From e0981f3b9609d19a626b40dd7f042164e863014b Mon Sep 17 00:00:00 2001 From: Calen Pennington Date: Fri, 2 Aug 2019 15:04:03 -0400 Subject: [PATCH] Switch generate_certificate_exceptions over to using a StaffAccessRule with query checking --- lms/djangoapps/instructor/permissions.py | 2 ++ lms/djangoapps/instructor/views/api.py | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lms/djangoapps/instructor/permissions.py b/lms/djangoapps/instructor/permissions.py index c581e1e11a..d47a4b28f1 100644 --- a/lms/djangoapps/instructor/permissions.py +++ b/lms/djangoapps/instructor/permissions.py @@ -12,6 +12,7 @@ EDIT_COURSE_ACCESS = 'instructor.edit_course_access' EDIT_FORUM_ROLES = 'instructor.edit_forum_roles' EDIT_INVOICE_VALIDATION = 'instructor.edit_invoice_validation' ENABLE_CERTIFICATE_GENERATION = 'instructor.enable_certificate_generation' +GENERATE_CERTIFICATE_EXCEPTIONS = 'instructor.generate_certificate_exceptions' GENERATE_BULK_CERTIFICATE_EXCEPTIONS = 'instructor.generate_bulk_certificate_exceptions' GIVE_STUDENT_EXTENSION = 'instructor.give_student_extension' VIEW_ISSUED_CERTIFICATES = 'instructor.view_issued_certificates' @@ -23,6 +24,7 @@ perms[EDIT_COURSE_ACCESS] = HasAccessRule('instructor') perms[EDIT_FORUM_ROLES] = HasAccessRule('staff') perms[EDIT_INVOICE_VALIDATION] = HasAccessRule('staff') perms[ENABLE_CERTIFICATE_GENERATION] = is_staff +perms[GENERATE_CERTIFICATE_EXCEPTIONS] = is_staff perms[GENERATE_BULK_CERTIFICATE_EXCEPTIONS] = is_staff perms[GIVE_STUDENT_EXTENSION] = HasAccessRule('staff') perms[VIEW_ISSUED_CERTIFICATES] = HasAccessRule('staff') diff --git a/lms/djangoapps/instructor/views/api.py b/lms/djangoapps/instructor/views/api.py index 443cce5453..60afef59e7 100644 --- a/lms/djangoapps/instructor/views/api.py +++ b/lms/djangoapps/instructor/views/api.py @@ -155,6 +155,7 @@ from ..permissions import ( EDIT_FORUM_ROLES, EDIT_INVOICE_VALIDATION, ENABLE_CERTIFICATE_GENERATION, + GENERATE_CERTIFICATE_EXCEPTIONS, GENERATE_BULK_CERTIFICATE_EXCEPTIONS, GIVE_STUDENT_EXTENSION, VIEW_ISSUED_CERTIFICATES, @@ -3305,7 +3306,7 @@ def get_student(username_or_email, course_key): @transaction.non_atomic_requests @ensure_csrf_cookie @cache_control(no_cache=True, no_store=True, must_revalidate=True) -@require_global_staff +@require_course_permission(GENERATE_CERTIFICATE_EXCEPTIONS) @require_POST @common_exceptions_400 def generate_certificate_exceptions(request, course_id, generate_for=None):