def can_view_course_outline(app_context):
    return (roles.Roles.is_user_allowed(
        app_context, custom_module,
        constants.COURSE_OUTLINE_REORDER_PERMISSION)
            or permissions.can_edit(app_context, constants.SCOPE_UNIT)
            or permissions.can_edit(app_context, constants.SCOPE_ASSESSMENT)
            or permissions.can_edit(app_context, constants.SCOPE_LINK))
示例#2
0
def can_view_course_outline(app_context):
    return (
        roles.Roles.is_user_allowed(
            app_context, custom_module,
            constants.COURSE_OUTLINE_REORDER_PERMISSION) or
        permissions.can_edit(app_context, constants.SCOPE_UNIT) or
        permissions.can_edit(app_context, constants.SCOPE_ASSESSMENT) or
        permissions.can_edit(app_context, constants.SCOPE_LINK)
        )
示例#3
0
def _render_unit_outline(handler, course, unit):
    course_writable = handler.app_context.is_editable_fs()
    can_view_props = course_writable and permissions.can_edit(
        handler.app_context, constants.SCOPE_UNIT)

    unit_data = {
        'title': unit.title,
        'component_type': 'unit',
        'view_url': 'unit?unit=%s' % unit.unit_id,
        'id': unit.unit_id,
        'can_view_props': can_view_props,
        'href': handler.canonicalize_url(
            '/dashboard?%s') % urllib.urlencode({
                'action': 'edit_unit',
                'key': unit.unit_id}),
    }

    if unit.pre_assessment:
        assessment = course.find_unit_by_id(unit.pre_assessment)
        if assessment:
            assessment_outline = _render_assessment_outline(handler, assessment)
            assessment_outline['component_type'] = 'pre-assessment'
            assessment_outline['not_reorderable'] = True
            unit_data['pre_assessment'] = assessment_outline

    # Here, just check whether user is course admin to see if lesson contents
    # are editable.  Eventually, can add specific sub-permissions to lessons,
    # if we like.
    lessons_editable = (handler.app_context.is_editable_fs() and
                        roles.Roles.is_course_admin(handler.app_context))
    lessons = []
    for lesson in course.get_lessons(unit.unit_id):
        extras = []
        for annotator in COURSE_OUTLINE_EXTRA_INFO_ANNOTATORS:
            extra_info = annotator(course, lesson)
            if extra_info:
                extras.append(extra_info)

        lessons.append({
            'title': lesson.title,
            'component_type': 'lesson',
            'view_url': 'unit?unit=%s&lesson=%s' % (
                unit.unit_id, lesson.lesson_id),
            'id': lesson.lesson_id,
            'href': handler.get_action_url('edit_lesson', key=lesson.lesson_id),
            'can_view_props': lessons_editable,
            'auto_index': lesson.auto_index,
            'extras': extras})

    unit_data['lessons'] = lessons

    if unit.post_assessment:
        assessment = course.find_unit_by_id(unit.post_assessment)
        if assessment:
            assessment_outline = _render_assessment_outline(handler, assessment)
            assessment_outline['component_type'] = 'post-assessment'
            assessment_outline['not_reorderable'] = True
            unit_data['post_assessment'] = assessment_outline

    return unit_data
示例#4
0
    def put(self):
        """Handles REST PUT verb with JSON payload."""
        assert self.app_context.is_editable_fs()

        request_param = self.request.get('request')
        if not request_param:
            transforms.send_json_response(
                self, 400, 'Missing "request" parameter.')
            return
        try:
            request = transforms.loads(request_param)
        except ValueError:
            transforms.send_json_response(
                self, 400, 'Malformed "request" parameter.')
            return
        key = request.get('key')
        if not key:
            transforms.send_json_response(
                self, 400, 'Request missing "key" parameter.')
            return
        payload_param = request.get('payload')
        if not payload_param:
            transforms.send_json_response(
                self, 400, 'Request missing "payload" parameter.')
            return
        try:
            payload = transforms.loads(payload_param)
        except ValueError:
            transforms.send_json_response(
                self, 400, 'Malformed "payload" parameter.')
            return
        if not self.assert_xsrf_token_or_fail(
                request, self.XSRF_ACTION, {'key': key}):
            return
        if not permissions.can_edit(self.app_context,
                                    constants.SCOPE_COURSE_SETTINGS):
            transforms.send_json_response(
                self, 401, 'Access denied.', {'key': key})
            return

        request_data = self.process_put(request, payload)

        schema = self.get_course().create_settings_schema()
        permissions.SchemaPermissionRegistry.redact_schema_to_permitted_fields(
            self.app_context, constants.SCOPE_COURSE_SETTINGS, schema)
        schema.redact_entity_to_schema(payload)

        if request_data:
            course_settings = courses.deep_dict_merge(
                request_data, self.get_course_dict())
            self.postprocess_put(course_settings, request)

            if not self.get_course().save_settings(course_settings):
                transforms.send_json_response(self, 412, 'Validation error.')
            transforms.send_json_response(self, 200, 'Saved.')
 def test_admin_has_permissions_with_no_configuration_needed(self):
     actions.login(self.ADMIN_EMAIL, is_admin=True)
     self.assertTrue(permissions.can_view(
         self.app_context, constants.SCOPE_COURSE_SETTINGS))
     self.assertTrue(permissions.can_edit(
         self.app_context, constants.SCOPE_COURSE_SETTINGS))
     self.assertTrue(permissions.can_view_property(
         self.app_context, constants.SCOPE_COURSE_SETTINGS,
         'absolutely/anything'))
     self.assertTrue(permissions.can_edit_property(
         self.app_context, constants.SCOPE_COURSE_SETTINGS,
         'absolutely/anything'))
示例#6
0
def _render_link_outline(handler, unit):
    course_writable = handler.app_context.is_editable_fs()
    can_view_props = course_writable and permissions.can_edit(
        handler.app_context, constants.SCOPE_LINK)

    return {
        'title': unit.title,
        'view_url': unit.href or '',
        'id': unit.unit_id,
        'component_type': 'link',
        'can_view_props': can_view_props,
        'href': handler.canonicalize_url(
            '/dashboard?%s') % urllib.urlencode({
                'action': 'edit_link',
                'key': unit.unit_id}),
    }
示例#7
0
def _render_assessment_outline(handler, unit):
    course_writable = handler.app_context.is_editable_fs()
    can_view_props = course_writable and permissions.can_edit(
        handler.app_context, constants.SCOPE_ASSESSMENT)

    return {
        'title': unit.title,
        'id': unit.unit_id,
        'component_type': 'assessment',
        'view_url': 'assessment?name=%s' % unit.unit_id,
        'href': handler.canonicalize_url(
            '/dashboard?%s') % urllib.urlencode({
                'action': 'edit_assessment',
                'key': unit.unit_id}),
        'can_view_props': can_view_props,
    }
 def test_non_admin_has_no_permissions_with_no_configuration_needed(self):
     actions.login(self.IN_ROLE_EMAIL)
     self.assertFalse(
         permissions.can_view(self.app_context,
                              constants.SCOPE_COURSE_SETTINGS))
     self.assertFalse(
         permissions.can_edit(self.app_context,
                              constants.SCOPE_COURSE_SETTINGS))
     self.assertFalse(
         permissions.can_view_property(self.app_context,
                                       constants.SCOPE_COURSE_SETTINGS,
                                       'absolutely/anything'))
     self.assertFalse(
         permissions.can_edit_property(self.app_context,
                                       constants.SCOPE_COURSE_SETTINGS,
                                       'absolutely/anything'))
示例#9
0
def _render_custom_unit_outline(handler, course, unit):
    course_writable = handler.app_context.is_editable_fs()
    can_view_props = course_writable and permissions.can_edit(
        handler.app_context, constants.SCOPE_UNIT)

    return {
        'title': unit.title,
        'component_type': 'custom-unit',
        'view_url': unit.custom_unit_url,
        'id': unit.unit_id,
        'can_view_props': can_view_props,
        'href': handler.canonicalize_url(
            '/dashboard?%s') % urllib.urlencode({
                'action': 'edit_custom_unit',
                'key': unit.unit_id,
                'unit_type': unit.custom_unit_type})
    }
    def delete(self):
        """Handles REST DELETE verb with JSON payload."""

        key = self.request.get('key')

        if not self.assert_xsrf_token_or_fail(self.request, self.XSRF_ACTION,
                                              {'key': key}):
            return

        if (not permissions.can_edit(self.app_context,
                                     constants.SCOPE_COURSE_SETTINGS)
                or not self.is_deletion_allowed()):

            transforms.send_json_response(self, 401, 'Access denied.',
                                          {'key': key})
            return

        entity = self.process_delete()
        if self.get_course().save_settings(entity):
            transforms.send_json_response(self, 200, 'Deleted.')
示例#11
0
    def delete(self):
        """Handles REST DELETE verb with JSON payload."""

        key = self.request.get('key')

        if not self.assert_xsrf_token_or_fail(
                self.request, self.XSRF_ACTION, {'key': key}):
            return

        if (not permissions.can_edit(self.app_context,
                                     constants.SCOPE_COURSE_SETTINGS)
            or not self.is_deletion_allowed()):

            transforms.send_json_response(
                self, 401, 'Access denied.', {'key': key})
            return

        entity = self.process_delete()
        if self.get_course().save_settings(entity):
            transforms.send_json_response(self, 200, 'Deleted.')
def _render_link_outline(handler, unit):
    course_writable = handler.app_context.is_editable_fs()
    can_view_props = course_writable and permissions.can_edit(
        handler.app_context, constants.SCOPE_LINK)

    return {
        'title':
        unit.title,
        'view_url':
        unit.href or '',
        'id':
        unit.unit_id,
        'component_type':
        'link',
        'can_view_props':
        can_view_props,
        'href':
        handler.canonicalize_url('/dashboard?%s') %
        urllib.urlencode({
            'action': 'edit_link',
            'key': unit.unit_id
        }),
    }
def _render_assessment_outline(handler, unit):
    course_writable = handler.app_context.is_editable_fs()
    can_view_props = course_writable and permissions.can_edit(
        handler.app_context, constants.SCOPE_ASSESSMENT)

    return {
        'title':
        unit.title,
        'id':
        unit.unit_id,
        'component_type':
        'assessment',
        'view_url':
        'assessment?name=%s' % unit.unit_id,
        'href':
        handler.canonicalize_url('/dashboard?%s') %
        urllib.urlencode({
            'action': 'edit_assessment',
            'key': unit.unit_id
        }),
        'can_view_props':
        can_view_props,
    }
def _render_custom_unit_outline(handler, course, unit):
    course_writable = handler.app_context.is_editable_fs()
    can_view_props = course_writable and permissions.can_edit(
        handler.app_context, constants.SCOPE_UNIT)

    return {
        'title':
        unit.title,
        'component_type':
        'custom-unit',
        'view_url':
        unit.custom_unit_url,
        'id':
        unit.unit_id,
        'can_view_props':
        can_view_props,
        'href':
        handler.canonicalize_url('/dashboard?%s') %
        urllib.urlencode({
            'action': 'edit_custom_unit',
            'key': unit.unit_id,
            'unit_type': unit.custom_unit_type
        })
    }
 def can_edit(cls, app_context):
     return permissions.can_edit(app_context, constants.SCOPE_ASSESSMENT)
def _render_unit_outline(handler, course, unit):
    course_writable = handler.app_context.is_editable_fs()
    can_view_props = course_writable and permissions.can_edit(
        handler.app_context, constants.SCOPE_UNIT)

    unit_data = {
        'title':
        unit.title,
        'component_type':
        'unit',
        'view_url':
        'unit?unit=%s' % unit.unit_id,
        'id':
        unit.unit_id,
        'can_view_props':
        can_view_props,
        'href':
        handler.canonicalize_url('/dashboard?%s') %
        urllib.urlencode({
            'action': 'edit_unit',
            'key': unit.unit_id
        }),
    }

    if unit.pre_assessment:
        assessment = course.find_unit_by_id(unit.pre_assessment)
        if assessment:
            assessment_outline = _render_assessment_outline(
                handler, assessment)
            assessment_outline['component_type'] = 'pre-assessment'
            assessment_outline['not_reorderable'] = True
            unit_data['pre_assessment'] = assessment_outline

    # Here, just check whether user is course admin to see if lesson contents
    # are editable.  Eventually, can add specific sub-permissions to lessons,
    # if we like.
    lessons_editable = (handler.app_context.is_editable_fs()
                        and roles.Roles.is_course_admin(handler.app_context))
    lessons = []
    for lesson in course.get_lessons(unit.unit_id):
        extras = []
        for annotator in COURSE_OUTLINE_EXTRA_INFO_ANNOTATORS:
            extra_info = annotator(course, lesson)
            if extra_info:
                extras.append(extra_info)

        lessons.append({
            'title':
            lesson.title,
            'component_type':
            'lesson',
            'view_url':
            'unit?unit=%s&lesson=%s' % (unit.unit_id, lesson.lesson_id),
            'id':
            lesson.lesson_id,
            'href':
            handler.get_action_url('edit_lesson', key=lesson.lesson_id),
            'can_view_props':
            lessons_editable,
            'auto_index':
            lesson.auto_index,
            'extras':
            extras
        })

    unit_data['lessons'] = lessons

    if unit.post_assessment:
        assessment = course.find_unit_by_id(unit.post_assessment)
        if assessment:
            assessment_outline = _render_assessment_outline(
                handler, assessment)
            assessment_outline['component_type'] = 'post-assessment'
            assessment_outline['not_reorderable'] = True
            unit_data['post_assessment'] = assessment_outline

    return unit_data
 def can_edit(cls, app_context):
     return permissions.can_edit(app_context, constants.SCOPE_ASSESSMENT)