Add fallback for org based roles

3f3e9724 · Julia Hansbrough · Sarina Canelake · 29bb179a · 3f3e9724 · 3f3e9724
Commit 3f3e9724 authored Jun 04, 2014 by Julia Hansbrough Committed by Sarina Canelake Jun 09, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 57 additions and 8 deletions

cms/djangoapps/contentstore/tests/test_course_listing.py
+32 -2

cms/djangoapps/contentstore/views/access.py
+7 -1

cms/djangoapps/contentstore/views/course.py
+18 -5

No files found.
--- a/cms/djangoapps/contentstore/tests/test_course_listing.py
+++ b/cms/djangoapps/contentstore/tests/test_course_listing.py
@@ -6,14 +6,15 @@ import random
 from chrono import Timer
 from mock import patch, Mock
+import ddt
 from django.test import RequestFactory
-from contentstore.views.course import _accessible_courses_list, _accessible_courses_list_from_groups
+from contentstore.views.course import _accessible_courses_list, _accessible_courses_list_from_groups, AccessListFallback
 from contentstore.utils import delete_course_and_groups, reverse_course_url
 from contentstore.tests.utils import AjaxEnabledTestClient
 from student.tests.factories import UserFactory
-from student.roles import CourseInstructorRole, CourseStaffRole, GlobalStaff
+from student.roles import CourseInstructorRole, CourseStaffRole, GlobalStaff, OrgStaffRole, OrgInstructorRole
 from xmodule.modulestore.tests.django_utils import ModuleStoreTestCase
 from xmodule.modulestore.tests.factories import CourseFactory
 from xmodule.modulestore.locations import SlashSeparatedCourseKey
@@ -24,6 +25,7 @@ TOTAL_COURSES_COUNT = 500
 USER_COURSES_COUNT = 50
+@ddt.ddt
 class TestCourseListing(ModuleStoreTestCase):
    """
    Unit tests for getting the list of courses for a logged in user
@@ -271,3 +273,31 @@ class TestCourseListing(ModuleStoreTestCase):
        courses_list = _accessible_courses_list_from_groups(self.request)
        self.assertEqual(len(courses_list), 1, courses_list)
+    @ddt.data(OrgStaffRole('AwesomeOrg'), OrgInstructorRole('AwesomeOrg'))
+    def test_course_listing_org_permissions(self, role):
+        """
+        Create multiple courses within the same org.  Verify that someone with org-wide permissions can access
+        all of them.
+        """
+        org_course_one = SlashSeparatedCourseKey('AwesomeOrg', 'Course1', 'RunBabyRun')
+        CourseFactory.create(
+            org=org_course_one.org,
+            number=org_course_one.course,
+            run=org_course_one.run
+        )
+        org_course_two = SlashSeparatedCourseKey('AwesomeOrg', 'Course2', 'RunRunRun')
+        CourseFactory.create(
+            org=org_course_two.org,
+            number=org_course_two.course,
+            run=org_course_two.run
+        )
+        # Two types of org-wide roles have edit permissions: staff and instructor.  We test both
+        role.add_users(self.user)
+        with self.assertRaises(AccessListFallback):
+            _accessible_courses_list_from_groups(self.request)
+        courses_list = _accessible_courses_list(self.request)
+        self.assertEqual(len(courses_list), 2)
--- a/cms/djangoapps/contentstore/views/access.py
+++ b/cms/djangoapps/contentstore/views/access.py
-from student.roles import CourseStaffRole, GlobalStaff, CourseInstructorRole
+""" Helper methods for determining user access permissions in Studio """
+from student.roles import CourseStaffRole, GlobalStaff, CourseInstructorRole, OrgStaffRole, OrgInstructorRole
 from student import auth
@@ -14,6 +16,10 @@ def has_course_access(user, course_key, role=CourseStaffRole):
    """
    if GlobalStaff().has_user(user):
        return True
+    if OrgInstructorRole(org=course_key.org).has_user(user):
+        return True
+    if OrgStaffRole(org=course_key.org).has_user(user):
+        return True
    return auth.has_access(user, role(course_key))

--- a/cms/djangoapps/contentstore/views/course.py
+++ b/cms/djangoapps/contentstore/views/course.py
@@ -68,6 +68,14 @@ __all__ = ['course_info_handler', 'course_handler', 'course_info_update_handler'
           'textbooks_list_handler', 'textbooks_detail_handler']
+class AccessListFallback(Exception):
+    """
+    An exception that is raised whenever we need to `fall back` to fetching *all* courses
+    available to a user, rather than using a shorter method (i.e. fetching by group)
+    """
+    pass
 def _get_course_module(course_key, user, depth=0):
    """
    Internal method used to calculate and return the locator and course module
@@ -190,11 +198,16 @@ def _accessible_courses_list_from_groups(request):
    for course_access in all_courses:
        course_key = course_access.course_id
-        if course_key not in courses_list:
+        if course_key is None:
+            # If the course_access does not have a course_id, it's an org-based role, so we fall back
+            raise AccessListFallback
+        try:
            course = modulestore('direct').get_course(course_key)
-            if course is not None and not isinstance(course, ErrorDescriptor):
+        except ItemNotFoundError:
-                # ignore deleted or errored courses
+            raise ItemNotFoundError
-                courses_list[course_key] = course
+        if course is not None and not isinstance(course, ErrorDescriptor):
+            # ignore deleted or errored courses
+            courses_list[course_key] = course
    return courses_list.values()
@@ -213,7 +226,7 @@ def course_listing(request):
    else:
        try:
            courses = _accessible_courses_list_from_groups(request)
-        except ItemNotFoundError:
+        except AccessListFallback:
            # user have some old groups or there was some error getting courses from django groups
            # so fallback to iterating through all courses
            courses = _accessible_courses_list(request)