Merge pull request #285 from edx/christina/course-create-permissions

Script for granting existing instructors creator access.

cms/djangoapps/auth/authz.py

@@ -36,7 +36,7 @@ def get_course_groupname_for_role(location, role):
 
 def get_users_in_course_group_by_role(location, role):
     groupname = get_course_groupname_for_role(location, role)
-    (group, created) = Group.objects.get_or_create(name=groupname)
+    (group, _created) = Group.objects.get_or_create(name=groupname)
     return group.user_set.all()
 
 
@@ -59,6 +59,7 @@ def create_new_course_group(creator, location, role):
 
     return
 
+
 def _delete_course_group(location):
     """
     This is to be called only by either a command line code path or through a app which has already
@@ -75,6 +76,7 @@ def _delete_course_group(location):
         user.groups.remove(staff)
         user.save()
 
+
 def _copy_course_group(source, dest):
     """
     This is to be called only by either a command line code path or through an app which has already
@@ -205,3 +207,17 @@ def is_user_in_creator_group(user):
         return user.groups.filter(name=COURSE_CREATOR_GROUP_NAME).count() > 0
 
     return True
+
+
+def _grant_instructors_creator_access(caller):
+    """
+    This is to be called only by either a command line code path or through an app which has already
+    asserted permissions to do this action.
+
+    Gives all users with instructor role course creator rights.
+    This is only intended to be run once on a given environment.
+    """
+    for group in Group.objects.all():
+        if group.name.startswith(INSTRUCTOR_ROLE_NAME + "_"):
+            for user in group.user_set.all():
+                add_user_to_creator_group(caller, user)

cms/djangoapps/auth/tests/test_authz.py

@@ -9,7 +9,7 @@ from django.core.exceptions import PermissionDenied
 
 from auth.authz import add_user_to_creator_group, remove_user_from_creator_group, is_user_in_creator_group,\
     create_all_course_groups, add_user_to_course_group, STAFF_ROLE_NAME, INSTRUCTOR_ROLE_NAME,\
-    is_user_in_course_group_role, remove_user_from_course_group
+    is_user_in_course_group_role, remove_user_from_course_group, _grant_instructors_creator_access
 
 
 class CreatorGroupTest(TestCase):
@@ -174,3 +174,42 @@ class CourseGroupTest(TestCase):
         create_all_course_groups(self.creator, self.location)
         with self.assertRaises(PermissionDenied):
             remove_user_from_course_group(self.staff, self.staff, self.location, STAFF_ROLE_NAME)
+
+
+class GrantInstructorsCreatorAccessTest(TestCase):
+    """
+    Tests granting existing instructors course creator rights.
+    """
+    def create_course(self, index):
+        """
+        Creates a course with one instructor and one staff member.
+        """
+        creator = User.objects.create_user('testcreator' + str(index), 'testcreator+courses@edx.org', 'foo')
+        staff = User.objects.create_user('teststaff' + str(index), 'teststaff+courses@edx.org', 'foo')
+        location = 'i4x', 'mitX', str(index), 'course', 'test'
+        create_all_course_groups(creator, location)
+        add_user_to_course_group(creator, staff, location, STAFF_ROLE_NAME)
+        return [creator, staff]
+
+    def test_grant_creator_access(self):
+        """
+        Test for _grant_instructors_creator_access.
+        """
+        [creator1, staff1] = self.create_course(1)
+        [creator2, staff2] = self.create_course(2)
+        with mock.patch.dict('django.conf.settings.MITX_FEATURES', {"ENABLE_CREATOR_GROUP": True}):
+            # Initially no creators.
+            self.assertFalse(is_user_in_creator_group(creator1))
+            self.assertFalse(is_user_in_creator_group(creator2))
+            self.assertFalse(is_user_in_creator_group(staff1))
+            self.assertFalse(is_user_in_creator_group(staff2))
+
+            admin = User.objects.create_user('populate_creators_command', 'grant+creator+access@edx.org', 'foo')
+            admin.is_staff = True
+            _grant_instructors_creator_access(admin)
+
+            # Now instructors only are creators.
+            self.assertTrue(is_user_in_creator_group(creator1))
+            self.assertTrue(is_user_in_creator_group(creator2))
+            self.assertFalse(is_user_in_creator_group(staff1))
+            self.assertFalse(is_user_in_creator_group(staff2))

cms/djangoapps/contentstore/management/commands/populate_creators.py

@@ -0,0 +1,35 @@
+"""
+Script for granting existing course instructors course creator privileges.
+
+This script is only intended to be run once on a given environment.
+"""
+from auth.authz import _grant_instructors_creator_access
+from django.core.management.base import BaseCommand
+
+from django.contrib.auth.models import User
+from django.db.utils import IntegrityError
+
+
+class Command(BaseCommand):
+    """
+    Script for granting existing course instructors course creator privileges.
+    """
+    help = 'Grants all users with INSTRUCTOR role permission to create courses'
+
+    def handle(self, *args, **options):
+        """
+        The logic of the command.
+        """
+        username = 'populate_creators_command'
+        email = 'grant+creator+access@edx.org'
+        try:
+            admin = User.objects.create_user(username, email, 'foo')
+            admin.is_staff = True
+            admin.save()
+        except IntegrityError:
+            # If the script did not complete the last time it was run,
+            # the admin user will already exist.
+            admin = User.objects.get(username=username, email=email)
+
+        _grant_instructors_creator_access(admin)
+        admin.delete()

cms/envs/common.py

@@ -54,7 +54,11 @@ MITX_FEATURES = {
     'ENABLE_SERVICE_STATUS': False,
 
     # Don't autoplay videos for course authors
-    'AUTOPLAY_VIDEOS': False
+    'AUTOPLAY_VIDEOS': False,
+
+    # If set to True, new Studio users won't be able to author courses unless
+    # edX has explicitly added them to the course creator group.
+    'ENABLE_CREATOR_GROUP': False
 }
 ENABLE_JASMINE = False