diff --git a/cms/djangoapps/auth/authz.py b/cms/djangoapps/auth/authz.py index a544906875..23dde88e94 100644 --- a/cms/djangoapps/auth/authz.py +++ b/cms/djangoapps/auth/authz.py @@ -36,7 +36,7 @@ def get_course_groupname_for_role(location, role): def get_users_in_course_group_by_role(location, role): groupname = get_course_groupname_for_role(location, role) - (group, created) = Group.objects.get_or_create(name=groupname) + (group, _created) = Group.objects.get_or_create(name=groupname) return group.user_set.all() @@ -59,6 +59,7 @@ def create_new_course_group(creator, location, role): return + def _delete_course_group(location): """ This is to be called only by either a command line code path or through a app which has already @@ -75,6 +76,7 @@ def _delete_course_group(location): user.groups.remove(staff) user.save() + def _copy_course_group(source, dest): """ This is to be called only by either a command line code path or through an app which has already @@ -205,3 +207,17 @@ def is_user_in_creator_group(user): return user.groups.filter(name=COURSE_CREATOR_GROUP_NAME).count() > 0 return True + + +def _grant_instructors_creator_access(caller): + """ + This is to be called only by either a command line code path or through an app which has already + asserted permissions to do this action. + + Gives all users with instructor role course creator rights. + This is only intended to be run once on a given environment. + """ + for group in Group.objects.all(): + if group.name.startswith(INSTRUCTOR_ROLE_NAME + "_"): + for user in group.user_set.all(): + add_user_to_creator_group(caller, user) diff --git a/cms/djangoapps/auth/tests/test_authz.py b/cms/djangoapps/auth/tests/test_authz.py index 173155df4c..658c176498 100644 --- a/cms/djangoapps/auth/tests/test_authz.py +++ b/cms/djangoapps/auth/tests/test_authz.py @@ -9,7 +9,7 @@ from django.core.exceptions import PermissionDenied from auth.authz import add_user_to_creator_group, remove_user_from_creator_group, is_user_in_creator_group,\ create_all_course_groups, add_user_to_course_group, STAFF_ROLE_NAME, INSTRUCTOR_ROLE_NAME,\ - is_user_in_course_group_role, remove_user_from_course_group + is_user_in_course_group_role, remove_user_from_course_group, _grant_instructors_creator_access class CreatorGroupTest(TestCase): @@ -174,3 +174,42 @@ class CourseGroupTest(TestCase): create_all_course_groups(self.creator, self.location) with self.assertRaises(PermissionDenied): remove_user_from_course_group(self.staff, self.staff, self.location, STAFF_ROLE_NAME) + + +class GrantInstructorsCreatorAccessTest(TestCase): + """ + Tests granting existing instructors course creator rights. + """ + def create_course(self, index): + """ + Creates a course with one instructor and one staff member. + """ + creator = User.objects.create_user('testcreator' + str(index), 'testcreator+courses@edx.org', 'foo') + staff = User.objects.create_user('teststaff' + str(index), 'teststaff+courses@edx.org', 'foo') + location = 'i4x', 'mitX', str(index), 'course', 'test' + create_all_course_groups(creator, location) + add_user_to_course_group(creator, staff, location, STAFF_ROLE_NAME) + return [creator, staff] + + def test_grant_creator_access(self): + """ + Test for _grant_instructors_creator_access. + """ + [creator1, staff1] = self.create_course(1) + [creator2, staff2] = self.create_course(2) + with mock.patch.dict('django.conf.settings.MITX_FEATURES', {"ENABLE_CREATOR_GROUP": True}): + # Initially no creators. + self.assertFalse(is_user_in_creator_group(creator1)) + self.assertFalse(is_user_in_creator_group(creator2)) + self.assertFalse(is_user_in_creator_group(staff1)) + self.assertFalse(is_user_in_creator_group(staff2)) + + admin = User.objects.create_user('populate_creators_command', 'grant+creator+access@edx.org', 'foo') + admin.is_staff = True + _grant_instructors_creator_access(admin) + + # Now instructors only are creators. + self.assertTrue(is_user_in_creator_group(creator1)) + self.assertTrue(is_user_in_creator_group(creator2)) + self.assertFalse(is_user_in_creator_group(staff1)) + self.assertFalse(is_user_in_creator_group(staff2)) diff --git a/cms/djangoapps/contentstore/management/commands/populate_creators.py b/cms/djangoapps/contentstore/management/commands/populate_creators.py new file mode 100644 index 0000000000..f627df88f5 --- /dev/null +++ b/cms/djangoapps/contentstore/management/commands/populate_creators.py @@ -0,0 +1,35 @@ +""" +Script for granting existing course instructors course creator privileges. + +This script is only intended to be run once on a given environment. +""" +from auth.authz import _grant_instructors_creator_access +from django.core.management.base import BaseCommand + +from django.contrib.auth.models import User +from django.db.utils import IntegrityError + + +class Command(BaseCommand): + """ + Script for granting existing course instructors course creator privileges. + """ + help = 'Grants all users with INSTRUCTOR role permission to create courses' + + def handle(self, *args, **options): + """ + The logic of the command. + """ + username = 'populate_creators_command' + email = 'grant+creator+access@edx.org' + try: + admin = User.objects.create_user(username, email, 'foo') + admin.is_staff = True + admin.save() + except IntegrityError: + # If the script did not complete the last time it was run, + # the admin user will already exist. + admin = User.objects.get(username=username, email=email) + + _grant_instructors_creator_access(admin) + admin.delete() diff --git a/cms/envs/common.py b/cms/envs/common.py index 7f4c106e6d..87c130a4b5 100644 --- a/cms/envs/common.py +++ b/cms/envs/common.py @@ -54,7 +54,11 @@ MITX_FEATURES = { 'ENABLE_SERVICE_STATUS': False, # Don't autoplay videos for course authors - 'AUTOPLAY_VIDEOS': False + 'AUTOPLAY_VIDEOS': False, + + # If set to True, new Studio users won't be able to author courses unless + # edX has explicitly added them to the course creator group. + 'ENABLE_CREATOR_GROUP': False } ENABLE_JASMINE = False