From 9d3e2c1a08c2572991053c4a9b92bbef895fa837 Mon Sep 17 00:00:00 2001 From: cahrens Date: Thu, 30 Jul 2015 17:06:40 -0400 Subject: [PATCH] Ignore team membership for privileged users. --- .../django_comment_client/base/tests.py | 19 ++++++----- .../django_comment_client/permissions.py | 32 ++++++++++--------- 2 files changed, 28 insertions(+), 23 deletions(-) diff --git a/lms/djangoapps/django_comment_client/base/tests.py b/lms/djangoapps/django_comment_client/base/tests.py index dbcab2bd00..22541cc4a6 100644 --- a/lms/djangoapps/django_comment_client/base/tests.py +++ b/lms/djangoapps/django_comment_client/base/tests.py @@ -1119,8 +1119,8 @@ class TeamsPermissionsTestCase(UrlResetMixin, ModuleStoreTestCase, MockRequestSe ('student_not_in_team', 'team_commentable_id', 401), # Non-team commentables can be edited by any student. ('student_not_in_team', 'course_commentable_id', 200), - # Moderators most be a member of the team for doing "student actions". - ('moderator', 'team_commentable_id', 401) + # Moderators can always operator on threads within a team, regardless of team membership. + ('moderator', 'team_commentable_id', 200) ] @patch.dict("django.conf.settings.FEATURES", {"ENABLE_DISCUSSION_SERVICE": True}) @@ -1200,7 +1200,7 @@ class TeamsPermissionsTestCase(UrlResetMixin, ModuleStoreTestCase, MockRequestSe @ddt.unpack def test_create_comment(self, user, commentable_id, status_code, mock_request): """ - Verify that create_comment is limited to members of the team. + Verify that create_comment is limited to members of the team or users with 'edit_content' permission. """ commentable_id = getattr(self, commentable_id) self._setup_mock(user, mock_request, {"closed": False, "commentable_id": commentable_id}) @@ -1221,7 +1221,7 @@ class TeamsPermissionsTestCase(UrlResetMixin, ModuleStoreTestCase, MockRequestSe @ddt.unpack def test_create_sub_comment(self, user, commentable_id, status_code, mock_request): """ - Verify that create_subcomment is limited to members of the team. + Verify that create_subcomment is limited to members of the team or users with 'edit_content' permission. """ commentable_id = getattr(self, commentable_id) self._setup_mock( @@ -1244,7 +1244,8 @@ class TeamsPermissionsTestCase(UrlResetMixin, ModuleStoreTestCase, MockRequestSe @ddt.unpack def test_comment_actions(self, user, commentable_id, status_code, mock_request): """ - Verify that voting and flagging of comments is limited to members of the team. + Verify that voting and flagging of comments is limited to members of the team or users with + 'edit_content' permission. """ commentable_id = getattr(self, commentable_id) self._setup_mock( @@ -1264,7 +1265,8 @@ class TeamsPermissionsTestCase(UrlResetMixin, ModuleStoreTestCase, MockRequestSe @ddt.unpack def test_threads_actions(self, user, commentable_id, status_code, mock_request): """ - Verify that voting, flagging, and following of threads is limited to members of the team. + Verify that voting, flagging, and following of threads is limited to members of the team or users with + 'edit_content' permission. """ commentable_id = getattr(self, commentable_id) self._setup_mock( @@ -1285,7 +1287,7 @@ class TeamsPermissionsTestCase(UrlResetMixin, ModuleStoreTestCase, MockRequestSe @ddt.unpack def test_create_thread(self, user, commentable_id, status_code, __): """ - Verify that creation of threads is limited to members of the team. + Verify that creation of threads is limited to members of the team or users with 'edit_content' permission. """ commentable_id = getattr(self, commentable_id) # mock_request is not used because Commentables don't exist in comment service. @@ -1303,7 +1305,8 @@ class TeamsPermissionsTestCase(UrlResetMixin, ModuleStoreTestCase, MockRequestSe @ddt.unpack def test_commentable_actions(self, user, commentable_id, status_code, __): """ - Verify that following of commentables is limited to members of the team. + Verify that following of commentables is limited to members of the team or users with + 'edit_content' permission. """ commentable_id = getattr(self, commentable_id) # mock_request is not used because Commentables don't exist in comment service. diff --git a/lms/djangoapps/django_comment_client/permissions.py b/lms/djangoapps/django_comment_client/permissions.py index f0b72e20fe..dd490c45dc 100644 --- a/lms/djangoapps/django_comment_client/permissions.py +++ b/lms/djangoapps/django_comment_client/permissions.py @@ -114,30 +114,32 @@ def _check_conditions_permissions(user, permissions, course_id, content): return test(user, permissions, operator="or") +# Note: 'edit_content' is being used as a generic way of telling if someone is a privileged user +# (forum Moderator/Admin/TA), because there is a desire that team membership does not impact privileged users. VIEW_PERMISSIONS = { 'update_thread': ['edit_content', ['update_thread', 'is_open', 'is_author']], - 'create_comment': [["create_comment", "is_open", "is_team_member_if_applicable"]], + 'create_comment': ['edit_content', ["create_comment", "is_open", "is_team_member_if_applicable"]], 'delete_thread': ['delete_thread', ['update_thread', 'is_author']], 'update_comment': ['edit_content', ['update_comment', 'is_open', 'is_author']], 'endorse_comment': ['endorse_comment', 'is_question_author'], 'openclose_thread': ['openclose_thread'], - 'create_sub_comment': [['create_sub_comment', 'is_open', 'is_team_member_if_applicable']], + 'create_sub_comment': ['edit_content', ['create_sub_comment', 'is_open', 'is_team_member_if_applicable']], 'delete_comment': ['delete_comment', ['update_comment', 'is_open', 'is_author']], - 'vote_for_comment': [['vote', 'is_open', 'is_team_member_if_applicable']], - 'undo_vote_for_comment': [['unvote', 'is_open', 'is_team_member_if_applicable']], - 'vote_for_thread': [['vote', 'is_open', 'is_team_member_if_applicable']], - 'flag_abuse_for_thread': [['vote', 'is_team_member_if_applicable']], - 'un_flag_abuse_for_thread': [['vote', 'is_team_member_if_applicable']], - 'flag_abuse_for_comment': [['vote', 'is_team_member_if_applicable']], - 'un_flag_abuse_for_comment': [['vote', 'is_team_member_if_applicable']], - 'undo_vote_for_thread': [['unvote', 'is_open', 'is_team_member_if_applicable']], + 'vote_for_comment': ['edit_content', ['vote', 'is_open', 'is_team_member_if_applicable']], + 'undo_vote_for_comment': ['edit_content', ['unvote', 'is_open', 'is_team_member_if_applicable']], + 'vote_for_thread': ['edit_content', ['vote', 'is_open', 'is_team_member_if_applicable']], + 'flag_abuse_for_thread': ['edit_content', ['vote', 'is_team_member_if_applicable']], + 'un_flag_abuse_for_thread': ['edit_content', ['vote', 'is_team_member_if_applicable']], + 'flag_abuse_for_comment': ['edit_content', ['vote', 'is_team_member_if_applicable']], + 'un_flag_abuse_for_comment': ['edit_content', ['vote', 'is_team_member_if_applicable']], + 'undo_vote_for_thread': ['edit_content', ['unvote', 'is_open', 'is_team_member_if_applicable']], 'pin_thread': ['openclose_thread'], 'un_pin_thread': ['openclose_thread'], - 'follow_thread': [['follow_thread', 'is_team_member_if_applicable']], - 'follow_commentable': [['follow_commentable', 'is_team_member_if_applicable']], - 'unfollow_thread': [['unfollow_thread', 'is_team_member_if_applicable']], - 'unfollow_commentable': [['unfollow_commentable', 'is_team_member_if_applicable']], - 'create_thread': [['create_thread', 'is_team_member_if_applicable']], + 'follow_thread': ['edit_content', ['follow_thread', 'is_team_member_if_applicable']], + 'follow_commentable': ['edit_content', ['follow_commentable', 'is_team_member_if_applicable']], + 'unfollow_thread': ['edit_content', ['unfollow_thread', 'is_team_member_if_applicable']], + 'unfollow_commentable': ['edit_content', ['unfollow_commentable', 'is_team_member_if_applicable']], + 'create_thread': ['edit_content', ['create_thread', 'is_team_member_if_applicable']], }