Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: better permission names for instructor endpoints

Browse Source
This commit is contained in:
0x29a
2023-09-14 14:21:53 +02:00
parent a45901ea6d
commit 9e56a18f0f
3 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
common/djangoapps/student/roles.py
View File

@@ -49,6 +49,10 @@ def register_access_role(cls):
def strict_role_checking():
"""
Context manager that temporarily disables role inheritance.
You may want to use it to check if a user has a base role. For example, if a user has `CourseLimitedStaffRole`,
by enclosing `has_role` call with this context manager, you can check it has the `CourseStaffRole` too. This is
useful when derived roles have less permissions than their base roles, but users can have both roles at the same.
"""
OLD_ACCESS_ROLES_INHERITANCE = ACCESS_ROLES_INHERITANCE.copy()
ACCESS_ROLES_INHERITANCE.clear()

4
lms/djangoapps/instructor/permissions.py
View File

@@ -29,6 +29,8 @@ EMAIL = 'instructor.email'
RESCORE_EXAMS = 'instructor.rescore_exams'
VIEW_REGISTRATION = 'instructor.view_registration'
VIEW_DASHBOARD = 'instructor.dashboard'
VIEW_ENROLLMENTS = 'instructor.view_enrollments'
VIEW_FORUM_MEMBERS = 'instructor.view_forum_members'
perms[ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM] = HasAccessRule('staff')
@@ -60,3 +62,5 @@ perms[VIEW_DASHBOARD] = \
'instructor',
'data_researcher'
) | HasAccessRule('staff') | HasAccessRule('instructor')
perms[VIEW_ENROLLMENTS] = HasAccessRule('staff')
perms[VIEW_FORUM_MEMBERS] = HasAccessRule('staff')

4
lms/djangoapps/instructor/views/api.py
View File

@@ -1661,7 +1661,7 @@ def get_anon_ids(request, course_id):
@require_POST
@ensure_csrf_cookie
@cache_control(no_cache=True, no_store=True, must_revalidate=True)
@require_course_permission(permissions.CAN_ENROLL)
@require_course_permission(permissions.VIEW_ENROLLMENTS)
@require_post_params(
unique_student_identifier="email or username of student for whom to get enrollment status"
)
@@ -2611,7 +2611,7 @@ def problem_grade_report(request, course_id):
@require_POST
@ensure_csrf_cookie
@cache_control(no_cache=True, no_store=True, must_revalidate=True)
@require_course_permission(permissions.CAN_ENROLL)
@require_course_permission(permissions.VIEW_FORUM_MEMBERS)
@require_post_params('rolename')
def list_forum_members(request, course_id):
"""