From 79c554ba5b82d0ba18d4777d7235f634783da483 Mon Sep 17 00:00:00 2001 From: David Baumgold Date: Wed, 24 Jul 2013 09:52:59 -0400 Subject: [PATCH] course admin team: handle is_staff users A user with `is_staff=True` is treated as being in all groups. This is problematic when we care about the user's staff/instructor role for a course: you can't remove the instructor role. This commit changes the `is_user_in_course_group_role` function to allow the caller to specify that it should not check the `is_staff` attribute on the user. --- cms/djangoapps/auth/authz.py | 6 ++++-- cms/templates/manage_users.html | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/cms/djangoapps/auth/authz.py b/cms/djangoapps/auth/authz.py index 0f2e60dd6e..4923851445 100644 --- a/cms/djangoapps/auth/authz.py +++ b/cms/djangoapps/auth/authz.py @@ -178,10 +178,12 @@ def _remove_user_from_group(user, group_name): user.save() -def is_user_in_course_group_role(user, location, role): +def is_user_in_course_group_role(user, location, role, check_staff=True): if user.is_active and user.is_authenticated: # all "is_staff" flagged accounts belong to all groups - return user.is_staff or user.groups.filter(name=get_course_groupname_for_role(location, role)).count() > 0 + if check_staff and user.is_staff: + return True + return user.groups.filter(name=get_course_groupname_for_role(location, role)).count() > 0 return False diff --git a/cms/templates/manage_users.html b/cms/templates/manage_users.html index 1fa6a4d64a..8baa9854c9 100644 --- a/cms/templates/manage_users.html +++ b/cms/templates/manage_users.html @@ -59,7 +59,7 @@ % if allow_actions:
% if request.user.id != user.id: - % if is_user_in_course_group_role(user, context_course.location, 'instructor'): + % if is_user_in_course_group_role(user, context_course.location, 'instructor', check_staff=False): <% admin_class = "remove-admin" %> <% admin_text = "Remove Admin" %> % else: