Skip to content

E
edx-platform
Commit 3b29ab37 by Brian Wilson
Options

check for staff access before creating forum admin

parent 57cb8c1e
Showing with 32 additions and 17 deletions
lms/djangoapps/instructor/tests.py
...@@ -167,7 +167,7 @@ class TestInstructorDashboardForumAdmin(ct.PageLoader): ...@@ -167,7 +167,7 @@ class TestInstructorDashboardForumAdmin(ct.PageLoader):
course = self.toy course = self.toy
self.initialize_roles(course.id) self.initialize_roles(course.id)
url = reverse('instructor_dashboard', kwargs={'course_id': course.id}) url = reverse('instructor_dashboard', kwargs={'course_id': course.id})
username = 'u1' username = 'u2'
for rolename in FORUM_ROLES: for rolename in FORUM_ROLES:
response = self.client.post(url, {'action': action_name('Add', rolename), FORUM_ADMIN_USER[rolename]: username}) response = self.client.post(url, {'action': action_name('Add', rolename), FORUM_ADMIN_USER[rolename]: username})
self.assertTrue(response.content.find('Added "%s" to "%s" forum role = "%s"' % (username, course.id, rolename))>=0) self.assertTrue(response.content.find('Added "%s" to "%s" forum role = "%s"' % (username, course.id, rolename))>=0)
...@@ -181,7 +181,7 @@ class TestInstructorDashboardForumAdmin(ct.PageLoader): ...@@ -181,7 +181,7 @@ class TestInstructorDashboardForumAdmin(ct.PageLoader):
course = self.toy course = self.toy
self.initialize_roles(course.id) self.initialize_roles(course.id)
url = reverse('instructor_dashboard', kwargs={'course_id': course.id}) url = reverse('instructor_dashboard', kwargs={'course_id': course.id})
username = 'u1' username = 'u2'
for rolename in FORUM_ROLES: for rolename in FORUM_ROLES:
# perform an add, and follow with a second identical add: # perform an add, and follow with a second identical add:
self.client.post(url, {'action': action_name('Add', rolename), FORUM_ADMIN_USER[rolename]: username}) self.client.post(url, {'action': action_name('Add', rolename), FORUM_ADMIN_USER[rolename]: username})
...@@ -189,15 +189,27 @@ class TestInstructorDashboardForumAdmin(ct.PageLoader): ...@@ -189,15 +189,27 @@ class TestInstructorDashboardForumAdmin(ct.PageLoader):
self.assertTrue(response.content.find('Error: user "%s" already has rolename "%s", cannot add' % (username, rolename))>=0) self.assertTrue(response.content.find('Error: user "%s" already has rolename "%s", cannot add' % (username, rolename))>=0)
self.assertTrue(has_forum_access(username, course.id, rolename)) self.assertTrue(has_forum_access(username, course.id, rolename))
def test_add_nonstaff_forum_admin_users(self):
print "test_add_and_readd_forum_admin_users"
course = self.toy
self.initialize_roles(course.id)
url = reverse('instructor_dashboard', kwargs={'course_id': course.id})
username = 'u1'
rolename = FORUM_ROLE_ADMINISTRATOR
response = self.client.post(url, {'action': action_name('Add', rolename), FORUM_ADMIN_USER[rolename]: username})
self.assertTrue(response.content.find('Error: user "%s" should first be added as staff' % username)>=0)
def test_list_forum_admin_users(self): def test_list_forum_admin_users(self):
print "test_list_forum_admin_users" print "test_list_forum_admin_users"
course = self.toy course = self.toy
self.initialize_roles(course.id) self.initialize_roles(course.id)
url = reverse('instructor_dashboard', kwargs={'course_id': course.id}) url = reverse('instructor_dashboard', kwargs={'course_id': course.id})
username = 'u1' username = 'u2'
added_roles = [] added_roles = ['Student'] # u2 is already added as a student to the discussion forums
self.assertTrue(has_forum_access(username, course.id, 'Student'))
for rolename in FORUM_ROLES: for rolename in FORUM_ROLES:
response = self.client.post(url, {'action': action_name('Add', rolename), FORUM_ADMIN_USER[rolename]: username}) response = self.client.post(url, {'action': action_name('Add', rolename), FORUM_ADMIN_USER[rolename]: username})
self.assertTrue(has_forum_access(username, course.id, rolename))
response = self.client.post(url, {'action': action_name('List', rolename), FORUM_ADMIN_USER[rolename]: username}) response = self.client.post(url, {'action': action_name('List', rolename), FORUM_ADMIN_USER[rolename]: username})
for header in ['Username', 'Full name', 'Roles']: for header in ['Username', 'Full name', 'Roles']:
self.assertTrue(response.content.find('<th>%s</th>' % header)>0) self.assertTrue(response.content.find('<th>%s</th>' % header)>0)
...@@ -206,4 +218,4 @@ class TestInstructorDashboardForumAdmin(ct.PageLoader): ...@@ -206,4 +218,4 @@ class TestInstructorDashboardForumAdmin(ct.PageLoader):
added_roles.append(rolename) added_roles.append(rolename)
added_roles.sort() added_roles.sort()
roles = ', '.join(added_roles) roles = ', '.join(added_roles)
self.assertTrue(response.content.find('<td>%s</td>' % roles)>=0) self.assertTrue(response.content.find('<td>%s</td>' % roles)>=0, 'not finding roles "%s"' % roles)
lms/djangoapps/instructor/views.py
...@@ -213,13 +213,13 @@ def instructor_dashboard(request, course_id): ...@@ -213,13 +213,13 @@ def instructor_dashboard(request, course_id):
elif action == 'Remove forum admin': elif action == 'Remove forum admin':
uname = request.POST['forumadmin'] uname = request.POST['forumadmin']
msg += _update_forum_role_membership(uname, course_id, FORUM_ROLE_ADMINISTRATOR, FORUM_ROLE_REMOVE) msg += _update_forum_role_membership(uname, course, FORUM_ROLE_ADMINISTRATOR, FORUM_ROLE_REMOVE)
track.views.server_track(request, '%s %s as %s for %s' % (FORUM_ROLE_REMOVE, uname, FORUM_ROLE_ADMINISTRATOR, course_id), track.views.server_track(request, '%s %s as %s for %s' % (FORUM_ROLE_REMOVE, uname, FORUM_ROLE_ADMINISTRATOR, course_id),
{}, page='idashboard') {}, page='idashboard')
elif action == 'Add forum admin': elif action == 'Add forum admin':
uname = request.POST['forumadmin'] uname = request.POST['forumadmin']
msg += _update_forum_role_membership(uname, course_id, FORUM_ROLE_ADMINISTRATOR, FORUM_ROLE_ADD) msg += _update_forum_role_membership(uname, course, FORUM_ROLE_ADMINISTRATOR, FORUM_ROLE_ADD)
track.views.server_track(request, '%s %s as %s for %s' % (FORUM_ROLE_ADD, uname, FORUM_ROLE_ADMINISTRATOR, course_id), track.views.server_track(request, '%s %s as %s for %s' % (FORUM_ROLE_ADD, uname, FORUM_ROLE_ADMINISTRATOR, course_id),
{}, page='idashboard') {}, page='idashboard')
...@@ -231,13 +231,13 @@ def instructor_dashboard(request, course_id): ...@@ -231,13 +231,13 @@ def instructor_dashboard(request, course_id):
elif action == 'Remove forum moderator': elif action == 'Remove forum moderator':
uname = request.POST['forummoderator'] uname = request.POST['forummoderator']
msg += _update_forum_role_membership(uname, course_id, FORUM_ROLE_MODERATOR, FORUM_ROLE_REMOVE) msg += _update_forum_role_membership(uname, course, FORUM_ROLE_MODERATOR, FORUM_ROLE_REMOVE)
track.views.server_track(request, '%s %s as %s for %s' % (FORUM_ROLE_REMOVE, uname, FORUM_ROLE_MODERATOR, course_id), track.views.server_track(request, '%s %s as %s for %s' % (FORUM_ROLE_REMOVE, uname, FORUM_ROLE_MODERATOR, course_id),
{}, page='idashboard') {}, page='idashboard')
elif action == 'Add forum moderator': elif action == 'Add forum moderator':
uname = request.POST['forummoderator'] uname = request.POST['forummoderator']
msg += _update_forum_role_membership(uname, course_id, FORUM_ROLE_MODERATOR, FORUM_ROLE_ADD) msg += _update_forum_role_membership(uname, course, FORUM_ROLE_MODERATOR, FORUM_ROLE_ADD)
track.views.server_track(request, '%s %s as %s for %s' % (FORUM_ROLE_ADD, uname, FORUM_ROLE_MODERATOR, course_id), track.views.server_track(request, '%s %s as %s for %s' % (FORUM_ROLE_ADD, uname, FORUM_ROLE_MODERATOR, course_id),
{}, page='idashboard') {}, page='idashboard')
...@@ -249,13 +249,13 @@ def instructor_dashboard(request, course_id): ...@@ -249,13 +249,13 @@ def instructor_dashboard(request, course_id):
elif action == 'Remove forum community TA': elif action == 'Remove forum community TA':
uname = request.POST['forummoderator'] uname = request.POST['forummoderator']
msg += _update_forum_role_membership(uname, course_id, FORUM_ROLE_COMMUNITY_TA, FORUM_ROLE_REMOVE) msg += _update_forum_role_membership(uname, course, FORUM_ROLE_COMMUNITY_TA, FORUM_ROLE_REMOVE)
track.views.server_track(request, '%s %s as %s for %s' % (FORUM_ROLE_REMOVE, uname, FORUM_ROLE_COMMUNITY_TA, course_id), track.views.server_track(request, '%s %s as %s for %s' % (FORUM_ROLE_REMOVE, uname, FORUM_ROLE_COMMUNITY_TA, course_id),
{}, page='idashboard') {}, page='idashboard')
elif action == 'Add forum community TA': elif action == 'Add forum community TA':
uname = request.POST['forummoderator'] uname = request.POST['forummoderator']
msg += _update_forum_role_membership(uname, course_id, FORUM_ROLE_COMMUNITY_TA, FORUM_ROLE_ADD) msg += _update_forum_role_membership(uname, course, FORUM_ROLE_COMMUNITY_TA, FORUM_ROLE_ADD)
track.views.server_track(request, '%s %s as %s for %s' % (FORUM_ROLE_ADD, uname, FORUM_ROLE_COMMUNITY_TA, course_id), track.views.server_track(request, '%s %s as %s for %s' % (FORUM_ROLE_ADD, uname, FORUM_ROLE_COMMUNITY_TA, course_id),
{}, page='idashboard') {}, page='idashboard')
...@@ -316,12 +316,12 @@ def _list_course_forum_members(course_id, rolename, datatable): ...@@ -316,12 +316,12 @@ def _list_course_forum_members(course_id, rolename, datatable):
return msg return msg
def _update_forum_role_membership(uname, course_id, rolename, add_or_remove): def _update_forum_role_membership(uname, course, rolename, add_or_remove):
''' '''
Supports adding a user to a course's forum role Supports adding a user to a course's forum role
uname = username string for user uname = username string for user
course_ID = course's ID string course = course object
rolename = one of "Administrator", "Moderator", "Community TA" rolename = one of "Administrator", "Moderator", "Community TA"
add_or_remove = one of "add" or "remove" add_or_remove = one of "add" or "remove"
...@@ -334,7 +334,7 @@ def _update_forum_role_membership(uname, course_id, rolename, add_or_remove): ...@@ -334,7 +334,7 @@ def _update_forum_role_membership(uname, course_id, rolename, add_or_remove):
except User.DoesNotExist: except User.DoesNotExist:
return '<font color="red">Error: unknown username "%s"</font>' % uname return '<font color="red">Error: unknown username "%s"</font>' % uname
try: try:
role = Role.objects.get(name=rolename, course_id=course_id) role = Role.objects.get(name=rolename, course_id=course.id)
except Role.DoesNotExist: except Role.DoesNotExist:
return '<font color="red">Error: unknown rolename "%s"</font>' % rolename return '<font color="red">Error: unknown rolename "%s"</font>' % rolename
...@@ -347,13 +347,16 @@ def _update_forum_role_membership(uname, course_id, rolename, add_or_remove): ...@@ -347,13 +347,16 @@ def _update_forum_role_membership(uname, course_id, rolename, add_or_remove):
msg ='<font color="red">Error: user "%s" does not have rolename "%s", cannot remove</font>' % (uname, rolename) msg ='<font color="red">Error: user "%s" does not have rolename "%s", cannot remove</font>' % (uname, rolename)
else: else:
user.roles.remove(role) user.roles.remove(role)
msg = '<font color="green">Removed "%s" from "%s" forum role = "%s"</font>' % (user, course_id, rolename) msg = '<font color="green">Removed "%s" from "%s" forum role = "%s"</font>' % (user, course.id, rolename)
else: else:
if (alreadyexists): if (alreadyexists):
msg = '<font color="red">Error: user "%s" already has rolename "%s", cannot add</font>' % (uname, rolename) msg = '<font color="red">Error: user "%s" already has rolename "%s", cannot add</font>' % (uname, rolename)
else: else:
user.roles.add(role) if (rolename == FORUM_ROLE_ADMINISTRATOR and not has_access(user, course, 'staff')):
msg = '<font color="green">Added "%s" to "%s" forum role = "%s"</font>' % (user, course_id, rolename) msg = '<font color="red">Error: user "%s" should first be added as staff before adding as a forum administrator, cannot add</font>' % uname
else:
user.roles.add(role)
msg = '<font color="green">Added "%s" to "%s" forum role = "%s"</font>' % (user, course.id, rolename)
return msg return msg
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment