151bd13666
* Generate common/djangoapps import shims for LMS * Generate common/djangoapps import shims for Studio * Stop appending project root to sys.path * Stop appending common/djangoapps to sys.path * Import from common.djangoapps.course_action_state instead of course_action_state * Import from common.djangoapps.course_modes instead of course_modes * Import from common.djangoapps.database_fixups instead of database_fixups * Import from common.djangoapps.edxmako instead of edxmako * Import from common.djangoapps.entitlements instead of entitlements * Import from common.djangoapps.pipline_mako instead of pipeline_mako * Import from common.djangoapps.static_replace instead of static_replace * Import from common.djangoapps.student instead of student * Import from common.djangoapps.terrain instead of terrain * Import from common.djangoapps.third_party_auth instead of third_party_auth * Import from common.djangoapps.track instead of track * Import from common.djangoapps.util instead of util * Import from common.djangoapps.xblock_django instead of xblock_django * Add empty common/djangoapps/__init__.py to fix pytest collection * Fix pylint formatting violations * Exclude import_shims/ directory tree from linting
112 lines
3.2 KiB
Python
112 lines
3.2 KiB
Python
"""
|
|
Access control operations for use by instructor APIs.
|
|
|
|
Does not include any access control, be sure to check access before calling.
|
|
|
|
TO DO sync instructor and staff flags
|
|
e.g. should these be possible?
|
|
{instructor: true, staff: false}
|
|
{instructor: true, staff: true}
|
|
"""
|
|
|
|
|
|
import logging
|
|
|
|
from lms.djangoapps.instructor.enrollment import enroll_email, get_email_params
|
|
from openedx.core.djangoapps.django_comment_common.models import Role
|
|
from common.djangoapps.student.roles import (
|
|
CourseBetaTesterRole, CourseCcxCoachRole, CourseDataResearcherRole,
|
|
CourseInstructorRole, CourseStaffRole
|
|
)
|
|
|
|
log = logging.getLogger(__name__)
|
|
|
|
ROLES = {
|
|
'beta': CourseBetaTesterRole,
|
|
'instructor': CourseInstructorRole,
|
|
'staff': CourseStaffRole,
|
|
'ccx_coach': CourseCcxCoachRole,
|
|
'data_researcher': CourseDataResearcherRole,
|
|
}
|
|
|
|
|
|
def list_with_level(course, level):
|
|
"""
|
|
List users who have 'level' access.
|
|
|
|
`level` is in ['instructor', 'staff', 'beta'] for standard courses.
|
|
There could be other levels specific to the course.
|
|
If there is no Group for that course-level, returns an empty list
|
|
"""
|
|
return ROLES[level](course.id).users_with_role()
|
|
|
|
|
|
def allow_access(course, user, level, send_email=True):
|
|
"""
|
|
Allow user access to course modification.
|
|
|
|
`level` is one of ['instructor', 'staff', 'beta']
|
|
"""
|
|
_change_access(course, user, level, 'allow', send_email)
|
|
|
|
|
|
def revoke_access(course, user, level, send_email=True):
|
|
"""
|
|
Revoke access from user to course modification.
|
|
|
|
`level` is one of ['instructor', 'staff', 'beta']
|
|
"""
|
|
_change_access(course, user, level, 'revoke', send_email)
|
|
|
|
|
|
def _change_access(course, user, level, action, send_email=True):
|
|
"""
|
|
Change access of user.
|
|
|
|
`level` is one of ['instructor', 'staff', 'beta']
|
|
action is one of ['allow', 'revoke']
|
|
|
|
NOTE: will create a group if it does not yet exist.
|
|
"""
|
|
|
|
try:
|
|
role = ROLES[level](course.id)
|
|
except KeyError:
|
|
raise ValueError(u"unrecognized level '{}'".format(level))
|
|
|
|
if action == 'allow':
|
|
if level == 'ccx_coach':
|
|
email_params = get_email_params(course, True)
|
|
enroll_email(
|
|
course_id=course.id,
|
|
student_email=user.email,
|
|
auto_enroll=True,
|
|
email_students=send_email,
|
|
email_params=email_params,
|
|
)
|
|
role.add_users(user)
|
|
elif action == 'revoke':
|
|
role.remove_users(user)
|
|
else:
|
|
raise ValueError(u"unrecognized action '{}'".format(action))
|
|
|
|
|
|
def update_forum_role(course_id, user, rolename, action):
|
|
"""
|
|
Change forum access of user.
|
|
|
|
`rolename` is one of [FORUM_ROLE_ADMINISTRATOR, FORUM_ROLE_MODERATOR, FORUM_ROLE_COMMUNITY_TA]
|
|
`action` is one of ['allow', 'revoke']
|
|
|
|
if `action` is bad, raises ValueError
|
|
if `rolename` does not exist, raises Role.DoesNotExist
|
|
"""
|
|
role = Role.objects.get(course_id=course_id, name=rolename)
|
|
|
|
if action == 'allow':
|
|
role.users.add(user)
|
|
elif action == 'revoke':
|
|
role.users.remove(user)
|
|
else:
|
|
raise ValueError(u"unrecognized action '{}'".format(action))
|