diff --git a/cms/djangoapps/contentstore/views.py b/cms/djangoapps/contentstore/views.py index d95322f2f8..28cb82c608 100644 --- a/cms/djangoapps/contentstore/views.py +++ b/cms/djangoapps/contentstore/views.py @@ -731,7 +731,7 @@ This view will return all CMS users who are editors for the specified course def manage_users(request, location): # check that logged in user has permissions to this item - if not has_access(request.user, location, role=INSTRUCTOR_ROLE_NAME): + if not has_access(request.user, location, role=INSTRUCTOR_ROLE_NAME) and not has_access(request.user, location, role=EDITOR_ROLE_NAME): raise PermissionDenied() course_module = modulestore().get_item(location) @@ -741,7 +741,9 @@ def manage_users(request, location): 'context_course': course_module, 'staff': get_users_in_course_group_by_role(location, STAFF_ROLE_NAME), 'add_user_postback_url' : reverse('add_user', args=[location]).rstrip('/'), - 'remove_user_postback_url' : reverse('remove_user', args=[location]).rstrip('/') + 'remove_user_postback_url' : reverse('remove_user', args=[location]).rstrip('/'), + 'allow_actions' : has_access(request.user, location, role=INSTRUCTOR_ROLE_NAME), + 'request_user_id' : request.user.id }) diff --git a/cms/templates/manage_users.html b/cms/templates/manage_users.html index 3adfa42a16..80cb1256fb 100644 --- a/cms/templates/manage_users.html +++ b/cms/templates/manage_users.html @@ -16,20 +16,26 @@ New User + %if allow_actions:
save cancel
+ %endif
    % for user in staff:
  1. ${user.username} ${user.email} + %if allow_actions :
    - + %if request_user_id != user.id: + + %endif
    + %endif
    2. % endfor