From 7d55483fbeafe55c9d4ded9cbce12dc8ea44950f Mon Sep 17 00:00:00 2001 From: Calen Pennington Date: Wed, 31 Jul 2019 14:49:21 -0400 Subject: [PATCH] Convert modify_access to require_course_permission --- lms/djangoapps/instructor/permissions.py | 2 ++ lms/djangoapps/instructor/views/api.py | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lms/djangoapps/instructor/permissions.py b/lms/djangoapps/instructor/permissions.py index a3c9e779d5..11d1cb7554 100644 --- a/lms/djangoapps/instructor/permissions.py +++ b/lms/djangoapps/instructor/permissions.py @@ -7,9 +7,11 @@ from courseware.rules import HasAccessRule ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM = 'instructor.allow_student_to_bypass_entrance_exam' ASSIGN_TO_COHORTS = 'instructor.assign_to_cohorts' +EDIT_COURSE_ACCESS = 'instructor.edit_course_access' VIEW_ISSUED_CERTIFICATES = 'instructor.view_issued_certificates' perms[ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM] = HasAccessRule('staff') perms[ASSIGN_TO_COHORTS] = HasAccessRule('staff') +perms[EDIT_COURSE_ACCESS] = HasAccessRule('instructor') perms[VIEW_ISSUED_CERTIFICATES] = HasAccessRule('staff') diff --git a/lms/djangoapps/instructor/views/api.py b/lms/djangoapps/instructor/views/api.py index b23c54f7e7..c54f369536 100644 --- a/lms/djangoapps/instructor/views/api.py +++ b/lms/djangoapps/instructor/views/api.py @@ -151,6 +151,7 @@ from .tools import ( from ..permissions import ( ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM, ASSIGN_TO_COHORTS, + EDIT_COURSE_ACCESS, VIEW_ISSUED_CERTIFICATES, ) @@ -906,7 +907,7 @@ def bulk_beta_modify_access(request, course_id): @require_POST @ensure_csrf_cookie @cache_control(no_cache=True, no_store=True, must_revalidate=True) -@require_level('instructor') +@require_course_permission(EDIT_COURSE_ACCESS) @require_post_params( unique_student_identifier="email or username of user to change access", rolename="'instructor', 'staff', 'beta', or 'ccx_coach'",