From 1aed6c882bcdfe9fb1025e828f5d2df69281b181 Mon Sep 17 00:00:00 2001 From: Calen Pennington Date: Fri, 2 Aug 2019 14:53:45 -0400 Subject: [PATCH] Switch change_due_date over to using a StaffAccessRule with query checking --- lms/djangoapps/instructor/permissions.py | 2 ++ lms/djangoapps/instructor/views/api.py | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lms/djangoapps/instructor/permissions.py b/lms/djangoapps/instructor/permissions.py index cb6e979b97..897a4d7b84 100644 --- a/lms/djangoapps/instructor/permissions.py +++ b/lms/djangoapps/instructor/permissions.py @@ -10,6 +10,7 @@ ASSIGN_TO_COHORTS = 'instructor.assign_to_cohorts' EDIT_COURSE_ACCESS = 'instructor.edit_course_access' EDIT_FORUM_ROLES = 'instructor.edit_forum_roles' EDIT_INVOICE_VALIDATION = 'instructor.edit_invoice_validation' +GIVE_STUDENT_EXTENSION = 'instructor.give_student_extension' VIEW_ISSUED_CERTIFICATES = 'instructor.view_issued_certificates' @@ -18,4 +19,5 @@ perms[ASSIGN_TO_COHORTS] = HasAccessRule('staff') perms[EDIT_COURSE_ACCESS] = HasAccessRule('instructor') perms[EDIT_FORUM_ROLES] = HasAccessRule('staff') perms[EDIT_INVOICE_VALIDATION] = HasAccessRule('staff') +perms[GIVE_STUDENT_EXTENSION] = HasAccessRule('staff') perms[VIEW_ISSUED_CERTIFICATES] = HasAccessRule('staff') diff --git a/lms/djangoapps/instructor/views/api.py b/lms/djangoapps/instructor/views/api.py index d543e3eaa0..b8c4c0bc35 100644 --- a/lms/djangoapps/instructor/views/api.py +++ b/lms/djangoapps/instructor/views/api.py @@ -154,6 +154,7 @@ from ..permissions import ( EDIT_COURSE_ACCESS, EDIT_FORUM_ROLES, EDIT_INVOICE_VALIDATION, + GIVE_STUDENT_EXTENSION, VIEW_ISSUED_CERTIFICATES, ) @@ -2883,7 +2884,7 @@ def _display_unit(unit): @require_POST @ensure_csrf_cookie @cache_control(no_cache=True, no_store=True, must_revalidate=True) -@require_level('staff') +@require_course_permission(GIVE_STUDENT_EXTENSION) @require_post_params('student', 'url', 'due_datetime') def change_due_date(request, course_id): """