From 9e56a18f0f63ef94ec484eed83bb9190d635f797 Mon Sep 17 00:00:00 2001 From: 0x29a Date: Thu, 14 Sep 2023 14:21:53 +0200 Subject: [PATCH] refactor: better permission names for instructor endpoints --- common/djangoapps/student/roles.py | 4 ++++ lms/djangoapps/instructor/permissions.py | 4 ++++ lms/djangoapps/instructor/views/api.py | 4 ++-- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/common/djangoapps/student/roles.py b/common/djangoapps/student/roles.py index 321c769322..7bbd0cf924 100644 --- a/common/djangoapps/student/roles.py +++ b/common/djangoapps/student/roles.py @@ -49,6 +49,10 @@ def register_access_role(cls): def strict_role_checking(): """ Context manager that temporarily disables role inheritance. + + You may want to use it to check if a user has a base role. For example, if a user has `CourseLimitedStaffRole`, + by enclosing `has_role` call with this context manager, you can check it has the `CourseStaffRole` too. This is + useful when derived roles have less permissions than their base roles, but users can have both roles at the same. """ OLD_ACCESS_ROLES_INHERITANCE = ACCESS_ROLES_INHERITANCE.copy() ACCESS_ROLES_INHERITANCE.clear() diff --git a/lms/djangoapps/instructor/permissions.py b/lms/djangoapps/instructor/permissions.py index 20426761e6..119ecf4e35 100644 --- a/lms/djangoapps/instructor/permissions.py +++ b/lms/djangoapps/instructor/permissions.py @@ -29,6 +29,8 @@ EMAIL = 'instructor.email' RESCORE_EXAMS = 'instructor.rescore_exams' VIEW_REGISTRATION = 'instructor.view_registration' VIEW_DASHBOARD = 'instructor.dashboard' +VIEW_ENROLLMENTS = 'instructor.view_enrollments' +VIEW_FORUM_MEMBERS = 'instructor.view_forum_members' perms[ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM] = HasAccessRule('staff') @@ -60,3 +62,5 @@ perms[VIEW_DASHBOARD] = \ 'instructor', 'data_researcher' ) | HasAccessRule('staff') | HasAccessRule('instructor') +perms[VIEW_ENROLLMENTS] = HasAccessRule('staff') +perms[VIEW_FORUM_MEMBERS] = HasAccessRule('staff') diff --git a/lms/djangoapps/instructor/views/api.py b/lms/djangoapps/instructor/views/api.py index 778cbe5c8b..fd346d242f 100644 --- a/lms/djangoapps/instructor/views/api.py +++ b/lms/djangoapps/instructor/views/api.py @@ -1661,7 +1661,7 @@ def get_anon_ids(request, course_id): @require_POST @ensure_csrf_cookie @cache_control(no_cache=True, no_store=True, must_revalidate=True) -@require_course_permission(permissions.CAN_ENROLL) +@require_course_permission(permissions.VIEW_ENROLLMENTS) @require_post_params( unique_student_identifier="email or username of student for whom to get enrollment status" ) @@ -2611,7 +2611,7 @@ def problem_grade_report(request, course_id): @require_POST @ensure_csrf_cookie @cache_control(no_cache=True, no_store=True, must_revalidate=True) -@require_course_permission(permissions.CAN_ENROLL) +@require_course_permission(permissions.VIEW_FORUM_MEMBERS) @require_post_params('rolename') def list_forum_members(request, course_id): """