Make LMS access depend on which course run the access is occurring in, so that…

Make LMS access depend on which course run the access is occurring in, so that permissions can be based on the course run, rather than the whole course

Make LMS access depend on which course run the access is occurring in, so that…
Make LMS access depend on which course run the access is occurring in, so that permissions can be based on the course run, rather than the whole course
28023021 · Calen Pennington · dab77e7d · 28023021 · 28023021 · 28023021
Commit 28023021 authored Oct 24, 2012 by Calen Pennington
Expand all Show whitespace changes
Inline Side-by-side

Showing with 11 additions and 5 deletions

cms/djangoapps/contentstore/views.py
+8 -2

lms/djangoapps/courseware/access.py
+0 -0

lms/djangoapps/courseware/module_render.py
+3 -3

No files found.
--- a/cms/djangoapps/contentstore/views.py
+++ b/cms/djangoapps/contentstore/views.py
@@ -109,8 +109,14 @@ def index(request):
    """
    courses = modulestore().get_items(['i4x', None, None, 'course', None])
-    # filter out courses that we don't have access to
+    # filter out courses that we don't have access too
-    courses = filter(lambda course: has_access(request.user, course.location) and course.location.course != 'templates' and course.location.org!='' and course.location.course!='' and course.location.name!='', courses)
+    def course_filter(course):
+        return (has_access(request.user, course.location)
+                and course.location.course != 'templates'
+                and course.location.org != ''
+                and course.location.course != ''
+                and course.location.name != '')
+    courses = filter(course_filter, courses)
    return render_to_response('index.html', {
        'new_course_template' : Location('i4x', 'edx', 'templates', 'course', 'Empty'),

--- a/lms/djangoapps/courseware/access.py
+++ b/lms/djangoapps/courseware/access.py
--- a/lms/djangoapps/courseware/module_render.py
+++ b/lms/djangoapps/courseware/module_render.py
@@ -147,7 +147,7 @@ def _get_module(user, request, location, student_module_cache, course_id, positi
    descriptor = modulestore().get_instance(course_id, location)
    # Short circuit--if the user shouldn't have access, bail without doing any work
-    if not has_access(user, descriptor, 'load'):
+    if not has_access(user, descriptor, 'load', course_id):
        return None
    # Anonymized student identifier
@@ -244,7 +244,7 @@ def _get_module(user, request, location, student_module_cache, course_id, positi
        # make an ErrorDescriptor -- assuming that the descriptor's system is ok
        import_system = descriptor.system
-        if has_access(user, location, 'staff'):
+        if has_access(user, location, 'staff', course_id):
            err_descriptor = ErrorDescriptor.from_xml(str(descriptor), import_system,
                                                      error_msg=exc_info_to_str(sys.exc_info()))
        else:
@@ -263,7 +263,7 @@ def _get_module(user, request, location, student_module_cache, course_id, positi
    module.get_html = replace_course_urls(module.get_html, course_id)
    if settings.MITX_FEATURES.get('DISPLAY_HISTOGRAMS_TO_STAFF'):
-        if has_access(user, module, 'staff'):
+        if has_access(user, module, 'staff', course_id):
            module.get_html = add_histogram(module.get_html, module, user)
    return module