Merge pull request #481 from edx/waheed/ecom-6298-list-published-course-permissions

Added permissions on published course runs tab.

Merge pull request #481 from edx/waheed/ecom-6298-list-published-course-permissions
Added permissions on published course runs tab.
50dc697a · Waheed Ahmed · GitHub · fea4a3f0 · 2c74cb6b · 50dc697a
Commit 50dc697a authored Dec 14, 2016 by Waheed Ahmed Committed by GitHub Dec 14, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 41 additions and 4 deletions

course_discovery/apps/publisher/tests/test_views.py
+34 -1

course_discovery/apps/publisher/views.py
+7 -3

No files found.
--- a/course_discovery/apps/publisher/tests/test_views.py
+++ b/course_discovery/apps/publisher/tests/test_views.py
@@ -23,7 +23,7 @@ from course_discovery.apps.core.tests.helpers import make_image_file
 from course_discovery.apps.course_metadata.tests import toggle_switch
 from course_discovery.apps.course_metadata.tests.factories import OrganizationFactory
 from course_discovery.apps.publisher.choices import PublisherUserRole
-from course_discovery.apps.publisher.constants import INTERNAL_USER_GROUP_NAME
+from course_discovery.apps.publisher.constants import INTERNAL_USER_GROUP_NAME, ADMIN_GROUP_NAME
 from course_discovery.apps.publisher.models import Course, CourseRun, Seat, State
 from course_discovery.apps.publisher.tests import factories, JSON_CONTENT_TYPE
 from course_discovery.apps.publisher.tests.utils import create_non_staff_user_and_login
@@ -1118,6 +1118,39 @@ class DashboardTests(TestCase):
        self.assertContains(response, self.table_class.format(id='published'))
        self.assertContains(response, 'The list below contains all course runs published in the past 30 days')

+    def test_published_course_runs_as_user_role(self):
+        """
+        Verify that user can see all published course runs as a user in a role for a course.
+        """
+        internal_user = UserFactory()
+        internal_user.groups.add(Group.objects.get(name=INTERNAL_USER_GROUP_NAME))
+        self.client.login(username=internal_user.username, password=USER_PASSWORD)
+
+        # Verify that user cannot see any published course run
+        response = self.assert_dashboard_response()
+        self.assertEqual(len(response.context['published_course_runs']), 0)
+
+        # assign user course role
+        factories.CourseUserRoleFactory(
+            course=self.course_run_3.course, user=internal_user, role=PublisherUserRole.PartnerCoordinator
+        )
+
+        # Verify that user can see 1 published course run
+        response = self.assert_dashboard_response()
+        self.assertEqual(len(response.context['published_course_runs']), 1)
+
+    def test_published_course_runs_as_admin(self):
+        """
+        Verify that publisher admin can see all published course runs.
+        """
+        publisher_admin = UserFactory()
+        publisher_admin.groups.add(Group.objects.get(name=ADMIN_GROUP_NAME))
+        self.client.login(username=publisher_admin.username, password=USER_PASSWORD)
+        factories.CourseRunFactory(state=factories.StateFactory(name=State.PUBLISHED))
+
+        response = self.assert_dashboard_response()
+        self.assertEqual(len(response.context['published_course_runs']), 2)
+
    def test_with_preview_ready_course_runs(self):
        """ Verify that preview ready tabs loads the course runs list. """
        self.course_run_2.change_state(target=State.NEEDS_FINAL_APPROVAL)

--- a/course_discovery/apps/publisher/views.py
+++ b/course_discovery/apps/publisher/views.py
@@ -27,7 +27,7 @@ from course_discovery.apps.publisher.models import (
    Course, CourseRun, Seat, State, UserAttributes
 )
 from course_discovery.apps.publisher.serializers import UpdateCourseKeySerializer
-from course_discovery.apps.publisher.utils import is_internal_user, get_internal_users
+from course_discovery.apps.publisher.utils import is_internal_user, get_internal_users, is_publisher_admin
 from course_discovery.apps.publisher.wrappers import CourseRunWrapper

 logger = logging.getLogger(__name__)
@@ -49,10 +49,14 @@ class Dashboard(mixins.LoginRequiredMixin, ListView):
    default_published_days = 30

    def get_queryset(self):
-        if self.request.user.is_staff:
+        user = self.request.user
+        if is_publisher_admin(user):
            course_runs = CourseRun.objects.select_related('course').all()
+        elif is_internal_user(user):
+            internal_user_courses = Course.objects.filter(course_user_roles__user=user)
+            course_runs = CourseRun.objects.filter(course__in=internal_user_courses).select_related('course').all()
        else:
-            courses = get_objects_for_user(self.request.user, Course.VIEW_PERMISSION, Course)
+            courses = get_objects_for_user(user, Course.VIEW_PERMISSION, Course)
            course_runs = CourseRun.objects.filter(course__in=courses).select_related('course').all()

        return course_runs