Switch generate_bulk_certificate_exceptions over to using a StaffAccessRule with query checking

lms/djangoapps/instructor/permissions.py

@@ -12,6 +12,7 @@ EDIT_COURSE_ACCESS = 'instructor.edit_course_access'
 EDIT_FORUM_ROLES = 'instructor.edit_forum_roles'
 EDIT_INVOICE_VALIDATION = 'instructor.edit_invoice_validation'
 ENABLE_CERTIFICATE_GENERATION = 'instructor.enable_certificate_generation'
+GENERATE_BULK_CERTIFICATE_EXCEPTIONS = 'instructor.generate_bulk_certificate_exceptions'
 GIVE_STUDENT_EXTENSION = 'instructor.give_student_extension'
 VIEW_ISSUED_CERTIFICATES = 'instructor.view_issued_certificates'
 
@@ -22,5 +23,6 @@ perms[EDIT_COURSE_ACCESS] = HasAccessRule('instructor')
 perms[EDIT_FORUM_ROLES] = HasAccessRule('staff')
 perms[EDIT_INVOICE_VALIDATION] = HasAccessRule('staff')
 perms[ENABLE_CERTIFICATE_GENERATION] = is_staff
+perms[GENERATE_BULK_CERTIFICATE_EXCEPTIONS] = is_staff
 perms[GIVE_STUDENT_EXTENSION] = HasAccessRule('staff')
 perms[VIEW_ISSUED_CERTIFICATES] = HasAccessRule('staff')

lms/djangoapps/instructor/views/api.py

@@ -155,6 +155,7 @@ from ..permissions import (
     EDIT_FORUM_ROLES,
     EDIT_INVOICE_VALIDATION,
     ENABLE_CERTIFICATE_GENERATION,
+    GENERATE_BULK_CERTIFICATE_EXCEPTIONS,
     GIVE_STUDENT_EXTENSION,
     VIEW_ISSUED_CERTIFICATES,
 )
@@ -3346,7 +3347,7 @@ def generate_certificate_exceptions(request, course_id, generate_for=None):
 
 
 @cache_control(no_cache=True, no_store=True, must_revalidate=True)
-@require_global_staff
+@require_course_permission(GENERATE_BULK_CERTIFICATE_EXCEPTIONS)
 @require_POST
 def generate_bulk_certificate_exceptions(request, course_id):
     """