def get(self): """Handles REST GET verb and returns an object as JSON payload.""" assert self.app_context.is_editable_fs() key = self.request.get('key') if not permissions.can_view(self.app_context, constants.SCOPE_COURSE_SETTINGS): transforms.send_json_response(self, 401, 'Access denied.', {'key': key}) return # Load data if possible. fs = self.app_context.fs.impl filename = fs.physical_to_logical('/course.yaml') try: stream = fs.get(filename) except: # pylint: disable=bare-except stream = None if not stream: transforms.send_json_response(self, 404, 'Object not found.', {'key': key}) return # Prepare data. json_payload = self.process_get() transforms.send_json_response( self, 200, 'Success.', payload_dict=json_payload, xsrf_token=crypto.XsrfTokenManager.create_xsrf_token( self.XSRF_ACTION))
def get(self): """Handles REST GET verb and returns an object as JSON payload.""" assert self.app_context.is_editable_fs() key = self.request.get('key') if not permissions.can_view(self.app_context, constants.SCOPE_COURSE_SETTINGS): transforms.send_json_response( self, 401, 'Access denied.', {'key': key}) return # Load data if possible. fs = self.app_context.fs.impl filename = fs.physical_to_logical('/course.yaml') try: stream = fs.get(filename) except: # pylint: disable=bare-except stream = None if not stream: transforms.send_json_response( self, 404, 'Object not found.', {'key': key}) return # Prepare data. json_payload = self.process_get() transforms.send_json_response( self, 200, 'Success.', payload_dict=json_payload, xsrf_token=crypto.XsrfTokenManager.create_xsrf_token( self.XSRF_ACTION))
def _render_course_outline_to_html(handler, course): """Renders course outline to HTML.""" units = [] for unit in course.get_units(): if course.get_parent_unit(unit.unit_id): continue # Will be rendered as part of containing element. if unit.type == verify.UNIT_TYPE_ASSESSMENT: units.append(_render_assessment_outline(handler, unit)) elif unit.type == verify.UNIT_TYPE_LINK: units.append(_render_link_outline(handler, unit)) elif unit.type == verify.UNIT_TYPE_UNIT: units.append(_render_unit_outline(handler, course, unit)) elif unit.type == verify.UNIT_TYPE_CUSTOM: units.append(_render_custom_unit_outline(handler, course, unit)) else: raise Exception('Unknown unit type: %s.' % unit.type) is_course_availability_editable = permissions.can_edit_property( handler.app_context, constants.SCOPE_COURSE_SETTINGS, 'course/course:now_available') any_course_setting_viewable = permissions.can_view( handler.app_context, constants.SCOPE_COURSE_SETTINGS) template_values = { 'course': { 'title': course.title, 'can_add_or_remove': roles.Roles.is_course_admin( handler.app_context), 'can_reorder': roles.Roles.is_user_allowed( handler.app_context, custom_module, constants.COURSE_OUTLINE_REORDER_PERMISSION), 'settings_viewable': any_course_setting_viewable, 'availability': { 'url': handler.get_action_url('course_availability'), 'xsrf_token': handler.create_xsrf_token('course_availability'), 'param': not handler.app_context.now_available, 'now_available': handler.app_context.now_available, 'is_editable': is_course_availability_editable, } }, 'units': units, 'add_lesson_xsrf_token': handler.create_xsrf_token('add_lesson'), 'unit_lesson_title_xsrf_token': handler.create_xsrf_token( unit_lesson_editor.UnitLessonTitleRESTHandler.XSRF_TOKEN), 'unit_title_template': resources_display.get_unit_title_template( course.app_context), 'extra_info_title': ', '.join(COURSE_OUTLINE_EXTRA_INFO_TITLES) } for item_type in unit_lesson_editor.UnitLessonEditor.CAN_EDIT_DRAFT: action_name = '%s_%s' % ( unit_lesson_editor.UnitLessonEditor.ACTION_POST_SET_DRAFT_STATUS, item_type) token_name = 'status_xsrf_token_%s' % item_type template_values[token_name] = handler.create_xsrf_token(action_name) return jinja2.Markup( handler.get_template( 'course_outline.html', [os.path.dirname(__file__)] ).render(template_values))
def _render_course_outline_to_html(handler, course): """Renders course outline to HTML.""" units = [] for unit in course.get_units(): if course.get_parent_unit(unit.unit_id): continue # Will be rendered as part of containing element. if unit.type == verify.UNIT_TYPE_ASSESSMENT: units.append(_render_assessment_outline(handler, unit)) elif unit.type == verify.UNIT_TYPE_LINK: units.append(_render_link_outline(handler, unit)) elif unit.type == verify.UNIT_TYPE_UNIT: units.append(_render_unit_outline(handler, course, unit)) elif unit.type == verify.UNIT_TYPE_CUSTOM: units.append(_render_custom_unit_outline(handler, course, unit)) else: raise Exception('Unknown unit type: %s.' % unit.type) is_course_availability_editable = permissions.can_edit_property( handler.app_context, constants.SCOPE_COURSE_SETTINGS, 'course/course:now_available') any_course_setting_viewable = permissions.can_view( handler.app_context, constants.SCOPE_COURSE_SETTINGS) template_values = { 'course': { 'title': course.title, 'can_add_or_remove': roles.Roles.is_course_admin(handler.app_context), 'can_reorder': roles.Roles.is_user_allowed( handler.app_context, custom_module, constants.COURSE_OUTLINE_REORDER_PERMISSION), 'settings_viewable': any_course_setting_viewable, }, 'units': units, 'add_lesson_xsrf_token': handler.create_xsrf_token('add_lesson'), 'unit_lesson_title_xsrf_token': handler.create_xsrf_token( unit_lesson_editor.UnitLessonTitleRESTHandler.XSRF_TOKEN), 'unit_title_template': resources_display.get_unit_title_template(course.app_context), 'extra_info_title': ', '.join(COURSE_OUTLINE_EXTRA_INFO_TITLES) } return jinja2.Markup( handler.get_template( 'course_outline.html', [os.path.dirname(__file__)]).render(template_values))
def test_admin_has_permissions_with_no_configuration_needed(self): actions.login(self.ADMIN_EMAIL, is_admin=True) self.assertTrue(permissions.can_view( self.app_context, constants.SCOPE_COURSE_SETTINGS)) self.assertTrue(permissions.can_edit( self.app_context, constants.SCOPE_COURSE_SETTINGS)) self.assertTrue(permissions.can_view_property( self.app_context, constants.SCOPE_COURSE_SETTINGS, 'absolutely/anything')) self.assertTrue(permissions.can_edit_property( self.app_context, constants.SCOPE_COURSE_SETTINGS, 'absolutely/anything'))
def test_non_admin_has_no_permissions_with_no_configuration_needed(self): actions.login(self.IN_ROLE_EMAIL) self.assertFalse( permissions.can_view(self.app_context, constants.SCOPE_COURSE_SETTINGS)) self.assertFalse( permissions.can_edit(self.app_context, constants.SCOPE_COURSE_SETTINGS)) self.assertFalse( permissions.can_view_property(self.app_context, constants.SCOPE_COURSE_SETTINGS, 'absolutely/anything')) self.assertFalse( permissions.can_edit_property(self.app_context, constants.SCOPE_COURSE_SETTINGS, 'absolutely/anything'))
def can_view(cls, app_context): return permissions.can_view(app_context, constants.SCOPE_ASSESSMENT)