Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6d5e65c0bddd7ecf0f2f118d8ea025ca4e8cbc89
edx-platform/lms/djangoapps/mobile_api/users/views.py
David Ormsbee 4f5d8b30de Basic Mobile API (v0.5) and Video Abstraction Layer integration. 
Note that the features in this release are opt-in, and course and video
behavior will remain the same unless a course explicitly opts in.

Major pieces of functionality with this commit:

Allows the listing of a user's enrollments, course videos, and updates. In
order to make a course available for mobile use, course staff must explicitly
set the Course Advanced Setting "Mobile Course Available" to true. Course staff
will always see their own courses through the Mobile API regardless of this
setting, but students will only be allowed to see a course through the Mobile
API if this setting is set to "true". By default, a Course will *not* be
available for mobile use.

This is a Django app for video resource management. It is completely optional,
and is intended to allow video and operations teams to create new encodings of
videos (e.g. low res for mobile) and change CDNs without having to edit course
data directly. Course teams can now use a "EdX Video ID" setting for Videos,
which will leverage VAL. Video units that do not fill in an "EdX Video ID" will
behave exactly as they always have.

* The Mobile API is enabled with the ENABLE_MOBILE_REST_API feature flag.
* VAL is enabled with the ENABLE_VIDEO_ABSTRACTION_LAYER_API feature flag.
* VAL and the Mobile API both require ENABLE_OAUTH2_PROVIDER).
* The Mobile API is a read-only API, but VAL requires database migrations.
* Applications that make use of either the Mobile API or VAL must be registered
  with the OAuth2 provider app in Django Admin.
2014-09-23 12:31:46 -04:00

80 lines
3.0 KiB
Python
Raw Blame History

from django.core.exceptions import PermissionDenied
from django.shortcuts import redirect
from rest_framework import generics, permissions
from rest_framework.authentication import OAuth2Authentication, SessionAuthentication
from rest_framework.decorators import api_view, authentication_classes, permission_classes
from rest_framework.exceptions import PermissionDenied
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from courseware.access import has_access
from student.forms import PasswordResetFormNoActive
from student.models import CourseEnrollment, User
from xmodule.modulestore.django import modulestore
from .serializers import CourseEnrollmentSerializer, UserSerializer
class IsUser(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
return request.user == obj
class UserDetail(generics.RetrieveAPIView):
"""Read-only information about our User.
This will be where users are redirected to after API login and will serve
as a place to list all useful resources this user can access.
"""
authentication_classes = (OAuth2Authentication, SessionAuthentication)
permission_classes = (permissions.IsAuthenticated, IsUser)
queryset = (
User.objects.all()
.select_related('profile', 'course_enrollments')
)
serializer_class = UserSerializer
lookup_field = 'username'
class UserCourseEnrollmentsList(generics.ListAPIView):
"""Read-only list of courses that this user is enrolled in."""
authentication_classes = (OAuth2Authentication, SessionAuthentication)
permission_classes = (permissions.IsAuthenticated, IsUser)
queryset = CourseEnrollment.objects.all()
serializer_class = CourseEnrollmentSerializer
lookup_field = 'username'
def get_queryset(self):
qset = self.queryset.filter(
user__username=self.kwargs['username'], is_active=True
).order_by('created')
return mobile_course_enrollments(qset, self.request.user)
def get(self, request, *args, **kwargs):
if request.user.username != kwargs['username']:
raise PermissionDenied
return super(UserCourseEnrollmentsList, self).get(self, request, *args, **kwargs)
@api_view(["GET"])
@authentication_classes((OAuth2Authentication, SessionAuthentication))
@permission_classes((IsAuthenticated,))
def my_user_info(request):
if not request.user:
raise PermissionDenied
return redirect("user-detail", username=request.user.username)
def mobile_course_enrollments(enrollments, user):
"""
Return enrollments only if courses are mobile_available (or if the user has staff access)
enrollments is a list of CourseEnrollments.
"""
for enr in enrollments:
course = enr.course
# The course doesn't always really exist -- we can have bad data in the enrollments
# pointing to non-existent (or removed) courses, in which case `course` is None.
if course and (course.mobile_available or has_access(user, 'staff', course)):
yield enr
Reference in New Issue View Git Blame Copy Permalink