quick hack to give some protection from unauthorized users from making new…

quick hack to give some protection from unauthorized users from making new courses. Make it so only is_staff people see the 'Create New Course' button.

cms/djangoapps/contentstore/views.py

@@ -122,7 +122,8 @@ def index(request):
                         course.location.course,
                         course.location.name]))
                     for course in courses],
-        'user': request.user
+        'user': request.user,
+        'disable_course_creation': settings.MITX_FEATURES.get('DISABLE_COURSE_CREATION', False) and not request.user.is_staff
     })
 
 
@@ -1259,6 +1260,10 @@ def edge(request):
 @login_required
 @expect_json
 def create_new_course(request):
+
+    if settings.MITX_FEATURES.get('DISABLE_COURSE_CREATION', False) and not request.user.is_staff:
+        raise PermissionDenied()
+
     # This logic is repeated in xmodule/modulestore/tests/factories.py
     # so if you change anything here, you need to also change it there.
     # TODO: write a test that creates two courses, one with the factory and

cms/templates/index.html

@@ -37,7 +37,9 @@
 			<h1>My Courses</h1>
 			<article class="my-classes">
 				% if user.is_active:
-				<a href="#" class="new-button new-course-button"><span class="plus-icon white"></span> New Course</a>
+          % if not disable_course_creation:
+				    <a href="#" class="new-button new-course-button"><span class="plus-icon white"></span> New Course</a>
+          %endif
 				<ul class="class-list">
 					%for course, url in courses:
 			    <li>