Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch sale_validation over to using a StaffAccessRule with query checking

Browse Source
This commit is contained in:
Calen Pennington
2019-08-02 14:51:17 -04:00
parent 11677d052c
commit c3d86c9b3c
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lms/djangoapps/instructor/permissions.py
View File

@@ -9,6 +9,7 @@ ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM = 'instructor.allow_student_to_bypass_entr
ASSIGN_TO_COHORTS = 'instructor.assign_to_cohorts'
EDIT_COURSE_ACCESS = 'instructor.edit_course_access'
EDIT_FORUM_ROLES = 'instructor.edit_forum_roles'
EDIT_INVOICE_VALIDATION = 'instructor.edit_invoice_validation'
VIEW_ISSUED_CERTIFICATES = 'instructor.view_issued_certificates'
@@ -16,4 +17,5 @@ perms[ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM] = HasAccessRule('staff')
perms[ASSIGN_TO_COHORTS] = HasAccessRule('staff')
perms[EDIT_COURSE_ACCESS] = HasAccessRule('instructor')
perms[EDIT_FORUM_ROLES] = HasAccessRule('staff')
perms[EDIT_INVOICE_VALIDATION] = HasAccessRule('staff')
perms[VIEW_ISSUED_CERTIFICATES] = HasAccessRule('staff')

3
lms/djangoapps/instructor/views/api.py
View File

@@ -153,6 +153,7 @@ from ..permissions import (
ASSIGN_TO_COHORTS,
EDIT_COURSE_ACCESS,
EDIT_FORUM_ROLES,
EDIT_INVOICE_VALIDATION,
VIEW_ISSUED_CERTIFICATES,
)
@@ -1174,7 +1175,7 @@ def get_sale_order_records(request, course_id): # pylint: disable=unused-argume
return instructor_analytics.csvs.create_csv_response("e-commerce_sale_order_records.csv", csv_columns, datarows)
@require_level('staff')
@require_course_permission(EDIT_INVOICE_VALIDATION)
@require_POST
def sale_validation(request, course_id):
"""