From 7b365bcaa01b203cd25f6c74539587d48b4dd510 Mon Sep 17 00:00:00 2001 From: Nimisha Asthagiri Date: Thu, 6 Oct 2016 22:28:23 -0400 Subject: [PATCH] Move view_course_access functionality to sole caller lms/mobile_api. --- lms/djangoapps/mobile_api/utils.py | 37 +++++++++++++++++++++++++++-- openedx/core/lib/api/view_utils.py | 38 +----------------------------- 2 files changed, 36 insertions(+), 39 deletions(-) diff --git a/lms/djangoapps/mobile_api/utils.py b/lms/djangoapps/mobile_api/utils.py index ac89cb9f2d..a5b9ba4b8d 100644 --- a/lms/djangoapps/mobile_api/utils.py +++ b/lms/djangoapps/mobile_api/utils.py @@ -1,14 +1,47 @@ """ Common utility methods and decorators for Mobile APIs. """ -from openedx.core.lib.api.view_utils import view_course_access, view_auth_classes +import functools +from rest_framework import status +from rest_framework.response import Response + +from lms.djangoapps.courseware.courses import get_course_with_access +from lms.djangoapps.courseware.courseware_access_exception import CoursewareAccessException +from opaque_keys.edx.keys import CourseKey +from openedx.core.lib.api.view_utils import view_auth_classes +from xmodule.modulestore.django import modulestore def mobile_course_access(depth=0): """ Method decorator for a mobile API endpoint that verifies the user has access to the course in a mobile context. """ - return view_course_access(depth=depth, access_action='load_mobile', check_for_milestones=True) + def _decorator(func): + """Outer method decorator.""" + + @functools.wraps(func) + def _wrapper(self, request, *args, **kwargs): + """ + Expects kwargs to contain 'course_id'. + Passes the course descriptor to the given decorated function. + Raises 404 if access to course is disallowed. + """ + course_id = CourseKey.from_string(kwargs.pop('course_id')) + with modulestore().bulk_operations(course_id): + try: + course = get_course_with_access( + request.user, + 'load_mobile', + course_id, + depth=depth, + check_if_enrolled=True, + ) + except CoursewareAccessException as error: + return Response(data=error.to_json(), status=status.HTTP_404_NOT_FOUND) + return func(self, request, course=course, *args, **kwargs) + + return _wrapper + return _decorator def mobile_view(is_user=False): diff --git a/openedx/core/lib/api/view_utils.py b/openedx/core/lib/api/view_utils.py index 40058c1ea3..4eeffab4ae 100644 --- a/openedx/core/lib/api/view_utils.py +++ b/openedx/core/lib/api/view_utils.py @@ -1,12 +1,11 @@ """ Utilities related to API views """ -import functools from django.core.exceptions import NON_FIELD_ERRORS, ValidationError, ObjectDoesNotExist from django.http import Http404 from django.utils.translation import ugettext as _ -from rest_framework import status, response +from rest_framework import status from rest_framework.exceptions import APIException from rest_framework.permissions import IsAuthenticated from rest_framework.request import clone_request @@ -14,11 +13,6 @@ from rest_framework.response import Response from rest_framework.mixins import RetrieveModelMixin, UpdateModelMixin from rest_framework.generics import GenericAPIView -from lms.djangoapps.courseware.courses import get_course_with_access -from lms.djangoapps.courseware.courseware_access_exception import CoursewareAccessException -from opaque_keys.edx.keys import CourseKey -from xmodule.modulestore.django import modulestore - from openedx.core.lib.api.authentication import ( SessionAuthenticationAllowInactiveUser, OAuth2AuthenticationAllowInactiveUser, @@ -89,36 +83,6 @@ class ExpandableFieldViewMixin(object): return result -def view_course_access(depth=0, access_action='load', check_for_milestones=False): - """ - Method decorator for an API endpoint that verifies the user has access to the course. - """ - def _decorator(func): - """Outer method decorator.""" - @functools.wraps(func) - def _wrapper(self, request, *args, **kwargs): - """ - Expects kwargs to contain 'course_id'. - Passes the course descriptor to the given decorated function. - Raises 404 if access to course is disallowed. - """ - course_id = CourseKey.from_string(kwargs.pop('course_id')) - with modulestore().bulk_operations(course_id): - try: - course = get_course_with_access( - request.user, - access_action, - course_id, - depth=depth, - check_if_enrolled=True, - ) - except CoursewareAccessException as error: - return response.Response(data=error.to_json(), status=status.HTTP_404_NOT_FOUND) - return func(self, request, course=course, *args, **kwargs) - return _wrapper - return _decorator - - def view_auth_classes(is_user=False, is_authenticated=True): """ Function and class decorator that abstracts the authentication and permission checks for api views.