread_id" in kwargs: content = cc.Thread.find(kwargs["thread_id"]).to_dict() elif "comment_id" in kwargs: content = cc.Comment.find(kwargs["comment_id"]).to_dict() elif "commentable_id" in kwargs: content = cc.Commentable.find(kwargs["commentable_id"]).to_dict() else: content = None if 'username' in content: (user_group_id, content_user_group_id) = get_user_group_ids(course_key, content, request.user) return content, user_group_id, content_user_group_id course_key = CourseKey.from_string(kwargs['course_id']) content, user_group_id, content_user_group_id = fetch_content() if check_permissions_by_view(request.user, course_key, content, request.view_name, user_group_id, content_user_group_id): return func(request, *args, **kwargs) else: return JsonError("unauthorized", status=401)
def wrapper(request, *args, **kwargs): """ Wrapper for the view that only calls the view if the user is authorized. """ def fetch_content(): """ Extract the forum object from the keyword arguments to the view. """ if "thread_id" in kwargs: content = cc.Thread.find(kwargs["thread_id"]).to_dict() elif "comment_id" in kwargs: content = cc.Comment.find(kwargs["comment_id"]).to_dict() elif "commentable_id" in kwargs: content = cc.Commentable.find( kwargs["commentable_id"]).to_dict() else: content = None return content course_key = CourseKey.from_string(kwargs['course_id']) if check_permissions_by_view(request.user, course_key, fetch_content(), request.view_name): return func(request, *args, **kwargs) else: return JsonError("unauthorized", status=401)
def get_ability(course_id, content, user): """ Return a dictionary of forums-oriented actions and the user's permission to perform them """ (user_group_id, content_user_group_id) = get_user_group_ids(course_id, content, user) return { 'editable': check_permissions_by_view( user, course_id, content, "update_thread" if content['type'] == 'thread' else "update_comment", user_group_id, content_user_group_id ), 'can_reply': check_permissions_by_view(user, course_id, content, "create_comment" if content['type'] == 'thread' else "create_sub_comment"), 'can_delete': check_permissions_by_view( user, course_id, content, "delete_thread" if content['type'] == 'thread' else "delete_comment", user_group_id, content_user_group_id ), #'can_openclose': check_permissions_by_view( # user, # course_id, # content, # "openclose_thread" if content['type'] == 'thread' else False, # user_group_id, # content_user_group_id #), 'can_vote': not is_content_authored_by(content, user) and check_permissions_by_view( user, course_id, content, "vote_for_thread" if content['type'] == 'thread' else "vote_for_comment" ), 'can_report': not is_content_authored_by(content, user) and (check_permissions_by_view( user, course_id, content, "flag_abuse_for_thread" if content['type'] == 'thread' else "flag_abuse_for_comment" ) or GlobalStaff().has_user(user)) }
def get_ability(course_id, content, user): """ Return a dictionary of forums-oriented actions and the user's permission to perform them """ return { "editable": check_permissions_by_view( user, course_id, content, "update_thread" if content["type"] == "thread" else "update_comment" ), "can_reply": check_permissions_by_view( user, course_id, content, "create_comment" if content["type"] == "thread" else "create_sub_comment" ), "can_delete": check_permissions_by_view( user, course_id, content, "delete_thread" if content["type"] == "thread" else "delete_comment" ), "can_openclose": check_permissions_by_view(user, course_id, content, "openclose_thread") if content["type"] == "thread" else False, "can_vote": not is_content_authored_by(content, user) and check_permissions_by_view( user, course_id, content, "vote_for_thread" if content["type"] == "thread" else "vote_for_comment" ), "can_report": not is_content_authored_by(content, user) and check_permissions_by_view( user, course_id, content, "flag_abuse_for_thread" if content["type"] == "thread" else "flag_abuse_for_comment", ), }
def wrapper(request, *args, **kwargs): def fetch_content(): if "thread_id" in kwargs: content = cc.Thread.find(kwargs["thread_id"]).to_dict() elif "comment_id" in kwargs: content = cc.Comment.find(kwargs["comment_id"]).to_dict() else: content = None return content if check_permissions_by_view(request.user, kwargs['course_id'], fetch_content(), request.view_name): return fn(request, *args, **kwargs) else: return JsonError("unauthorized", status=401)
def wrapper(request, *args, **kwargs): def fetch_content(): if "thread_id" in kwargs: content = cc.Thread.find(kwargs["thread_id"]).to_dict() elif "comment_id" in kwargs: content = cc.Comment.find(kwargs["comment_id"]).to_dict() else: content = None return content if check_permissions_by_view(request.user, kwargs['course_id'], fetch_content(), request.view_name): return fn(request, *args, **kwargs) else: return JsonError("unauthorized", status=401)
def wrapper(request, *args, **kwargs): def fetch_content(): if "thread_id" in kwargs: content = cc.Thread.find(kwargs["thread_id"]).to_dict() elif "comment_id" in kwargs: content = cc.Comment.find(kwargs["comment_id"]).to_dict() else: content = None return content course_key = SlashSeparatedCourseKey.from_deprecated_string(kwargs['course_id']) if check_permissions_by_view(request.user, course_key, fetch_content(), request.view_name): return fn(request, *args, **kwargs) else: return JsonError("unauthorized", status=401)
def wrapper(request, *args, **kwargs): def fetch_content(): if "thread_id" in kwargs: content = cc.Thread.find(kwargs["thread_id"]).to_dict() elif "comment_id" in kwargs: content = cc.Comment.find(kwargs["comment_id"]).to_dict() else: content = None return content course_key = SlashSeparatedCourseKey.from_deprecated_string(kwargs['course_id']) if check_permissions_by_view(request.user, course_key, fetch_content(), request.view_name): return fn(request, *args, **kwargs) else: return JsonError("unauthorized", status=401)
def get_ability(course_id, content, user): """ Return a dictionary of forums-oriented actions and the user's permission to perform them """ (user_group_id, content_user_group_id) = get_user_group_ids(course_id, content, user) return { 'editable': check_permissions_by_view( user, course_id, content, "update_thread" if content['type'] == 'thread' else "update_comment", user_group_id, content_user_group_id ), 'can_reply': check_permissions_by_view(user, course_id, content, "create_comment" if content['type'] == 'thread' else "create_sub_comment"), 'can_delete': check_permissions_by_view( user, course_id, content, "delete_thread" if content['type'] == 'thread' else "delete_comment", user_group_id, content_user_group_id ), 'can_openclose': check_permissions_by_view( user, course_id, content, "openclose_thread" if content['type'] == 'thread' else False, user_group_id, content_user_group_id ), 'can_vote': not is_content_authored_by(content, user) and check_permissions_by_view( user, course_id, content, "vote_for_thread" if content['type'] == 'thread' else "vote_for_comment" ), 'can_report': not is_content_authored_by(content, user) and (check_permissions_by_view( user, course_id, content, "flag_abuse_for_thread" if content['type'] == 'thread' else "flag_abuse_for_comment" ) or GlobalStaff().has_user(user)) }
def wrapper(request, *args, **kwargs): """ Wrapper for the view that only calls the view if the user is authorized. """ def fetch_content(): """ Extract the forum object from the keyword arguments to the view. """ if "thread_id" in kwargs: content = cc.Thread.find(kwargs["thread_id"]).to_dict() elif "comment_id" in kwargs: content = cc.Comment.find(kwargs["comment_id"]).to_dict() elif "commentable_id" in kwargs: content = cc.Commentable.find(kwargs["commentable_id"]).to_dict() else: content = None return content course_key = SlashSeparatedCourseKey.from_deprecated_string(kwargs["course_id"]) if check_permissions_by_view(request.user, course_key, fetch_content(), request.view_name): return func(request, *args, **kwargs) else: return JsonError("unauthorized", status=401)
def get_ability(course_id, content, user): return { "editable": check_permissions_by_view( user, course_id, content, "update_thread" if content["type"] == "thread" else "update_comment" ), "can_reply": check_permissions_by_view( user, course_id, content, "create_comment" if content["type"] == "thread" else "create_sub_comment" ), "can_endorse": check_permissions_by_view(user, course_id, content, "endorse_comment") if content["type"] == "comment" else False, "can_delete": check_permissions_by_view( user, course_id, content, "delete_thread" if content["type"] == "thread" else "delete_comment" ), "can_openclose": check_permissions_by_view(user, course_id, content, "openclose_thread") if content["type"] == "thread" else False, "can_vote": check_permissions_by_view( user, course_id, content, "vote_for_thread" if content["type"] == "thread" else "vote_for_comment" ), }