Merge pull request #288 from edx/waheed/ecom-5389-add-group-to-top-level-objects

Add User groups to top level objects

course_discovery/apps/publisher/migrations/0006_auto_20160902_0726.py

+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('publisher', '0005_auto_20160901_0003'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='course',
+            options={'permissions': (('view_course', 'Can view course'),), 'ordering': ('-modified', '-created'), 'get_latest_by': 'modified'},
+        ),
+    ]

course_discovery/apps/publisher/models.py

@@ -7,6 +7,7 @@ from django.dispatch import receiver
 from django.utils.translation import ugettext_lazy as _
 from django_extensions.db.models import TimeStampedModel
 from django_fsm import FSMField, transition
+from guardian.shortcuts import assign_perm
 from simple_history.models import HistoricalRecords
 from sortedm2m.fields import SortedManyToManyField
 
@@ -73,6 +74,7 @@ class State(TimeStampedModel, ChangedByMixin):
 
 class Course(TimeStampedModel, ChangedByMixin):
     """ Publisher Course model. It contains fields related to the course intake form."""
+    VIEW_PERMISSION = 'view_course'
 
     title = models.CharField(max_length=255, default=None, null=True, blank=True, verbose_name=_('Course title'))
     number = models.CharField(max_length=50, null=True, blank=True, verbose_name=_('Course number'))
@@ -110,6 +112,15 @@ class Course(TimeStampedModel, ChangedByMixin):
     def post_back_url(self):
         return reverse('publisher:publisher_courses_edit', kwargs={'pk': self.id})
 
+    class Meta(TimeStampedModel.Meta):
+        permissions = (
+            ('view_course', 'Can view course'),
+        )
+
+    def assign_user_groups(self, user):
+        for group in user.groups.all():
+            assign_perm(self.VIEW_PERMISSION, group, self)
+
 
 class CourseRun(TimeStampedModel, ChangedByMixin):
     """ Publisher CourseRun model. It contains fields related to the course run intake form."""

course_discovery/apps/publisher/tests/factories.py

 from datetime import datetime
 
 import factory
+from django.contrib.auth.models import Group
 from factory.fuzzy import FuzzyText, FuzzyChoice, FuzzyDecimal, FuzzyDateTime, FuzzyInteger
 from pytz import UTC
 
@@ -66,3 +67,9 @@ class SeatFactory(factory.DjangoModelFactory):
 
     class Meta:
         model = Seat
+
+
+class GroupFactory(factory.DjangoModelFactory):
+
+    class Meta:
+        model = Group

course_discovery/apps/publisher/tests/test_model.py

@@ -4,7 +4,8 @@ from django.core.urlresolvers import reverse
 from django.test import TestCase
 from django_fsm import TransitionNotAllowed
 
-from course_discovery.apps.publisher.models import State
+from course_discovery.apps.core.tests.factories import UserFactory
+from course_discovery.apps.publisher.models import State, Course
 from course_discovery.apps.publisher.tests import factories
 
 
@@ -59,6 +60,7 @@ class CourseTests(TestCase):
     def setUp(self):
         super(CourseTests, self).setUp()
         self.course = factories.CourseFactory()
+        self.course2 = factories.CourseFactory()
 
     def test_str(self):
         """ Verify casting an instance to a string returns a string containing the course title. """
@@ -70,6 +72,26 @@ class CourseTests(TestCase):
             reverse('publisher:publisher_courses_edit', kwargs={'pk': self.course.id})
         )
 
+    def test_assign_user_groups(self):
+        user1 = UserFactory()
+        user2 = UserFactory()
+        group_a = factories.GroupFactory(name="Test Group A")
+        group_b = factories.GroupFactory(name="Test Group B")
+        user1.groups.add(group_a)
+        user2.groups.add(group_b)
+
+        self.assertFalse(user1.has_perm(Course.VIEW_PERMISSION, self.course))
+        self.assertFalse(user2.has_perm(Course.VIEW_PERMISSION, self.course2))
+
+        self.course.assign_user_groups(user1)
+        self.course2.assign_user_groups(user2)
+
+        self.assertTrue(user1.has_perm(Course.VIEW_PERMISSION, self.course))
+        self.assertTrue(user2.has_perm(Course.VIEW_PERMISSION, self.course2))
+
+        self.assertFalse(user1.has_perm(Course.VIEW_PERMISSION, self.course2))
+        self.assertFalse(user2.has_perm(Course.VIEW_PERMISSION, self.course))
+
 
 class SeatTests(TestCase):
     """ Tests for the publisher `Seat` model. """

course_discovery/apps/publisher/tests/test_views.py

@@ -18,7 +18,9 @@ class CreateUpdateCourseViewTests(TestCase):
     def setUp(self):
         super(CreateUpdateCourseViewTests, self).setUp()
         self.course = factories.CourseFactory()
+        self.group = factories.GroupFactory()
         self.user = UserFactory(is_staff=True, is_superuser=True)
+        self.user.groups.add(self.group)
         self.site = Site.objects.get(pk=settings.SITE_ID)
         self.client.login(username=self.user.username, password=USER_PASSWORD)
 
@@ -39,6 +41,7 @@ class CreateUpdateCourseViewTests(TestCase):
         )
 
         self.assertEqual(course.number, course_number)
+        self.assertTrue(self.user.has_perm(Course.VIEW_PERMISSION, course))
         response = self.client.get(reverse('publisher:publisher_courses_new'))
         self.assertNotContains(response, 'Add new comment')
         self.assertNotContains(response, 'Total Comments')

course_discovery/apps/publisher/views.py

@@ -50,6 +50,7 @@ class CreateCourseView(CreateView):
 
     def form_valid(self, form):
         self.object = form.save()
+        self.object.assign_user_groups(self.request.user)
         return HttpResponseRedirect(self.get_success_url())
 
     def get_success_url(self):