fix: cohorts data can be private

2023-10-04 12:46:36 -04:00
parent 62cfe6f3a9
commit ab4179ec60
2 changed files with 12 additions and 2 deletions
--- a/common/djangoapps/util/file.py
+++ b/common/djangoapps/util/file.py
@@ -13,6 +13,7 @@ from django.utils.text import get_valid_filename
 from django.utils.translation import gettext as _
 from django.utils.translation import ngettext
 from pytz import UTC
+from storages.backends.s3boto3 import S3Boto3Storage


 class FileValidationException(Exception):
@@ -23,7 +24,7 @@ class FileValidationException(Exception):


 def store_uploaded_file(
-        request, file_key, allowed_file_types, base_storage_filename, max_file_size, validator=None,
+        request, file_key, allowed_file_types, base_storage_filename, max_file_size, validator=None, is_private=False,
 ):
    """
    Stores an uploaded file to django file storage.
@@ -45,6 +46,8 @@ def store_uploaded_file(
            a `FileValidationException` if the file is not properly formatted. If any exception is thrown, the stored
            file will be deleted before the exception is re-raised. Note that the implementor of the validator function
            should take care to close the stored file if they open it for reading.
+        is_private (Boolean): an optional boolean which if True and the storage backend is S3,
+            sets the ACL for the file object to be private.

    Returns:
        Storage: the file storage object where the file can be retrieved from
@@ -75,6 +78,12 @@ def store_uploaded_file(
        file_storage = DefaultStorage()
        # If a file already exists with the supplied name, file_storage will make the filename unique.
        stored_file_name = file_storage.save(stored_file_name, uploaded_file)
+        if is_private and settings.DEFAULT_FILE_STORAGE == 'storages.backends.s3boto3.S3Boto3Storage':
+            S3Boto3Storage().connection.meta.client.put_object_acl(
+                ACL='private',
+                Bucket=settings.AWS_STORAGE_BUCKET_NAME,
+                Key=stored_file_name,
+           )

        if validator:
            try:
--- a/lms/djangoapps/instructor/views/api.py
+++ b/lms/djangoapps/instructor/views/api.py
@@ -1600,7 +1600,8 @@ class CohortCSV(DeveloperErrorViewMixin, APIView):
                request, 'uploaded-file', ['.csv'],
                course_and_time_based_filename_generator(course_key, 'cohorts'),
                max_file_size=2000000,  # limit to 2 MB
-                validator=_cohorts_csv_validator
+                validator=_cohorts_csv_validator,
+                is_private=True
            )
            task_api.submit_cohort_students(request, course_key, file_name)
        except (FileValidationException, ValueError) as e: