Ignore team membership for privileged users.

2015-07-30 17:06:40 -04:00
parent 01c22531d7
commit 9d3e2c1a08
2 changed files with 28 additions and 23 deletions
--- a/lms/djangoapps/django_comment_client/base/tests.py
+++ b/lms/djangoapps/django_comment_client/base/tests.py
@@ -1119,8 +1119,8 @@ class TeamsPermissionsTestCase(UrlResetMixin, ModuleStoreTestCase, MockRequestSe
        ('student_not_in_team', 'team_commentable_id', 401),
        # Non-team commentables can be edited by any student.
        ('student_not_in_team', 'course_commentable_id', 200),
-        # Moderators most be a member of the team for doing "student actions".
-        ('moderator', 'team_commentable_id', 401)
+        # Moderators can always operator on threads within a team, regardless of team membership.
+        ('moderator', 'team_commentable_id', 200)
    ]

    @patch.dict("django.conf.settings.FEATURES", {"ENABLE_DISCUSSION_SERVICE": True})
@@ -1200,7 +1200,7 @@ class TeamsPermissionsTestCase(UrlResetMixin, ModuleStoreTestCase, MockRequestSe
    @ddt.unpack
    def test_create_comment(self, user, commentable_id, status_code, mock_request):
        """
-        Verify that create_comment is limited to members of the team.
+        Verify that create_comment is limited to members of the team or users with 'edit_content' permission.
        """
        commentable_id = getattr(self, commentable_id)
        self._setup_mock(user, mock_request, {"closed": False, "commentable_id": commentable_id})
@@ -1221,7 +1221,7 @@ class TeamsPermissionsTestCase(UrlResetMixin, ModuleStoreTestCase, MockRequestSe
    @ddt.unpack
    def test_create_sub_comment(self, user, commentable_id, status_code, mock_request):
        """
-        Verify that create_subcomment is limited to members of the team.
+        Verify that create_subcomment is limited to members of the team or users with 'edit_content' permission.
        """
        commentable_id = getattr(self, commentable_id)
        self._setup_mock(
@@ -1244,7 +1244,8 @@ class TeamsPermissionsTestCase(UrlResetMixin, ModuleStoreTestCase, MockRequestSe
    @ddt.unpack
    def test_comment_actions(self, user, commentable_id, status_code, mock_request):
        """
-        Verify that voting and flagging of comments is limited to members of the team.
+        Verify that voting and flagging of comments is limited to members of the team or users with
+        'edit_content' permission.
        """
        commentable_id = getattr(self, commentable_id)
        self._setup_mock(
@@ -1264,7 +1265,8 @@ class TeamsPermissionsTestCase(UrlResetMixin, ModuleStoreTestCase, MockRequestSe
    @ddt.unpack
    def test_threads_actions(self, user, commentable_id, status_code, mock_request):
        """
-        Verify that voting, flagging, and following of threads is limited to members of the team.
+        Verify that voting, flagging, and following of threads is limited to members of the team or users with
+        'edit_content' permission.
        """
        commentable_id = getattr(self, commentable_id)
        self._setup_mock(
@@ -1285,7 +1287,7 @@ class TeamsPermissionsTestCase(UrlResetMixin, ModuleStoreTestCase, MockRequestSe
    @ddt.unpack
    def test_create_thread(self, user, commentable_id, status_code, __):
        """
-        Verify that creation of threads is limited to members of the team.
+        Verify that creation of threads is limited to members of the team or users with 'edit_content' permission.
        """
        commentable_id = getattr(self, commentable_id)
        # mock_request is not used because Commentables don't exist in comment service.
@@ -1303,7 +1305,8 @@ class TeamsPermissionsTestCase(UrlResetMixin, ModuleStoreTestCase, MockRequestSe
    @ddt.unpack
    def test_commentable_actions(self, user, commentable_id, status_code, __):
        """
-        Verify that following of commentables is limited to members of the team.
+        Verify that following of commentables is limited to members of the team or users with
+        'edit_content' permission.
        """
        commentable_id = getattr(self, commentable_id)
        # mock_request is not used because Commentables don't exist in comment service.
--- a/lms/djangoapps/django_comment_client/permissions.py
+++ b/lms/djangoapps/django_comment_client/permissions.py
@@ -114,30 +114,32 @@ def _check_conditions_permissions(user, permissions, course_id, content):
    return test(user, permissions, operator="or")


+# Note: 'edit_content' is being used as a generic way of telling if someone is a privileged user
+# (forum Moderator/Admin/TA), because there is a desire that team membership does not impact privileged users.
 VIEW_PERMISSIONS = {
    'update_thread': ['edit_content', ['update_thread', 'is_open', 'is_author']],
-    'create_comment': [["create_comment", "is_open", "is_team_member_if_applicable"]],
+    'create_comment': ['edit_content', ["create_comment", "is_open", "is_team_member_if_applicable"]],
    'delete_thread': ['delete_thread', ['update_thread', 'is_author']],
    'update_comment': ['edit_content', ['update_comment', 'is_open', 'is_author']],
    'endorse_comment': ['endorse_comment', 'is_question_author'],
    'openclose_thread': ['openclose_thread'],
-    'create_sub_comment': [['create_sub_comment', 'is_open', 'is_team_member_if_applicable']],
+    'create_sub_comment': ['edit_content', ['create_sub_comment', 'is_open', 'is_team_member_if_applicable']],
    'delete_comment': ['delete_comment', ['update_comment', 'is_open', 'is_author']],
-    'vote_for_comment': [['vote', 'is_open', 'is_team_member_if_applicable']],
-    'undo_vote_for_comment': [['unvote', 'is_open', 'is_team_member_if_applicable']],
-    'vote_for_thread': [['vote', 'is_open', 'is_team_member_if_applicable']],
-    'flag_abuse_for_thread': [['vote', 'is_team_member_if_applicable']],
-    'un_flag_abuse_for_thread': [['vote', 'is_team_member_if_applicable']],
-    'flag_abuse_for_comment': [['vote', 'is_team_member_if_applicable']],
-    'un_flag_abuse_for_comment': [['vote', 'is_team_member_if_applicable']],
-    'undo_vote_for_thread': [['unvote', 'is_open', 'is_team_member_if_applicable']],
+    'vote_for_comment': ['edit_content', ['vote', 'is_open', 'is_team_member_if_applicable']],
+    'undo_vote_for_comment': ['edit_content', ['unvote', 'is_open', 'is_team_member_if_applicable']],
+    'vote_for_thread': ['edit_content', ['vote', 'is_open', 'is_team_member_if_applicable']],
+    'flag_abuse_for_thread': ['edit_content', ['vote', 'is_team_member_if_applicable']],
+    'un_flag_abuse_for_thread': ['edit_content', ['vote', 'is_team_member_if_applicable']],
+    'flag_abuse_for_comment': ['edit_content', ['vote', 'is_team_member_if_applicable']],
+    'un_flag_abuse_for_comment': ['edit_content', ['vote', 'is_team_member_if_applicable']],
+    'undo_vote_for_thread': ['edit_content', ['unvote', 'is_open', 'is_team_member_if_applicable']],
    'pin_thread': ['openclose_thread'],
    'un_pin_thread': ['openclose_thread'],
-    'follow_thread': [['follow_thread', 'is_team_member_if_applicable']],
-    'follow_commentable': [['follow_commentable', 'is_team_member_if_applicable']],
-    'unfollow_thread': [['unfollow_thread', 'is_team_member_if_applicable']],
-    'unfollow_commentable': [['unfollow_commentable', 'is_team_member_if_applicable']],
-    'create_thread': [['create_thread', 'is_team_member_if_applicable']],
+    'follow_thread': ['edit_content', ['follow_thread', 'is_team_member_if_applicable']],
+    'follow_commentable': ['edit_content', ['follow_commentable', 'is_team_member_if_applicable']],
+    'unfollow_thread': ['edit_content', ['unfollow_thread', 'is_team_member_if_applicable']],
+    'unfollow_commentable': ['edit_content', ['unfollow_commentable', 'is_team_member_if_applicable']],
+    'create_thread': ['edit_content', ['create_thread', 'is_team_member_if_applicable']],
 }