Switch change_due_date over to using a StaffAccessRule with query checking

2019-08-02 14:53:45 -04:00
parent c3d86c9b3c
commit 1aed6c882b
2 changed files with 4 additions and 1 deletions
--- a/lms/djangoapps/instructor/permissions.py
+++ b/lms/djangoapps/instructor/permissions.py
@@ -10,6 +10,7 @@ ASSIGN_TO_COHORTS = 'instructor.assign_to_cohorts'
 EDIT_COURSE_ACCESS = 'instructor.edit_course_access'
 EDIT_FORUM_ROLES = 'instructor.edit_forum_roles'
 EDIT_INVOICE_VALIDATION = 'instructor.edit_invoice_validation'
+GIVE_STUDENT_EXTENSION = 'instructor.give_student_extension'
 VIEW_ISSUED_CERTIFICATES = 'instructor.view_issued_certificates'


@@ -18,4 +19,5 @@ perms[ASSIGN_TO_COHORTS] = HasAccessRule('staff')
 perms[EDIT_COURSE_ACCESS] = HasAccessRule('instructor')
 perms[EDIT_FORUM_ROLES] = HasAccessRule('staff')
 perms[EDIT_INVOICE_VALIDATION] = HasAccessRule('staff')
+perms[GIVE_STUDENT_EXTENSION] = HasAccessRule('staff')
 perms[VIEW_ISSUED_CERTIFICATES] = HasAccessRule('staff')
--- a/lms/djangoapps/instructor/views/api.py
+++ b/lms/djangoapps/instructor/views/api.py
@@ -154,6 +154,7 @@ from ..permissions import (
    EDIT_COURSE_ACCESS,
    EDIT_FORUM_ROLES,
    EDIT_INVOICE_VALIDATION,
+    GIVE_STUDENT_EXTENSION,
    VIEW_ISSUED_CERTIFICATES,
 )

@@ -2883,7 +2884,7 @@ def _display_unit(unit):
@require_POST
@ensure_csrf_cookie
@cache_control(no_cache=True, no_store=True, must_revalidate=True)
-@require_level('staff')
+@require_course_permission(GIVE_STUDENT_EXTENSION)
@require_post_params('student', 'url', 'due_datetime')
 def change_due_date(request, course_id):
    """