Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
E
edx-platform
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
edx
edx-platform
Commits
5168a080
Commit
5168a080
authored
Jul 22, 2013
by
cahrens
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Don't add users marked with is_staff to course creation table.
parent
6629d5d3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
33 additions
and
16 deletions
+33
-16
cms/djangoapps/contentstore/tests/test_users.py
+5
-11
cms/djangoapps/course_creators/tests/test_views.py
+10
-0
cms/djangoapps/course_creators/views.py
+18
-5
No files found.
cms/djangoapps/contentstore/tests/test_users.py
View file @
5168a080
...
...
@@ -47,6 +47,9 @@ class IndexCourseCreatorTests(CourseTestCase):
self
.
enable_creator_group
=
{
"ENABLE_CREATOR_GROUP"
:
True
}
self
.
admin
=
User
.
objects
.
create_user
(
'Mark'
,
'mark+courses@edx.org'
,
'foo'
)
self
.
admin
.
is_staff
=
True
def
test_get_course_creator_status_disable_creation
(
self
):
# DISABLE_COURSE_CREATION is True (this is the case on edx, where we have a marketing site).
# Only edx staff can create courses.
...
...
@@ -80,17 +83,14 @@ class IndexCourseCreatorTests(CourseTestCase):
# ENABLE_CREATOR_GROUP is True. This is the case on edge.
# Check return value for a non-staff user who has been granted access.
with
mock
.
patch
.
dict
(
'django.conf.settings.MITX_FEATURES'
,
self
.
enable_creator_group
):
# self.user has staff permissions, can call this method.
add_user_with_status_granted
(
self
.
user
,
self
.
user
)
# now make self.user non-staff
self
.
_set_user_non_staff
()
add_user_with_status_granted
(
self
.
admin
,
self
.
user
)
self
.
assertEquals
(
'granted'
,
_get_course_creator_status
(
self
.
user
))
def
test_get_course_creator_status_creator_group_denied
(
self
):
# ENABLE_CREATOR_GROUP is True. This is the case on edge.
# Check return value for a non-staff user who has been denied access.
with
mock
.
patch
.
dict
(
'django.conf.settings.MITX_FEATURES'
,
self
.
enable_creator_group
):
# make self.user non-staff
self
.
_set_user_non_staff
()
self
.
_set_user_denied
()
self
.
assertEquals
(
'denied'
,
_get_course_creator_status
(
self
.
user
))
...
...
@@ -137,10 +137,8 @@ class IndexCourseCreatorTests(CourseTestCase):
def
test_course_creator_group_granted
(
self
):
# Test index page content with ENABLE_CREATOR_GROUP True, non-staff member with access granted.
with
mock
.
patch
.
dict
(
'django.conf.settings.MITX_FEATURES'
,
self
.
enable_creator_group
):
# self.user has staff permissions, can call this method.
add_user_with_status_granted
(
self
.
user
,
self
.
user
)
# now make self.user non-staff
self
.
_set_user_non_staff
()
add_user_with_status_granted
(
self
.
admin
,
self
.
user
)
self
.
_assert_can_create
()
def
test_course_creator_group_denied
(
self
):
...
...
@@ -188,9 +186,6 @@ class IndexCourseCreatorTests(CourseTestCase):
self
.
table_entry
=
CourseCreator
(
user
=
self
.
user
)
self
.
table_entry
.
save
()
self
.
admin
=
User
.
objects
.
create_user
(
'Mark'
,
'admin+courses@edx.org'
,
'foo'
)
self
.
admin
.
is_staff
=
True
self
.
deny_request
=
HttpRequest
()
self
.
deny_request
.
user
=
self
.
admin
...
...
@@ -198,4 +193,3 @@ class IndexCourseCreatorTests(CourseTestCase):
self
.
table_entry
.
state
=
CourseCreator
.
DENIED
self
.
creator_admin
.
save_model
(
self
.
deny_request
,
self
.
table_entry
,
None
,
True
)
cms/djangoapps/course_creators/tests/test_views.py
View file @
5168a080
...
...
@@ -80,3 +80,13 @@ class CourseCreatorView(TestCase):
# user from the authz course creator group (and that can only be done by an admin).
user_requested_access
(
self
.
user
)
self
.
assertEqual
(
'granted'
,
get_course_creator_status
(
self
.
user
))
def
test_add_user_unrequested_staff
(
self
):
# Users marked as is_staff will not be added to the course creator table.
add_user_with_status_unrequested
(
self
.
admin
)
self
.
assertIsNone
(
get_course_creator_status
(
self
.
admin
))
def
test_add_user_granted_staff
(
self
):
# Users marked as is_staff will not be added to the course creator table.
add_user_with_status_granted
(
self
.
admin
,
self
.
admin
)
self
.
assertIsNone
(
get_course_creator_status
(
self
.
admin
))
cms/djangoapps/course_creators/views.py
View file @
5168a080
...
...
@@ -12,6 +12,9 @@ def add_user_with_status_unrequested(user):
If the user is already in the table, this method is a no-op
(state will not be changed).
If the user is marked as is_staff, this method is a no-op (user
will not be added to table).
"""
_add_user
(
user
,
CourseCreator
.
UNREQUESTED
)
...
...
@@ -20,14 +23,17 @@ def add_user_with_status_granted(caller, user):
"""
Adds a user to the course creator table with status 'granted'.
T
his method also adds the user to the course creator group maintained by authz.py.
If appropriate, t
his method also adds the user to the course creator group maintained by authz.py.
Caller must have staff permissions.
If the user is already in the table, this method is a no-op
(state will not be changed).
If the user is marked as is_staff, this method is a no-op (user
will not be added to table, nor added to authz.py group).
"""
_add_user
(
user
,
CourseCreator
.
GRANTED
)
update_course_creator_group
(
caller
,
user
,
True
)
if
_add_user
(
user
,
CourseCreator
.
GRANTED
):
update_course_creator_group
(
caller
,
user
,
True
)
def
update_course_creator_group
(
caller
,
user
,
add
):
...
...
@@ -78,9 +84,16 @@ def _add_user(user, state):
"""
Adds a user to the course creator table with the specified state.
Returns True if user was added to table, else False.
If the user is already in the table, this method is a no-op
(state will not be changed).
(state will not be changed, method will return False).
If the user is marked as is_staff, this method is a no-op (False will be returned).
"""
if
CourseCreator
.
objects
.
filter
(
user
=
user
)
.
count
()
==
0
:
if
not
user
.
is_staff
and
CourseCreator
.
objects
.
filter
(
user
=
user
)
.
count
()
==
0
:
entry
=
CourseCreator
(
user
=
user
,
state
=
state
)
entry
.
save
()
return
True
return
False
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment