Commit f94df6e3 by David Ormsbee

Merge pull request #1476 from MITx/fix/cdodge/mitx-feature-disallow-new-courses

quick hack to give some protection from unauthorized users from making n...
parents 9b6f8a36 4f67c6c0
...@@ -122,7 +122,8 @@ def index(request): ...@@ -122,7 +122,8 @@ def index(request):
course.location.course, course.location.course,
course.location.name])) course.location.name]))
for course in courses], for course in courses],
'user': request.user 'user': request.user,
'disable_course_creation': settings.MITX_FEATURES.get('DISABLE_COURSE_CREATION', False) and not request.user.is_staff
}) })
...@@ -1259,6 +1260,10 @@ def edge(request): ...@@ -1259,6 +1260,10 @@ def edge(request):
@login_required @login_required
@expect_json @expect_json
def create_new_course(request): def create_new_course(request):
if settings.MITX_FEATURES.get('DISABLE_COURSE_CREATION', False) and not request.user.is_staff:
raise PermissionDenied()
# This logic is repeated in xmodule/modulestore/tests/factories.py # This logic is repeated in xmodule/modulestore/tests/factories.py
# so if you change anything here, you need to also change it there. # so if you change anything here, you need to also change it there.
# TODO: write a test that creates two courses, one with the factory and # TODO: write a test that creates two courses, one with the factory and
......
...@@ -37,7 +37,9 @@ ...@@ -37,7 +37,9 @@
<h1>My Courses</h1> <h1>My Courses</h1>
<article class="my-classes"> <article class="my-classes">
% if user.is_active: % if user.is_active:
<a href="#" class="new-button new-course-button"><span class="plus-icon white"></span> New Course</a> % if not disable_course_creation:
<a href="#" class="new-button new-course-button"><span class="plus-icon white"></span> New Course</a>
%endif
<ul class="class-list"> <ul class="class-list">
%for course, url in courses: %for course, url in courses:
<li> <li>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment