def can_view_course_outline(app_context): return (roles.Roles.is_user_allowed( app_context, custom_module, constants.COURSE_OUTLINE_REORDER_PERMISSION) or permissions.can_edit(app_context, constants.SCOPE_UNIT) or permissions.can_edit(app_context, constants.SCOPE_ASSESSMENT) or permissions.can_edit(app_context, constants.SCOPE_LINK))
def can_view_course_outline(app_context): return ( roles.Roles.is_user_allowed( app_context, custom_module, constants.COURSE_OUTLINE_REORDER_PERMISSION) or permissions.can_edit(app_context, constants.SCOPE_UNIT) or permissions.can_edit(app_context, constants.SCOPE_ASSESSMENT) or permissions.can_edit(app_context, constants.SCOPE_LINK) )
def _render_unit_outline(handler, course, unit): course_writable = handler.app_context.is_editable_fs() can_view_props = course_writable and permissions.can_edit( handler.app_context, constants.SCOPE_UNIT) unit_data = { 'title': unit.title, 'component_type': 'unit', 'view_url': 'unit?unit=%s' % unit.unit_id, 'id': unit.unit_id, 'can_view_props': can_view_props, 'href': handler.canonicalize_url( '/dashboard?%s') % urllib.urlencode({ 'action': 'edit_unit', 'key': unit.unit_id}), } if unit.pre_assessment: assessment = course.find_unit_by_id(unit.pre_assessment) if assessment: assessment_outline = _render_assessment_outline(handler, assessment) assessment_outline['component_type'] = 'pre-assessment' assessment_outline['not_reorderable'] = True unit_data['pre_assessment'] = assessment_outline # Here, just check whether user is course admin to see if lesson contents # are editable. Eventually, can add specific sub-permissions to lessons, # if we like. lessons_editable = (handler.app_context.is_editable_fs() and roles.Roles.is_course_admin(handler.app_context)) lessons = [] for lesson in course.get_lessons(unit.unit_id): extras = [] for annotator in COURSE_OUTLINE_EXTRA_INFO_ANNOTATORS: extra_info = annotator(course, lesson) if extra_info: extras.append(extra_info) lessons.append({ 'title': lesson.title, 'component_type': 'lesson', 'view_url': 'unit?unit=%s&lesson=%s' % ( unit.unit_id, lesson.lesson_id), 'id': lesson.lesson_id, 'href': handler.get_action_url('edit_lesson', key=lesson.lesson_id), 'can_view_props': lessons_editable, 'auto_index': lesson.auto_index, 'extras': extras}) unit_data['lessons'] = lessons if unit.post_assessment: assessment = course.find_unit_by_id(unit.post_assessment) if assessment: assessment_outline = _render_assessment_outline(handler, assessment) assessment_outline['component_type'] = 'post-assessment' assessment_outline['not_reorderable'] = True unit_data['post_assessment'] = assessment_outline return unit_data
def put(self): """Handles REST PUT verb with JSON payload.""" assert self.app_context.is_editable_fs() request_param = self.request.get('request') if not request_param: transforms.send_json_response( self, 400, 'Missing "request" parameter.') return try: request = transforms.loads(request_param) except ValueError: transforms.send_json_response( self, 400, 'Malformed "request" parameter.') return key = request.get('key') if not key: transforms.send_json_response( self, 400, 'Request missing "key" parameter.') return payload_param = request.get('payload') if not payload_param: transforms.send_json_response( self, 400, 'Request missing "payload" parameter.') return try: payload = transforms.loads(payload_param) except ValueError: transforms.send_json_response( self, 400, 'Malformed "payload" parameter.') return if not self.assert_xsrf_token_or_fail( request, self.XSRF_ACTION, {'key': key}): return if not permissions.can_edit(self.app_context, constants.SCOPE_COURSE_SETTINGS): transforms.send_json_response( self, 401, 'Access denied.', {'key': key}) return request_data = self.process_put(request, payload) schema = self.get_course().create_settings_schema() permissions.SchemaPermissionRegistry.redact_schema_to_permitted_fields( self.app_context, constants.SCOPE_COURSE_SETTINGS, schema) schema.redact_entity_to_schema(payload) if request_data: course_settings = courses.deep_dict_merge( request_data, self.get_course_dict()) self.postprocess_put(course_settings, request) if not self.get_course().save_settings(course_settings): transforms.send_json_response(self, 412, 'Validation error.') transforms.send_json_response(self, 200, 'Saved.')
def test_admin_has_permissions_with_no_configuration_needed(self): actions.login(self.ADMIN_EMAIL, is_admin=True) self.assertTrue(permissions.can_view( self.app_context, constants.SCOPE_COURSE_SETTINGS)) self.assertTrue(permissions.can_edit( self.app_context, constants.SCOPE_COURSE_SETTINGS)) self.assertTrue(permissions.can_view_property( self.app_context, constants.SCOPE_COURSE_SETTINGS, 'absolutely/anything')) self.assertTrue(permissions.can_edit_property( self.app_context, constants.SCOPE_COURSE_SETTINGS, 'absolutely/anything'))
def _render_link_outline(handler, unit): course_writable = handler.app_context.is_editable_fs() can_view_props = course_writable and permissions.can_edit( handler.app_context, constants.SCOPE_LINK) return { 'title': unit.title, 'view_url': unit.href or '', 'id': unit.unit_id, 'component_type': 'link', 'can_view_props': can_view_props, 'href': handler.canonicalize_url( '/dashboard?%s') % urllib.urlencode({ 'action': 'edit_link', 'key': unit.unit_id}), }
def _render_assessment_outline(handler, unit): course_writable = handler.app_context.is_editable_fs() can_view_props = course_writable and permissions.can_edit( handler.app_context, constants.SCOPE_ASSESSMENT) return { 'title': unit.title, 'id': unit.unit_id, 'component_type': 'assessment', 'view_url': 'assessment?name=%s' % unit.unit_id, 'href': handler.canonicalize_url( '/dashboard?%s') % urllib.urlencode({ 'action': 'edit_assessment', 'key': unit.unit_id}), 'can_view_props': can_view_props, }
def test_non_admin_has_no_permissions_with_no_configuration_needed(self): actions.login(self.IN_ROLE_EMAIL) self.assertFalse( permissions.can_view(self.app_context, constants.SCOPE_COURSE_SETTINGS)) self.assertFalse( permissions.can_edit(self.app_context, constants.SCOPE_COURSE_SETTINGS)) self.assertFalse( permissions.can_view_property(self.app_context, constants.SCOPE_COURSE_SETTINGS, 'absolutely/anything')) self.assertFalse( permissions.can_edit_property(self.app_context, constants.SCOPE_COURSE_SETTINGS, 'absolutely/anything'))
def _render_custom_unit_outline(handler, course, unit): course_writable = handler.app_context.is_editable_fs() can_view_props = course_writable and permissions.can_edit( handler.app_context, constants.SCOPE_UNIT) return { 'title': unit.title, 'component_type': 'custom-unit', 'view_url': unit.custom_unit_url, 'id': unit.unit_id, 'can_view_props': can_view_props, 'href': handler.canonicalize_url( '/dashboard?%s') % urllib.urlencode({ 'action': 'edit_custom_unit', 'key': unit.unit_id, 'unit_type': unit.custom_unit_type}) }
def delete(self): """Handles REST DELETE verb with JSON payload.""" key = self.request.get('key') if not self.assert_xsrf_token_or_fail(self.request, self.XSRF_ACTION, {'key': key}): return if (not permissions.can_edit(self.app_context, constants.SCOPE_COURSE_SETTINGS) or not self.is_deletion_allowed()): transforms.send_json_response(self, 401, 'Access denied.', {'key': key}) return entity = self.process_delete() if self.get_course().save_settings(entity): transforms.send_json_response(self, 200, 'Deleted.')
def delete(self): """Handles REST DELETE verb with JSON payload.""" key = self.request.get('key') if not self.assert_xsrf_token_or_fail( self.request, self.XSRF_ACTION, {'key': key}): return if (not permissions.can_edit(self.app_context, constants.SCOPE_COURSE_SETTINGS) or not self.is_deletion_allowed()): transforms.send_json_response( self, 401, 'Access denied.', {'key': key}) return entity = self.process_delete() if self.get_course().save_settings(entity): transforms.send_json_response(self, 200, 'Deleted.')
def _render_link_outline(handler, unit): course_writable = handler.app_context.is_editable_fs() can_view_props = course_writable and permissions.can_edit( handler.app_context, constants.SCOPE_LINK) return { 'title': unit.title, 'view_url': unit.href or '', 'id': unit.unit_id, 'component_type': 'link', 'can_view_props': can_view_props, 'href': handler.canonicalize_url('/dashboard?%s') % urllib.urlencode({ 'action': 'edit_link', 'key': unit.unit_id }), }
def _render_assessment_outline(handler, unit): course_writable = handler.app_context.is_editable_fs() can_view_props = course_writable and permissions.can_edit( handler.app_context, constants.SCOPE_ASSESSMENT) return { 'title': unit.title, 'id': unit.unit_id, 'component_type': 'assessment', 'view_url': 'assessment?name=%s' % unit.unit_id, 'href': handler.canonicalize_url('/dashboard?%s') % urllib.urlencode({ 'action': 'edit_assessment', 'key': unit.unit_id }), 'can_view_props': can_view_props, }
def _render_custom_unit_outline(handler, course, unit): course_writable = handler.app_context.is_editable_fs() can_view_props = course_writable and permissions.can_edit( handler.app_context, constants.SCOPE_UNIT) return { 'title': unit.title, 'component_type': 'custom-unit', 'view_url': unit.custom_unit_url, 'id': unit.unit_id, 'can_view_props': can_view_props, 'href': handler.canonicalize_url('/dashboard?%s') % urllib.urlencode({ 'action': 'edit_custom_unit', 'key': unit.unit_id, 'unit_type': unit.custom_unit_type }) }
def can_edit(cls, app_context): return permissions.can_edit(app_context, constants.SCOPE_ASSESSMENT)
def _render_unit_outline(handler, course, unit): course_writable = handler.app_context.is_editable_fs() can_view_props = course_writable and permissions.can_edit( handler.app_context, constants.SCOPE_UNIT) unit_data = { 'title': unit.title, 'component_type': 'unit', 'view_url': 'unit?unit=%s' % unit.unit_id, 'id': unit.unit_id, 'can_view_props': can_view_props, 'href': handler.canonicalize_url('/dashboard?%s') % urllib.urlencode({ 'action': 'edit_unit', 'key': unit.unit_id }), } if unit.pre_assessment: assessment = course.find_unit_by_id(unit.pre_assessment) if assessment: assessment_outline = _render_assessment_outline( handler, assessment) assessment_outline['component_type'] = 'pre-assessment' assessment_outline['not_reorderable'] = True unit_data['pre_assessment'] = assessment_outline # Here, just check whether user is course admin to see if lesson contents # are editable. Eventually, can add specific sub-permissions to lessons, # if we like. lessons_editable = (handler.app_context.is_editable_fs() and roles.Roles.is_course_admin(handler.app_context)) lessons = [] for lesson in course.get_lessons(unit.unit_id): extras = [] for annotator in COURSE_OUTLINE_EXTRA_INFO_ANNOTATORS: extra_info = annotator(course, lesson) if extra_info: extras.append(extra_info) lessons.append({ 'title': lesson.title, 'component_type': 'lesson', 'view_url': 'unit?unit=%s&lesson=%s' % (unit.unit_id, lesson.lesson_id), 'id': lesson.lesson_id, 'href': handler.get_action_url('edit_lesson', key=lesson.lesson_id), 'can_view_props': lessons_editable, 'auto_index': lesson.auto_index, 'extras': extras }) unit_data['lessons'] = lessons if unit.post_assessment: assessment = course.find_unit_by_id(unit.post_assessment) if assessment: assessment_outline = _render_assessment_outline( handler, assessment) assessment_outline['component_type'] = 'post-assessment' assessment_outline['not_reorderable'] = True unit_data['post_assessment'] = assessment_outline return unit_data