Refactor auth.has_access to auth.user_has_role

Change name of method to clear up confusion with the access.has_access method.

Refactor auth.has_access to auth.user_has_role
Change name of method to clear up confusion with the access.has_access method.
0c837adf · tlindaliu · e0840d2d · 0c837adf · 0c837adf · 0c837adf
Commit 0c837adf authored Jun 23, 2015 by tlindaliu
9 changed files
--- a/cms/djangoapps/contentstore/views/access.py
+++ b/cms/djangoapps/contentstore/views/access.py
@@ -16,7 +16,7 @@ def get_user_role(user, course_id):
    :param course_id: the course_id of the course we're interested in
    """
    # afaik, this is only used in lti
-    if auth.has_access(user, CourseInstructorRole(course_id)):
+    if auth.user_has_role(user, CourseInstructorRole(course_id)):
        return 'instructor'
    else:
        return 'staff'
--- a/cms/djangoapps/contentstore/views/course.py
+++ b/cms/djangoapps/contentstore/views/course.py
@@ -662,7 +662,7 @@ def _create_or_rerun_course(request):
    Returns the destination course_key and overriding fields for the new course.
    Raises DuplicateCourseError and InvalidKeyError
    """
-    if not auth.has_access(request.user, CourseCreatorRole()):
+    if not auth.user_has_role(request.user, CourseCreatorRole()):
        raise PermissionDenied()
    try:

--- a/cms/djangoapps/contentstore/views/tests/test_user.py
+++ b/cms/djangoapps/contentstore/views/tests/test_user.py
@@ -76,8 +76,8 @@ class UsersTestCase(CourseTestCase):
        # reload user from DB
        ext_user = User.objects.get(email=self.ext_user.email)
        # no content: should not be in any roles
-        self.assertFalse(auth.has_access(ext_user, CourseStaffRole(self.course.id)))
+        self.assertFalse(auth.user_has_role(ext_user, CourseStaffRole(self.course.id)))
-        self.assertFalse(auth.has_access(ext_user, CourseInstructorRole(self.course.id)))
+        self.assertFalse(auth.user_has_role(ext_user, CourseInstructorRole(self.course.id)))
        self.assert_not_enrolled()
    def test_detail_post_staff(self):
@@ -90,8 +90,8 @@ class UsersTestCase(CourseTestCase):
        self.assertEqual(resp.status_code, 204)
        # reload user from DB
        ext_user = User.objects.get(email=self.ext_user.email)
-        self.assertTrue(auth.has_access(ext_user, CourseStaffRole(self.course.id)))
+        self.assertTrue(auth.user_has_role(ext_user, CourseStaffRole(self.course.id)))
-        self.assertFalse(auth.has_access(ext_user, CourseInstructorRole(self.course.id)))
+        self.assertFalse(auth.user_has_role(ext_user, CourseInstructorRole(self.course.id)))
        self.assert_enrolled()
    def test_detail_post_staff_other_inst(self):
@@ -106,12 +106,12 @@ class UsersTestCase(CourseTestCase):
        self.assertEqual(resp.status_code, 204)
        # reload user from DB
        ext_user = User.objects.get(email=self.ext_user.email)
-        self.assertTrue(auth.has_access(ext_user, CourseStaffRole(self.course.id)))
+        self.assertTrue(auth.user_has_role(ext_user, CourseStaffRole(self.course.id)))
-        self.assertFalse(auth.has_access(ext_user, CourseInstructorRole(self.course.id)))
+        self.assertFalse(auth.user_has_role(ext_user, CourseInstructorRole(self.course.id)))
        self.assert_enrolled()
        # check that other user is unchanged
        user = User.objects.get(email=self.user.email)
-        self.assertTrue(auth.has_access(user, CourseInstructorRole(self.course.id)))
+        self.assertTrue(auth.user_has_role(user, CourseInstructorRole(self.course.id)))
        self.assertFalse(CourseStaffRole(self.course.id).has_user(user))
    def test_detail_post_instructor(self):
@@ -124,7 +124,7 @@ class UsersTestCase(CourseTestCase):
        self.assertEqual(resp.status_code, 204)
        # reload user from DB
        ext_user = User.objects.get(email=self.ext_user.email)
-        self.assertTrue(auth.has_access(ext_user, CourseInstructorRole(self.course.id)))
+        self.assertTrue(auth.user_has_role(ext_user, CourseInstructorRole(self.course.id)))
        self.assertFalse(CourseStaffRole(self.course.id).has_user(ext_user))
        self.assert_enrolled()
@@ -149,8 +149,8 @@ class UsersTestCase(CourseTestCase):
        self.assertEqual(resp.status_code, 204)
        # reload user from DB
        ext_user = User.objects.get(email=self.ext_user.email)
-        self.assertTrue(auth.has_access(ext_user, CourseStaffRole(self.course.id)))
+        self.assertTrue(auth.user_has_role(ext_user, CourseStaffRole(self.course.id)))
-        self.assertFalse(auth.has_access(ext_user, CourseInstructorRole(self.course.id)))
+        self.assertFalse(auth.user_has_role(ext_user, CourseInstructorRole(self.course.id)))
        self.assert_enrolled()
    def test_detail_delete_staff(self):
@@ -163,7 +163,7 @@ class UsersTestCase(CourseTestCase):
        self.assertEqual(resp.status_code, 204)
        # reload user from DB
        ext_user = User.objects.get(email=self.ext_user.email)
-        self.assertFalse(auth.has_access(ext_user, CourseStaffRole(self.course.id)))
+        self.assertFalse(auth.user_has_role(ext_user, CourseStaffRole(self.course.id)))
    def test_detail_delete_instructor(self):
        auth.add_users(self.user, CourseInstructorRole(self.course.id), self.ext_user, self.user)
@@ -175,7 +175,7 @@ class UsersTestCase(CourseTestCase):
        self.assertEqual(resp.status_code, 204)
        # reload user from DB
        ext_user = User.objects.get(email=self.ext_user.email)
-        self.assertFalse(auth.has_access(ext_user, CourseInstructorRole(self.course.id)))
+        self.assertFalse(auth.user_has_role(ext_user, CourseInstructorRole(self.course.id)))
    def test_delete_last_instructor(self):
        auth.add_users(self.user, CourseInstructorRole(self.course.id), self.ext_user)
@@ -189,7 +189,7 @@ class UsersTestCase(CourseTestCase):
        self.assertIn("error", result)
        # reload user from DB
        ext_user = User.objects.get(email=self.ext_user.email)
-        self.assertTrue(auth.has_access(ext_user, CourseInstructorRole(self.course.id)))
+        self.assertTrue(auth.user_has_role(ext_user, CourseInstructorRole(self.course.id)))
    def test_post_last_instructor(self):
        auth.add_users(self.user, CourseInstructorRole(self.course.id), self.ext_user)
@@ -204,7 +204,7 @@ class UsersTestCase(CourseTestCase):
        self.assertIn("error", result)
        # reload user from DB
        ext_user = User.objects.get(email=self.ext_user.email)
-        self.assertTrue(auth.has_access(ext_user, CourseInstructorRole(self.course.id)))
+        self.assertTrue(auth.user_has_role(ext_user, CourseInstructorRole(self.course.id)))
    def test_permission_denied_self(self):
        auth.add_users(self.user, CourseStaffRole(self.course.id), self.user)
@@ -247,7 +247,7 @@ class UsersTestCase(CourseTestCase):
        self.assertEqual(resp.status_code, 204)
        # reload user from DB
        user = User.objects.get(email=self.user.email)
-        self.assertFalse(auth.has_access(user, CourseStaffRole(self.course.id)))
+        self.assertFalse(auth.user_has_role(user, CourseStaffRole(self.course.id)))
    def test_staff_cannot_delete_other(self):
        auth.add_users(self.user, CourseStaffRole(self.course.id), self.user, self.ext_user)
@@ -260,7 +260,7 @@ class UsersTestCase(CourseTestCase):
        self.assertIn("error", result)
        # reload user from DB
        ext_user = User.objects.get(email=self.ext_user.email)
-        self.assertTrue(auth.has_access(ext_user, CourseStaffRole(self.course.id)))
+        self.assertTrue(auth.user_has_role(ext_user, CourseStaffRole(self.course.id)))
    def test_user_not_initially_enrolled(self):
        # Verify that ext_user is not enrolled in the new course before being added as a staff member.

--- a/cms/djangoapps/course_creators/tests/test_admin.py
+++ b/cms/djangoapps/course_creators/tests/test_admin.py
@@ -56,7 +56,7 @@ class CourseCreatorAdminTest(TestCase):
        def change_state_and_verify_email(state, is_creator):
            """ Changes user state, verifies creator status, and verifies e-mail is sent based on transition """
            self._change_state(state)
-            self.assertEqual(is_creator, auth.has_access(self.user, CourseCreatorRole()))
+            self.assertEqual(is_creator, auth.user_has_role(self.user, CourseCreatorRole()))
            context = {'studio_request_email': self.studio_request_email}
            if state == CourseCreator.GRANTED:
@@ -74,7 +74,7 @@ class CourseCreatorAdminTest(TestCase):
        with mock.patch.dict('django.conf.settings.FEATURES', self.enable_creator_group_patch):
            # User is initially unrequested.
-            self.assertFalse(auth.has_access(self.user, CourseCreatorRole()))
+            self.assertFalse(auth.user_has_role(self.user, CourseCreatorRole()))
            change_state_and_verify_email(CourseCreator.GRANTED, True)

--- a/cms/djangoapps/course_creators/tests/test_views.py
+++ b/cms/djangoapps/course_creators/tests/test_views.py
@@ -50,7 +50,7 @@ class CourseCreatorView(TestCase):
    def test_add_granted(self):
        with mock.patch.dict('django.conf.settings.FEATURES', {"ENABLE_CREATOR_GROUP": True}):
            # Calling add_user_with_status_granted impacts is_user_in_course_group_role.
-            self.assertFalse(auth.has_access(self.user, CourseCreatorRole()))
+            self.assertFalse(auth.user_has_role(self.user, CourseCreatorRole()))
            add_user_with_status_granted(self.admin, self.user)
            self.assertEqual('granted', get_course_creator_status(self.user))
@@ -59,15 +59,15 @@ class CourseCreatorView(TestCase):
            add_user_with_status_unrequested(self.user)
            self.assertEqual('granted', get_course_creator_status(self.user))
-            self.assertTrue(auth.has_access(self.user, CourseCreatorRole()))
+            self.assertTrue(auth.user_has_role(self.user, CourseCreatorRole()))
    def test_update_creator_group(self):
        with mock.patch.dict('django.conf.settings.FEATURES', {"ENABLE_CREATOR_GROUP": True}):
-            self.assertFalse(auth.has_access(self.user, CourseCreatorRole()))
+            self.assertFalse(auth.user_has_role(self.user, CourseCreatorRole()))
            update_course_creator_group(self.admin, self.user, True)
-            self.assertTrue(auth.has_access(self.user, CourseCreatorRole()))
+            self.assertTrue(auth.user_has_role(self.user, CourseCreatorRole()))
            update_course_creator_group(self.admin, self.user, False)
-            self.assertFalse(auth.has_access(self.user, CourseCreatorRole()))
+            self.assertFalse(auth.user_has_role(self.user, CourseCreatorRole()))
    def test_user_requested_access(self):
        add_user_with_status_unrequested(self.user)

--- a/common/djangoapps/student/auth.py
+++ b/common/djangoapps/student/auth.py
@@ -20,7 +20,7 @@ STUDIO_VIEW_CONTENT = 1
 # In addition to the above, one is always allowed to "demote" oneself to a lower role within a course, or remove oneself
-def has_access(user, role):
+def user_has_role(user, role):
    """
    Check whether this user has access to this role (either direct or implied)
    :param user:
@@ -64,14 +64,14 @@ def get_user_permissions(user, course_key, org=None):
    # global staff, org instructors, and course instructors have all permissions:
    if GlobalStaff().has_user(user) or OrgInstructorRole(org=org).has_user(user):
        return all_perms
-    if course_key and has_access(user, CourseInstructorRole(course_key)):
+    if course_key and user_has_role(user, CourseInstructorRole(course_key)):
        return all_perms
    # Staff have all permissions except EDIT_ROLES:
-    if OrgStaffRole(org=org).has_user(user) or (course_key and has_access(user, CourseStaffRole(course_key))):
+    if OrgStaffRole(org=org).has_user(user) or (course_key and user_has_role(user, CourseStaffRole(course_key))):
        return STUDIO_VIEW_USERS | STUDIO_EDIT_CONTENT | STUDIO_VIEW_CONTENT
    # Otherwise, for libraries, users can view only:
    if course_key and isinstance(course_key, LibraryLocator):
-        if OrgLibraryUserRole(org=org).has_user(user) or has_access(user, LibraryUserRole(course_key)):
+        if OrgLibraryUserRole(org=org).has_user(user) or user_has_role(user, LibraryUserRole(course_key)):
            return STUDIO_VIEW_USERS | STUDIO_VIEW_CONTENT
    return 0
@@ -151,5 +151,5 @@ def _check_caller_authority(caller, role):
    if isinstance(role, (GlobalStaff, CourseCreatorRole)):
        raise PermissionDenied
    elif isinstance(role, CourseRole):  # instructors can change the roles w/in their course
-        if not has_access(caller, CourseInstructorRole(role.course_key)):
+        if not user_has_role(caller, CourseInstructorRole(role.course_key)):
            raise PermissionDenied
--- a/common/djangoapps/student/tests/test_authz.py
+++ b/common/djangoapps/student/tests/test_authz.py
@@ -9,7 +9,7 @@ from django.core.exceptions import PermissionDenied
 from student.roles import CourseInstructorRole, CourseStaffRole, CourseCreatorRole
 from student.tests.factories import AdminFactory
-from student.auth import has_role, add_users, remove_users
+from student.auth import user_has_role, add_users, remove_users
 from opaque_keys.edx.locations import SlashSeparatedCourseKey
@@ -30,30 +30,30 @@ class CreatorGroupTest(TestCase):
        Tests that CourseCreatorRole().has_user always returns True if ENABLE_CREATOR_GROUP
        and DISABLE_COURSE_CREATION are both not turned on.
        """
-        self.assertTrue(has_role(self.user, CourseCreatorRole()))
+        self.assertTrue(user_has_role(self.user, CourseCreatorRole()))
    def test_creator_group_enabled_but_empty(self):
        """ Tests creator group feature on, but group empty. """
        with mock.patch.dict('django.conf.settings.FEATURES', {"ENABLE_CREATOR_GROUP": True}):
-            self.assertFalse(has_role(self.user, CourseCreatorRole()))
+            self.assertFalse(user_has_role(self.user, CourseCreatorRole()))
            # Make user staff. This will cause CourseCreatorRole().has_user to return True.
            self.user.is_staff = True
-            self.assertTrue(has_role(self.user, CourseCreatorRole()))
+            self.assertTrue(user_has_role(self.user, CourseCreatorRole()))
    def test_creator_group_enabled_nonempty(self):
        """ Tests creator group feature on, user added. """
        with mock.patch.dict('django.conf.settings.FEATURES', {"ENABLE_CREATOR_GROUP": True}):
            add_users(self.admin, CourseCreatorRole(), self.user)
-            self.assertTrue(has_role(self.user, CourseCreatorRole()))
+            self.assertTrue(user_has_role(self.user, CourseCreatorRole()))
            # check that a user who has not been added to the group still returns false
            user_not_added = User.objects.create_user('testuser2', 'test+courses2@edx.org', 'foo2')
-            self.assertFalse(has_role(user_not_added, CourseCreatorRole()))
+            self.assertFalse(user_has_role(user_not_added, CourseCreatorRole()))
            # remove first user from the group and verify that CourseCreatorRole().has_user now returns false
            remove_users(self.admin, CourseCreatorRole(), self.user)
-            self.assertFalse(has_role(self.user, CourseCreatorRole()))
+            self.assertFalse(user_has_role(self.user, CourseCreatorRole()))
    def test_course_creation_disabled(self):
        """ Tests that the COURSE_CREATION_DISABLED flag overrides course creator group settings. """
@@ -63,15 +63,15 @@ class CreatorGroupTest(TestCase):
            add_users(self.admin, CourseCreatorRole(), self.user)
            # DISABLE_COURSE_CREATION overrides (user is not marked as staff).
-            self.assertFalse(has_role(self.user, CourseCreatorRole()))
+            self.assertFalse(user_has_role(self.user, CourseCreatorRole()))
            # Mark as staff. Now CourseCreatorRole().has_user returns true.
            self.user.is_staff = True
-            self.assertTrue(has_role(self.user, CourseCreatorRole()))
+            self.assertTrue(user_has_role(self.user, CourseCreatorRole()))
            # Remove user from creator group. CourseCreatorRole().has_user still returns true because is_staff=True
            remove_users(self.admin, CourseCreatorRole(), self.user)
-            self.assertTrue(has_role(self.user, CourseCreatorRole()))
+            self.assertTrue(user_has_role(self.user, CourseCreatorRole()))
    def test_add_user_not_authenticated(self):
        """
@@ -84,7 +84,7 @@ class CreatorGroupTest(TestCase):
            anonymous_user = AnonymousUser()
            role = CourseCreatorRole()
            add_users(self.admin, role, anonymous_user)
-            self.assertFalse(has_role(anonymous_user, role))
+            self.assertFalse(user_has_role(anonymous_user, role))
    def test_add_user_not_active(self):
        """
@@ -96,7 +96,7 @@ class CreatorGroupTest(TestCase):
        ):
            self.user.is_active = False
            add_users(self.admin, CourseCreatorRole(), self.user)
-            self.assertFalse(has_role(self.user, CourseCreatorRole()))
+            self.assertFalse(user_has_role(self.user, CourseCreatorRole()))
    def test_add_user_to_group_requires_staff_access(self):
        with self.assertRaises(PermissionDenied):
@@ -150,15 +150,15 @@ class CourseGroupTest(TestCase):
        Tests adding user to course group (happy path).
        """
        # Create groups for a new course (and assign instructor role to the creator).
-        self.assertFalse(has_role(self.creator, CourseInstructorRole(self.course_key)))
+        self.assertFalse(user_has_role(self.creator, CourseInstructorRole(self.course_key)))
        add_users(self.global_admin, CourseInstructorRole(self.course_key), self.creator)
        add_users(self.global_admin, CourseStaffRole(self.course_key), self.creator)
-        self.assertTrue(has_role(self.creator, CourseInstructorRole(self.course_key)))
+        self.assertTrue(user_has_role(self.creator, CourseInstructorRole(self.course_key)))
        # Add another user to the staff role.
-        self.assertFalse(has_role(self.staff, CourseStaffRole(self.course_key)))
+        self.assertFalse(user_has_role(self.staff, CourseStaffRole(self.course_key)))
        add_users(self.creator, CourseStaffRole(self.course_key), self.staff)
-        self.assertTrue(has_role(self.staff, CourseStaffRole(self.course_key)))
+        self.assertTrue(user_has_role(self.staff, CourseStaffRole(self.course_key)))
    def test_add_user_to_course_group_permission_denied(self):
        """
@@ -177,13 +177,13 @@ class CourseGroupTest(TestCase):
        add_users(self.global_admin, CourseStaffRole(self.course_key), self.creator)
        add_users(self.creator, CourseStaffRole(self.course_key), self.staff)
-        self.assertTrue(has_role(self.staff, CourseStaffRole(self.course_key)))
+        self.assertTrue(user_has_role(self.staff, CourseStaffRole(self.course_key)))
        remove_users(self.creator, CourseStaffRole(self.course_key), self.staff)
-        self.assertFalse(has_role(self.staff, CourseStaffRole(self.course_key)))
+        self.assertFalse(user_has_role(self.staff, CourseStaffRole(self.course_key)))
        remove_users(self.creator, CourseInstructorRole(self.course_key), self.creator)
-        self.assertFalse(has_role(self.creator, CourseInstructorRole(self.course_key)))
+        self.assertFalse(user_has_role(self.creator, CourseInstructorRole(self.course_key)))
    def test_remove_user_from_course_group_permission_denied(self):
        """

--- a/lms/djangoapps/courseware/access.py
+++ b/lms/djangoapps/courseware/access.py
@@ -848,9 +848,8 @@ def is_mobile_available_for_user(user, descriptor):
    Arguments:
        descriptor (CourseDescriptor|CourseOverview): course or overview of course in question
    """
    return (
-        auth.has_access(user, CourseBetaTesterRole(descriptor.id))
+        auth.user_has_role(user, CourseBetaTesterRole(descriptor.id))
        or _has_staff_access_to_descriptor(user, descriptor, descriptor.id)
        or _is_descriptor_mobile_available(descriptor)
    )

--- a/lms/djangoapps/instructor/views/api.py
+++ b/lms/djangoapps/instructor/views/api.py
@@ -274,7 +274,7 @@ def require_sales_admin(func):
            log.error(u"Unable to find course with course key %s", course_id)
            return HttpResponseNotFound()
-        access = auth.has_access(request.user, CourseSalesAdminRole(course_key))
+        access = auth.user_has_role(request.user, CourseSalesAdminRole(course_key))
        if access:
            return func(request, course_id)
@@ -299,7 +299,7 @@ def require_finance_admin(func):
            log.error(u"Unable to find course with course key %s", course_id)
            return HttpResponseNotFound()
-        access = auth.has_access(request.user, CourseFinanceAdminRole(course_key))
+        access = auth.user_has_role(request.user, CourseFinanceAdminRole(course_key))
        if access:
            return func(request, course_id)