Added edit permision in OrganizationGroup.

ECOM-6073

Added edit permision in OrganizationGroup.
ECOM-6073
5ee4287d · Waheed Ahmed · a4428909 · 5ee4287d · 5ee4287d · 5ee4287d
Commit 5ee4287d authored Dec 13, 2016 by Waheed Ahmed
6 changed files
--- a/course_discovery/apps/publisher/migrations/0021_auto_20161214_1356.py
+++ b/course_discovery/apps/publisher/migrations/0021_auto_20161214_1356.py
+# -*- coding: utf-8 -*-
+# Generated by Django 1.9.11 on 2016-12-14 13:56
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('publisher', '0020_auto_20161214_1304'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='organizationextension',
+            options={'get_latest_by': 'modified', 'ordering': ('-modified', '-created'), 'permissions': (('edit_course_run', 'Can edit course run'),)},
+        ),
+    ]
--- a/course_discovery/apps/publisher/models.py
+++ b/course_discovery/apps/publisher/models.py
@@ -404,11 +404,18 @@ class CourseUserRole(TimeStampedModel, ChangedByMixin):

 class OrganizationExtension(TimeStampedModel):
    """ Organization-Extension relation model. """
+    EDIT_COURSE_RUN = 'edit_course_run'
+
    organization = models.OneToOneField(Organization, related_name='organization_extension')
    group = models.OneToOneField(Group, related_name='organization_extension')

    history = HistoricalRecords()

+    class Meta(TimeStampedModel.Meta):
+        permissions = (
+            ('edit_course_run', 'Can edit course run'),
+        )
+
    def __str__(self):
        return '{organization}: {group}'.format(
            organization=self.organization, group=self.group

--- a/course_discovery/apps/publisher/tests/test_views.py
+++ b/course_discovery/apps/publisher/tests/test_views.py
@@ -26,7 +26,7 @@ from course_discovery.apps.publisher.choices import PublisherUserRole
 from course_discovery.apps.publisher.constants import (
    INTERNAL_USER_GROUP_NAME, ADMIN_GROUP_NAME, PARTNER_COORDINATOR_GROUP_NAME, REVIEWER_GROUP_NAME
 )
-from course_discovery.apps.publisher.models import Course, CourseRun, Seat, State
+from course_discovery.apps.publisher.models import Course, CourseRun, Seat, State, OrganizationExtension
 from course_discovery.apps.publisher.tests import factories, JSON_CONTENT_TYPE
 from course_discovery.apps.publisher.tests.utils import create_non_staff_user_and_login
 from course_discovery.apps.publisher.utils import is_email_notification_enabled, get_internal_users
@@ -921,6 +921,7 @@ class CourseRunDetailTests(TestCase):

        organization = OrganizationFactory()
        self.course.organizations.add(organization)
+        factories.OrganizationExtensionFactory(organization=organization)

        # create three course user roles for internal users
        for user, role in zip([pc_user, marketing_user, publisher_user], PublisherUserRole.choices):
@@ -952,6 +953,45 @@ class CourseRunDetailTests(TestCase):
        self.assertNotIn('role_widgets', response.context)
        self.assertNotIn('user_list', response.context)

+    def test_details_page_with_edit_permission(self):
+        """ Test that user can see edit button on course run detail page. """
+        user = self._create_user_and_login()
+        organization = OrganizationFactory()
+        self.course.organizations.add(organization)
+        organization_extension = factories.OrganizationExtensionFactory(organization=organization)
+
+        self.assert_can_edit_permission()
+
+        assign_perm(OrganizationExtension.EDIT_COURSE_RUN, user, organization_extension)
+
+        self.assert_can_edit_permission(can_edit=True)
+
+    def test_edit_permission_with_no_organization(self):
+        """ Test that user can't see edit button on course run detail page
+        if there is no organization in course.
+        """
+        _ = self._create_user_and_login()
+
+        self.assert_can_edit_permission()
+
+    def assert_can_edit_permission(self, can_edit=False):
+        """ Dry method to assert can_edit permission. """
+        response = self.client.get(self.page_url)
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.context['can_edit'], can_edit)
+
+    def _create_user_and_login(self):
+        """ Create user and login, also assign view permission for course
+         and return the user.
+         """
+        user = UserFactory()
+        assign_perm(Course.VIEW_PERMISSION, user, self.course)
+
+        self.client.logout()
+        self.client.login(username=user.username, password=USER_PASSWORD)
+
+        return user
+

 class ChangeStateViewTests(TestCase):
    """ Tests for the `ChangeStateView`. """

--- a/course_discovery/apps/publisher/views.py
+++ b/course_discovery/apps/publisher/views.py
@@ -127,12 +127,17 @@ class CourseRunDetailView(mixins.LoginRequiredMixin, mixins.ViewPermissionMixin,
    def get_context_data(self, **kwargs):
        context = super(CourseRunDetailView, self).get_context_data(**kwargs)

+        user = self.request.user
        course_run = CourseRunWrapper(self.get_object())
        context['object'] = course_run
        context['comment_object'] = course_run.course
+        context['can_edit'] = any(
+            [user.has_perm(OrganizationExtension.EDIT_COURSE_RUN, org.organization_extension)
+             for org in course_run.course.organizations.all()]
+        )

        # Show role assignment widgets if user is an internal user.
-        if is_internal_user(self.request.user):
+        if is_internal_user(user):
            course_roles = course_run.course.course_user_roles.exclude(role=PublisherUserRole.CourseTeam)
            context['role_widgets'] = self.get_role_widgets_data(course_roles)
            context['user_list'] = get_internal_users()

--- a/course_discovery/static/sass/publisher/publisher.scss
+++ b/course_discovery/static/sass/publisher/publisher.scss
@@ -640,8 +640,9 @@ select {

 .approval-widget {

-    .btn-course-edit {
+    .btn-course-edit, .btn-courserun-edit {
        @include padding(2px, 20px, 3px, 20px);
+        @include float(right);
        font-weight: 400;
        font-size: 14px;
        background: white;

--- a/course_discovery/templates/publisher/course_run_detail/_approval_widget.html
+++ b/course_discovery/templates/publisher/course_run_detail/_approval_widget.html
 {% load i18n %}

 <div class="approval-widget">
-    <a href="{% url 'publisher:publisher_course_runs_edit' pk=object.id %}" class="btn btn-neutral btn-course-edit">{% trans "EDIT" %}</a>
+    {% if can_edit %}
+        <a href="{% url 'publisher:publisher_course_runs_edit' pk=object.id %}" class="btn btn-neutral btn-courserun-edit">
+            {% trans "EDIT" %}
+        </a>
+        <div class="clearfix"></div>
+    {% endif %}
    {% for role_widget in  role_widgets %}
        <div class="role-widget">
-            <hr>
            <span class="role-heading">
                <strong>{{ role_widget.heading }}</strong>
            </span>
@@ -32,9 +36,9 @@
                </div>
            </div>
        </div>
+        <hr>
    {% endfor %}

-    <hr>
    <div class="actions">
        <form action="{% url 'publisher:publisher_change_state' course_run_id=object.id %}" method="post"> {% csrf_token %}
            <button type="submit" value="{{ object.change_state_button.value }}" class="btn-brand btn-small btn-states" name="state">{{ object.change_state_button.text }}</button>