Пример #1
0
    def get(self):
        """Handles REST GET verb and returns an object as JSON payload."""
        assert self.app_context.is_editable_fs()

        key = self.request.get('key')

        if not permissions.can_view(self.app_context,
                                    constants.SCOPE_COURSE_SETTINGS):
            transforms.send_json_response(self, 401, 'Access denied.',
                                          {'key': key})
            return

        # Load data if possible.
        fs = self.app_context.fs.impl
        filename = fs.physical_to_logical('/course.yaml')
        try:
            stream = fs.get(filename)
        except:  # pylint: disable=bare-except
            stream = None
        if not stream:
            transforms.send_json_response(self, 404, 'Object not found.',
                                          {'key': key})
            return

        # Prepare data.
        json_payload = self.process_get()
        transforms.send_json_response(
            self,
            200,
            'Success.',
            payload_dict=json_payload,
            xsrf_token=crypto.XsrfTokenManager.create_xsrf_token(
                self.XSRF_ACTION))
Пример #2
0
    def get(self):
        """Handles REST GET verb and returns an object as JSON payload."""
        assert self.app_context.is_editable_fs()

        key = self.request.get('key')

        if not permissions.can_view(self.app_context,
                                    constants.SCOPE_COURSE_SETTINGS):
            transforms.send_json_response(
                self, 401, 'Access denied.', {'key': key})
            return

        # Load data if possible.
        fs = self.app_context.fs.impl
        filename = fs.physical_to_logical('/course.yaml')
        try:
            stream = fs.get(filename)
        except:  # pylint: disable=bare-except
            stream = None
        if not stream:
            transforms.send_json_response(
                self, 404, 'Object not found.', {'key': key})
            return

        # Prepare data.
        json_payload = self.process_get()
        transforms.send_json_response(
            self, 200, 'Success.',
            payload_dict=json_payload,
            xsrf_token=crypto.XsrfTokenManager.create_xsrf_token(
                self.XSRF_ACTION))
Пример #3
0
def _render_course_outline_to_html(handler, course):
    """Renders course outline to HTML."""

    units = []
    for unit in course.get_units():
        if course.get_parent_unit(unit.unit_id):
            continue  # Will be rendered as part of containing element.
        if unit.type == verify.UNIT_TYPE_ASSESSMENT:
            units.append(_render_assessment_outline(handler, unit))
        elif unit.type == verify.UNIT_TYPE_LINK:
            units.append(_render_link_outline(handler, unit))
        elif unit.type == verify.UNIT_TYPE_UNIT:
            units.append(_render_unit_outline(handler, course, unit))
        elif unit.type == verify.UNIT_TYPE_CUSTOM:
            units.append(_render_custom_unit_outline(handler, course, unit))
        else:
            raise Exception('Unknown unit type: %s.' % unit.type)

    is_course_availability_editable = permissions.can_edit_property(
        handler.app_context, constants.SCOPE_COURSE_SETTINGS,
        'course/course:now_available')
    any_course_setting_viewable = permissions.can_view(
        handler.app_context, constants.SCOPE_COURSE_SETTINGS)
    template_values = {
        'course': {
            'title': course.title,
            'can_add_or_remove': roles.Roles.is_course_admin(
                handler.app_context),
            'can_reorder': roles.Roles.is_user_allowed(
                handler.app_context, custom_module,
                constants.COURSE_OUTLINE_REORDER_PERMISSION),
            'settings_viewable': any_course_setting_viewable,
            'availability': {
                'url': handler.get_action_url('course_availability'),
                'xsrf_token': handler.create_xsrf_token('course_availability'),
                'param': not handler.app_context.now_available,
                'now_available': handler.app_context.now_available,
                'is_editable': is_course_availability_editable,
            }
        },
        'units': units,
        'add_lesson_xsrf_token': handler.create_xsrf_token('add_lesson'),
        'unit_lesson_title_xsrf_token': handler.create_xsrf_token(
            unit_lesson_editor.UnitLessonTitleRESTHandler.XSRF_TOKEN),
        'unit_title_template': resources_display.get_unit_title_template(
            course.app_context),
        'extra_info_title': ', '.join(COURSE_OUTLINE_EXTRA_INFO_TITLES)
    }
    for item_type in unit_lesson_editor.UnitLessonEditor.CAN_EDIT_DRAFT:
        action_name = '%s_%s' % (
            unit_lesson_editor.UnitLessonEditor.ACTION_POST_SET_DRAFT_STATUS,
            item_type)
        token_name = 'status_xsrf_token_%s' % item_type
        template_values[token_name] = handler.create_xsrf_token(action_name)

    return jinja2.Markup(
        handler.get_template(
            'course_outline.html', [os.path.dirname(__file__)]
            ).render(template_values))
Пример #4
0
def _render_course_outline_to_html(handler, course):
    """Renders course outline to HTML."""

    units = []
    for unit in course.get_units():
        if course.get_parent_unit(unit.unit_id):
            continue  # Will be rendered as part of containing element.
        if unit.type == verify.UNIT_TYPE_ASSESSMENT:
            units.append(_render_assessment_outline(handler, unit))
        elif unit.type == verify.UNIT_TYPE_LINK:
            units.append(_render_link_outline(handler, unit))
        elif unit.type == verify.UNIT_TYPE_UNIT:
            units.append(_render_unit_outline(handler, course, unit))
        elif unit.type == verify.UNIT_TYPE_CUSTOM:
            units.append(_render_custom_unit_outline(handler, course, unit))
        else:
            raise Exception('Unknown unit type: %s.' % unit.type)

    is_course_availability_editable = permissions.can_edit_property(
        handler.app_context, constants.SCOPE_COURSE_SETTINGS,
        'course/course:now_available')
    any_course_setting_viewable = permissions.can_view(
        handler.app_context, constants.SCOPE_COURSE_SETTINGS)
    template_values = {
        'course': {
            'title':
            course.title,
            'can_add_or_remove':
            roles.Roles.is_course_admin(handler.app_context),
            'can_reorder':
            roles.Roles.is_user_allowed(
                handler.app_context, custom_module,
                constants.COURSE_OUTLINE_REORDER_PERMISSION),
            'settings_viewable':
            any_course_setting_viewable,
        },
        'units':
        units,
        'add_lesson_xsrf_token':
        handler.create_xsrf_token('add_lesson'),
        'unit_lesson_title_xsrf_token':
        handler.create_xsrf_token(
            unit_lesson_editor.UnitLessonTitleRESTHandler.XSRF_TOKEN),
        'unit_title_template':
        resources_display.get_unit_title_template(course.app_context),
        'extra_info_title':
        ', '.join(COURSE_OUTLINE_EXTRA_INFO_TITLES)
    }

    return jinja2.Markup(
        handler.get_template(
            'course_outline.html',
            [os.path.dirname(__file__)]).render(template_values))
 def test_admin_has_permissions_with_no_configuration_needed(self):
     actions.login(self.ADMIN_EMAIL, is_admin=True)
     self.assertTrue(permissions.can_view(
         self.app_context, constants.SCOPE_COURSE_SETTINGS))
     self.assertTrue(permissions.can_edit(
         self.app_context, constants.SCOPE_COURSE_SETTINGS))
     self.assertTrue(permissions.can_view_property(
         self.app_context, constants.SCOPE_COURSE_SETTINGS,
         'absolutely/anything'))
     self.assertTrue(permissions.can_edit_property(
         self.app_context, constants.SCOPE_COURSE_SETTINGS,
         'absolutely/anything'))
 def test_non_admin_has_no_permissions_with_no_configuration_needed(self):
     actions.login(self.IN_ROLE_EMAIL)
     self.assertFalse(
         permissions.can_view(self.app_context,
                              constants.SCOPE_COURSE_SETTINGS))
     self.assertFalse(
         permissions.can_edit(self.app_context,
                              constants.SCOPE_COURSE_SETTINGS))
     self.assertFalse(
         permissions.can_view_property(self.app_context,
                                       constants.SCOPE_COURSE_SETTINGS,
                                       'absolutely/anything'))
     self.assertFalse(
         permissions.can_edit_property(self.app_context,
                                       constants.SCOPE_COURSE_SETTINGS,
                                       'absolutely/anything'))
 def can_view(cls, app_context):
     return permissions.can_view(app_context, constants.SCOPE_ASSESSMENT)
 def can_view(cls, app_context):
     return permissions.can_view(app_context, constants.SCOPE_ASSESSMENT)