MIT: CCX. Use request thread local for access control decisions.

Use in tabs and other code to show or hide ccx coach tab depending on if the user has the coach role or not

MIT: CCX. Use request thread local for access control decisions.
Use in tabs and other code to show or hide ccx coach tab depending on if the user has the coach role or not
34254246 · Carlos de la Guardia · cewing · 7f691e4a · 34254246 · 34254246
Commit 34254246 authored Mar 03, 2015 by Carlos de la Guardia Committed by cewing Apr 10, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 6 deletions

common/lib/xmodule/xmodule/tabs.py
+15 -6

lms/djangoapps/ccx/overrides.py
+8 -0

No files found.
--- a/common/lib/xmodule/xmodule/tabs.py
+++ b/common/lib/xmodule/xmodule/tabs.py
@@ -752,12 +752,21 @@ class CcxCoachTab(CourseTab):
        )

    def can_display(self, course, settings, *args, **kw):
-        # TODO Check that user actually has 'ccx_coach' role on course
-        #      this is difficult to do because the user isn't passed in.
-        #      We need either a hack or an architectural realignment.
-        return (
-            settings.FEATURES.get('CUSTOM_COURSES_EDX', False) and
-            super(CcxCoachTab, self).can_display(course, settings, *args, **kw))
+        user_is_coach = False
+        if settings.FEATURES.get('CUSTOM_COURSES_EDX', False):
+            from opaque_keys.edx.locations import SlashSeparatedCourseKey
+            from student.roles import CourseCcxCoachRole
+            from ccx.overrides import get_current_request
+            course_id = course.id.to_deprecated_string()
+            course_key = SlashSeparatedCourseKey.from_deprecated_string(course_id)
+            role = CourseCcxCoachRole(course_key)
+            request = get_current_request()
+            if request is not None:
+                user_is_coach = role.has_user(request.user)
+        super_can_display = super(CcxCoachTab, self).can_display(
+            course, settings, *args, **kw
+        )
+        return (user_is_coach and super_can_display)


 class CourseTabList(List):

--- a/lms/djangoapps/ccx/overrides.py
+++ b/lms/djangoapps/ccx/overrides.py
@@ -32,6 +32,7 @@ class _CcxContext(threading.local):
    keeps track of the CCX currently set as the context.
    """
    ccx = None
+    request = None


 _CCX_CONTEXT = _CcxContext()
@@ -60,6 +61,10 @@ def get_current_ccx():
        return ccx


+def get_current_request():
+    request = _CCX_CONTEXT.request
+    return request
+
 def get_override_for_ccx(ccx, block, name, default=None):
    """
    Gets the value of the overridden field for the `ccx`.  `block` and `name`
@@ -151,9 +156,12 @@ class CcxMiddleware(object):
                _CCX_CONTEXT.ccx = None
                request.session.pop(ACTIVE_CCX_KEY)

+        _CCX_CONTEXT.request = request
+
    def process_response(self, request, response):
        """
        Clean up afterwards.
        """
        _CCX_CONTEXT.ccx = None
+        _CCX_CONTEXT.request = None
        return response