Skip to content

E
edx-platform
Switch branch/tag
Find file
Normal viewHistoryPermalink
permissions.py 2.59 KB
Newer Older
Add editable_fields to discussion API responses
16d7a81b
 
Greg Price committed
1 2 3 
"""
Discussion API permission logic
"""
Allow group_id to be set in discussion API
b8576e74
 
Greg Price committed
4 5 
from lms.lib.comment_client.comment import Comment
from lms.lib.comment_client.thread import Thread
Add editable_fields to discussion API responses
16d7a81b
 
Greg Price committed
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 


def _is_author(cc_content, context):
    """
    Return True if the requester authored the given content, False otherwise
    """
    return context["cc_requester"]["id"] == cc_content["user_id"]


def _is_author_or_privileged(cc_content, context):
    """
    Return True if the requester authored the given content or is a privileged
    user, False otherwise
    """
    return context["is_requester_privileged"] or _is_author(cc_content, context)
Allow group_id to be set in discussion API
b8576e74
 
Greg Price committed
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 
NON_UPDATABLE_THREAD_FIELDS = {"course_id"}
NON_UPDATABLE_COMMENT_FIELDS = {"thread_id", "parent_id"}


def get_initializable_thread_fields(context):
    """
    Return the set of fields that the requester can initialize for a thread

    Any field that is editable by the author should also be initializable.
    """
    ret = get_editable_fields(
        Thread(user_id=context["cc_requester"]["id"], type="thread"),
        context
    )
    ret |= NON_UPDATABLE_THREAD_FIELDS
    return ret


def get_initializable_comment_fields(context):  # pylint: disable=invalid-name
    """
    Return the set of fields that the requester can initialize for a comment

    Any field that is editable by the author should also be initializable.
    """
    ret = get_editable_fields(
        Comment(user_id=context["cc_requester"]["id"], type="comment"),
        context
    )
    ret |= NON_UPDATABLE_COMMENT_FIELDS
    return ret
Add editable_fields to discussion API responses
16d7a81b
 
Greg Price committed
55 56 57 58 59 
def get_editable_fields(cc_content, context):
    """
    Return the set of fields that the requester can edit on the given content
    """
    # Shared fields
Add abuse flagging to discussion API
52a3306e
 
Greg Price committed
60 
    ret = {"abuse_flagged", "voted"}
Add editable_fields to discussion API responses
16d7a81b
 
Greg Price committed
61 62 63 64 65 66 67 68 
    if _is_author_or_privileged(cc_content, context):
        ret |= {"raw_body"}

    # Thread fields
    if cc_content["type"] == "thread":
        ret |= {"following"}
        if _is_author_or_privileged(cc_content, context):
            ret |= {"topic_id", "type", "title"}
Allow group_id to be set in discussion API
b8576e74
 
Greg Price committed
69 70 
        if context["is_requester_privileged"] and context["course"].is_cohorted:
            ret |= {"group_id"}
Add editable_fields to discussion API responses
16d7a81b
 
Greg Price committed
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 

    # Comment fields
    if (
            cc_content["type"] == "comment" and (
                context["is_requester_privileged"] or (
                    _is_author(context["thread"], context) and
                    context["thread"]["thread_type"] == "question"
                )
            )
    ):
        ret |= {"endorsed"}

    return ret


def can_delete(cc_content, context):
    """
    Return True if the requester can delete the given content, False otherwise
    """
    return _is_author_or_privileged(cc_content, context)