refactor to add access control to already_existing access control routines in access.py

a2bbb65d · Kevin Chugh · 013009ea · a2bbb65d · a2bbb65d
Commit a2bbb65d authored 11 years ago by Kevin Chugh
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 11 deletions

lms/djangoapps/courseware/access.py
+9 -0

lms/djangoapps/django_comment_client/forum/views.py
+6 -11

No files found.
--- a/lms/djangoapps/courseware/access.py
+++ b/lms/djangoapps/courseware/access.py
@@ -114,6 +114,7 @@ def _has_access_course_desc(user, course, action):
    Valid actions:

    'load' -- load the courseware, see inside the course
+    'load_forum' -- can load and contribute to the forums (one access level for now)
    'enroll' -- enroll.  Checks for enrollment window,
                  ACCESS_REQUIRE_STAFF_FOR_COURSE,
    'see_exists' -- can see that the course exists.
@@ -128,6 +129,13 @@ def _has_access_course_desc(user, course, action):
        # delegate to generic descriptor check to check start dates
        return _has_access_descriptor(user, course, 'load')

+    def can_load_forum():
+        """
+        Can this user access the forums in this course?
+        """
+        return (CourseEnrollment.is_enrolled(request.user, course_id) or \
+            _has_staff_access_to_descriptor(user, course)
+
    def can_enroll():
        """
        First check if restriction of enrollment by login method is enabled, both
@@ -193,6 +201,7 @@ def _has_access_course_desc(user, course, action):

    checkers = {
        'load': can_load,
+        'load_forum': can_load_forum,
        'enroll': can_enroll,
        'see_exists': see_exists,
        'staff': lambda: _has_staff_access_to_descriptor(user, course),

--- a/lms/djangoapps/django_comment_client/forum/views.py
+++ b/lms/djangoapps/django_comment_client/forum/views.py
@@ -109,7 +109,7 @@ def inline_discussion(request, course_id, discussion_id):
    """
    Renders JSON for DiscussionModules
    """
-    course = get_course_with_access(request.user, course_id, 'load')
+    course = get_course_with_access(request.user, course_id, 'load_forum')

    try:
        threads, query_params = get_threads(request, course_id, discussion_id, per_page=INLINE_THREADS_PER_PAGE)
@@ -169,13 +169,8 @@ def forum_form_discussion(request, course_id):
    """
    Renders the main Discussion page, potentially filtered by a search query
    """
-    if not CourseEnrollment.is_enrolled(request.user, course_id) and \
-       not has_access(request.user, course_id, 'staff'):
-        access_violation_msg = "Unenrolled user {} tried to access forum for {}"
-        log.warning(access_violation_msg.format(request.user, course_id))
-        raise Http404

-    course = get_course_with_access(request.user, course_id, 'load')
+    course = get_course_with_access(request.user, course_id, 'load_forum')
    category_map = utils.get_discussion_category_map(course)

    try:
@@ -245,7 +240,7 @@ def forum_form_discussion(request, course_id):

 @login_required
 def single_thread(request, course_id, discussion_id, thread_id):
-    course = get_course_with_access(request.user, course_id, 'load')
+    course = get_course_with_access(request.user, course_id, 'load_forum')
    cc_user = cc.User.from_django_user(request.user)
    user_info = cc_user.to_dict()

@@ -280,7 +275,7 @@ def single_thread(request, course_id, discussion_id, thread_id):
            log.error("Error loading single thread.")
            raise Http404

-        course = get_course_with_access(request.user, course_id, 'load')
+        course = get_course_with_access(request.user, course_id, 'load_forum')

        for thread in threads:
            courseware_context = get_courseware_context(thread, course)
@@ -340,7 +335,7 @@ def single_thread(request, course_id, discussion_id, thread_id):
 @login_required
 def user_profile(request, course_id, user_id):
    #TODO: Allow sorting?
-    course = get_course_with_access(request.user, course_id, 'load')
+    course = get_course_with_access(request.user, course_id, 'load_forum')
    try:
        profiled_user = cc.User(id=user_id, course_id=course_id)

@@ -381,7 +376,7 @@ def user_profile(request, course_id, user_id):


 def followed_threads(request, course_id, user_id):
-    course = get_course_with_access(request.user, course_id, 'load')
+    course = get_course_with_access(request.user, course_id, 'load_forum')
    try:
        profiled_user = cc.User(id=user_id, course_id=course_id)