From 7c0d9ff15677a9bf3caaffb40c81d7721171fb3f Mon Sep 17 00:00:00 2001
From: John Jarvis <jarv@edx.org>
Date: Wed, 27 Feb 2013 14:55:17 -0500
Subject: [PATCH 1/3] Creating group for organization staff access

---
 lms/djangoapps/courseware/access.py | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/lms/djangoapps/courseware/access.py b/lms/djangoapps/courseware/access.py
index b41d231011..a9fd799793 100644
--- a/lms/djangoapps/courseware/access.py
+++ b/lms/djangoapps/courseware/access.py
@@ -341,6 +341,26 @@ def _dispatch(table, action, user, obj):
 def _does_course_group_name_exist(name):
     return len(Group.objects.filter(name=name)) > 0
 
+def _course_org_staff_group_name(location, course_context=None):
+    """
+    Get the name of the staff group for an organization which corresponds
+    to the organization in the course id.
+
+    location: something that can passed to Location
+    course_context: A course_id that specifies the course run in which
+                    the location occurs.
+                    Required if location doesn't have category 'course'
+
+    """
+    loc = Location(location)
+    if loc.category == 'course':
+        course_id = loc.course_id
+    else:
+        if course_context is None:
+            raise CourseContextRequired()
+        course_id = course_context
+    return 'staff_%s' % course_id.split('/')[0]
+
 
 def _course_staff_group_name(location, course_context=None):
     """
@@ -499,7 +519,9 @@ def _has_access_to_location(user, location, access_level, course_context):
 
     if access_level == 'staff':
         staff_group = _course_staff_group_name(location, course_context)
-        if staff_group in user_groups:
+        # org_staff_group is a group for an entire organization
+        org_staff_group = _course_org_staff_group_name(location, course_context)
+        if staff_group in user_groups or org_staff_group in user_groups:
             debug("Allow: user in group %s", staff_group)
             return True
         debug("Deny: user not in group %s", staff_group)

From ce2f1400e68c841d62c743fdb98aa876923e95e7 Mon Sep 17 00:00:00 2001
From: John Jarvis <jarv@edx.org>
Date: Wed, 27 Feb 2013 15:05:02 -0500
Subject: [PATCH 2/3] formatting

---
 lms/djangoapps/courseware/access.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lms/djangoapps/courseware/access.py b/lms/djangoapps/courseware/access.py
index a9fd799793..1a4d50628e 100644
--- a/lms/djangoapps/courseware/access.py
+++ b/lms/djangoapps/courseware/access.py
@@ -341,6 +341,7 @@ def _dispatch(table, action, user, obj):
 def _does_course_group_name_exist(name):
     return len(Group.objects.filter(name=name)) > 0
 
+
 def _course_org_staff_group_name(location, course_context=None):
     """
     Get the name of the staff group for an organization which corresponds

From 48242d3a06a36769e4cd9a866ac94dc59fec3688 Mon Sep 17 00:00:00 2001
From: John Jarvis <jarv@edx.org>
Date: Wed, 27 Feb 2013 15:30:07 -0500
Subject: [PATCH 3/3] Adding instructor_<org>

---
 lms/djangoapps/courseware/access.py | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/lms/djangoapps/courseware/access.py b/lms/djangoapps/courseware/access.py
index 1a4d50628e..36ad388b43 100644
--- a/lms/djangoapps/courseware/access.py
+++ b/lms/djangoapps/courseware/access.py
@@ -403,6 +403,27 @@ def course_beta_test_group_name(location):
 course_beta_test_group_name.__test__ = False
 
 
+def _course_org_instructor_group_name(location, course_context=None):
+    """
+    Get the name of the instructor group for an organization which corresponds
+    to the organization in the course id.
+
+    location: something that can passed to Location
+    course_context: A course_id that specifies the course run in which
+                    the location occurs.
+                    Required if location doesn't have category 'course'
+
+    """
+    loc = Location(location)
+    if loc.category == 'course':
+        course_id = loc.course_id
+    else:
+        if course_context is None:
+            raise CourseContextRequired()
+        course_id = course_context
+    return 'instructor_%s' % course_id.split('/')[0]
+
+
 def _course_instructor_group_name(location, course_context=None):
     """
     Get the name of the instructor group for a location, in the context of a course run.
@@ -529,7 +550,9 @@ def _has_access_to_location(user, location, access_level, course_context):
 
     if access_level == 'instructor' or access_level == 'staff': 	# instructors get staff privileges
         instructor_group = _course_instructor_group_name(location, course_context)
-        if instructor_group in user_groups:
+        instructor_staff_group = _course_org_instructor_group_name(
+            location, course_context)
+        if instructor_group in user_groups or instructor_staff_group in user_groups:
             debug("Allow: user in group %s", instructor_group)
             return True
         debug("Deny: user not in group %s", instructor_group)