diff --git a/lms/djangoapps/certificates/permissions.py b/lms/djangoapps/certificates/permissions.py index 5d8f42d481..ca5e7485c6 100644 --- a/lms/djangoapps/certificates/permissions.py +++ b/lms/djangoapps/certificates/permissions.py @@ -9,3 +9,5 @@ PREVIEW_CERTIFICATES = 'certificates.preview_certificates' perms[PREVIEW_CERTIFICATES] = HasAccessRule('staff') VIEW_ALL_CERTIFICATES = 'certificates.view_all_certificates' perms[VIEW_ALL_CERTIFICATES] = HasAccessRule('certificates') +GENERATE_ALL_CERTIFICATES = 'certificates.generate_all_certificates' +perms[GENERATE_ALL_CERTIFICATES] = HasAccessRule('certificates') diff --git a/lms/djangoapps/certificates/views/support.py b/lms/djangoapps/certificates/views/support.py index 24e5b284e4..de880232d0 100644 --- a/lms/djangoapps/certificates/views/support.py +++ b/lms/djangoapps/certificates/views/support.py @@ -22,10 +22,9 @@ from django.views.decorators.http import require_GET, require_POST from opaque_keys import InvalidKeyError from opaque_keys.edx.keys import CourseKey -from lms.djangoapps.courseware.access import has_access from lms.djangoapps.certificates import api from lms.djangoapps.certificates.models import CertificateInvalidation -from lms.djangoapps.certificates.permissions import VIEW_ALL_CERTIFICATES +from lms.djangoapps.certificates.permissions import VIEW_ALL_CERTIFICATES, GENERATE_ALL_CERTIFICATES from lms.djangoapps.instructor_task.api import generate_certificates_for_students from openedx.core.djangoapps.content.course_overviews.models import CourseOverview from student.models import CourseEnrollment, User @@ -35,22 +34,28 @@ from xmodule.modulestore.django import modulestore log = logging.getLogger(__name__) -def require_certificate_permission(func): +def require_certificate_permission(permission): """ View decorator that requires permission to view and regenerate certificates. """ - @wraps(func) - def inner(request, *args, **kwargs): - if request.user.has_perm(VIEW_ALL_CERTIFICATES, 'global'): - return func(request, *args, **kwargs) - else: + def inner(func): + """ + The outer wrapper, used to allow the decorator to take optional arguments. + """ + @wraps(func) + def wrapper(request, *args, **kwargs): + """ + The inner wrapper, which wraps the view function. + """ + if request.user.has_perm(permission, 'global'): + return func(request, *args, **kwargs) return HttpResponseForbidden() - + return wrapper return inner @require_GET -@require_certificate_permission +@require_certificate_permission(VIEW_ALL_CERTIFICATES) def search_certificates(request): """ Search for certificates for a particular user OR along with the given course. @@ -158,7 +163,7 @@ def _validate_post_params(params): # Grades can potentially be written - if so, let grading manage the transaction. @transaction.non_atomic_requests @require_POST -@require_certificate_permission +@require_certificate_permission(GENERATE_ALL_CERTIFICATES) def regenerate_certificate_for_user(request): """ Regenerate certificates for a user. @@ -225,7 +230,7 @@ def regenerate_certificate_for_user(request): @transaction.non_atomic_requests @require_POST -@require_certificate_permission +@require_certificate_permission(GENERATE_ALL_CERTIFICATES) def generate_certificate_for_user(request): """ Generate certificates for a user.