From 11677d052cba4885463e0b99eab6af08d0403f83 Mon Sep 17 00:00:00 2001 From: Calen Pennington Date: Fri, 2 Aug 2019 14:47:42 -0400 Subject: [PATCH] Switch update_forum_role_membership over to using a StaffAccessRule with query checking --- lms/djangoapps/instructor/permissions.py | 2 ++ lms/djangoapps/instructor/views/api.py | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lms/djangoapps/instructor/permissions.py b/lms/djangoapps/instructor/permissions.py index 11d1cb7554..3e96ca403e 100644 --- a/lms/djangoapps/instructor/permissions.py +++ b/lms/djangoapps/instructor/permissions.py @@ -8,10 +8,12 @@ from courseware.rules import HasAccessRule ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM = 'instructor.allow_student_to_bypass_entrance_exam' ASSIGN_TO_COHORTS = 'instructor.assign_to_cohorts' EDIT_COURSE_ACCESS = 'instructor.edit_course_access' +EDIT_FORUM_ROLES = 'instructor.edit_forum_roles' VIEW_ISSUED_CERTIFICATES = 'instructor.view_issued_certificates' perms[ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM] = HasAccessRule('staff') perms[ASSIGN_TO_COHORTS] = HasAccessRule('staff') perms[EDIT_COURSE_ACCESS] = HasAccessRule('instructor') +perms[EDIT_FORUM_ROLES] = HasAccessRule('staff') perms[VIEW_ISSUED_CERTIFICATES] = HasAccessRule('staff') diff --git a/lms/djangoapps/instructor/views/api.py b/lms/djangoapps/instructor/views/api.py index c54f369536..f9802304d1 100644 --- a/lms/djangoapps/instructor/views/api.py +++ b/lms/djangoapps/instructor/views/api.py @@ -152,6 +152,7 @@ from ..permissions import ( ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM, ASSIGN_TO_COHORTS, EDIT_COURSE_ACCESS, + EDIT_FORUM_ROLES, VIEW_ISSUED_CERTIFICATES, ) @@ -2788,7 +2789,7 @@ def send_email(request, course_id): @require_POST @ensure_csrf_cookie @cache_control(no_cache=True, no_store=True, must_revalidate=True) -@require_level('staff') +@require_course_permission(EDIT_FORUM_ROLES) @require_post_params( unique_student_identifier="email or username of user to change access", rolename="the forum role",