From c3d86c9b3c07bdcc8716634c30b7aedf067a43ea Mon Sep 17 00:00:00 2001 From: Calen Pennington Date: Fri, 2 Aug 2019 14:51:17 -0400 Subject: [PATCH] Switch sale_validation over to using a StaffAccessRule with query checking --- lms/djangoapps/instructor/permissions.py | 2 ++ lms/djangoapps/instructor/views/api.py | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lms/djangoapps/instructor/permissions.py b/lms/djangoapps/instructor/permissions.py index 3e96ca403e..cb6e979b97 100644 --- a/lms/djangoapps/instructor/permissions.py +++ b/lms/djangoapps/instructor/permissions.py @@ -9,6 +9,7 @@ ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM = 'instructor.allow_student_to_bypass_entr ASSIGN_TO_COHORTS = 'instructor.assign_to_cohorts' EDIT_COURSE_ACCESS = 'instructor.edit_course_access' EDIT_FORUM_ROLES = 'instructor.edit_forum_roles' +EDIT_INVOICE_VALIDATION = 'instructor.edit_invoice_validation' VIEW_ISSUED_CERTIFICATES = 'instructor.view_issued_certificates' @@ -16,4 +17,5 @@ perms[ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM] = HasAccessRule('staff') perms[ASSIGN_TO_COHORTS] = HasAccessRule('staff') perms[EDIT_COURSE_ACCESS] = HasAccessRule('instructor') perms[EDIT_FORUM_ROLES] = HasAccessRule('staff') +perms[EDIT_INVOICE_VALIDATION] = HasAccessRule('staff') perms[VIEW_ISSUED_CERTIFICATES] = HasAccessRule('staff') diff --git a/lms/djangoapps/instructor/views/api.py b/lms/djangoapps/instructor/views/api.py index f9802304d1..d543e3eaa0 100644 --- a/lms/djangoapps/instructor/views/api.py +++ b/lms/djangoapps/instructor/views/api.py @@ -153,6 +153,7 @@ from ..permissions import ( ASSIGN_TO_COHORTS, EDIT_COURSE_ACCESS, EDIT_FORUM_ROLES, + EDIT_INVOICE_VALIDATION, VIEW_ISSUED_CERTIFICATES, ) @@ -1174,7 +1175,7 @@ def get_sale_order_records(request, course_id): # pylint: disable=unused-argume return instructor_analytics.csvs.create_csv_response("e-commerce_sale_order_records.csv", csv_columns, datarows) -@require_level('staff') +@require_course_permission(EDIT_INVOICE_VALIDATION) @require_POST def sale_validation(request, course_id): """