Remove access to CCX courses from Studio entirely and test that revocation

fa7c80b4 · Jesse Shapiro · 9d1e77e0 · fa7c80b4 · fa7c80b4
Commit fa7c80b4 authored Nov 01, 2016 by Jesse Shapiro
Hide whitespace changes
Inline Side-by-side

Showing with 56 additions and 1 deletions

common/djangoapps/student/auth.py
+15 -0

common/djangoapps/student/tests/test_authz.py
+41 -1

No files found.
--- a/common/djangoapps/student/auth.py
+++ b/common/djangoapps/student/auth.py
@@ -20,6 +20,18 @@ STUDIO_VIEW_CONTENT = 1
 # In addition to the above, one is always allowed to "demote" oneself to a lower role within a course, or remove oneself
+def is_ccx_course(course_key):
+    """
+    Check whether the course locator maps to a CCX course; this is important
+    because we don't allow access to CCX courses in Studio.
+    """
+    ccx_namespaces = (
+        'ccx-v1',
+        'ccx-block-v1',
+    )
+    return course_key.CANONICAL_NAMESPACE in ccx_namespaces
 def user_has_role(user, role):
    """
    Check whether this user has access to this role (either direct or implied)
@@ -61,6 +73,9 @@ def get_user_permissions(user, course_key, org=None):
    else:
        assert course_key is None
    all_perms = STUDIO_EDIT_ROLES | STUDIO_VIEW_USERS | STUDIO_EDIT_CONTENT | STUDIO_VIEW_CONTENT
+    # No one has studio permissions for CCX courses
+    if is_ccx_course(course_key):
+        return 0
    # global staff, org instructors, and course instructors have all permissions:
    if GlobalStaff().has_user(user) or OrgInstructorRole(org=org).has_user(user):
        return all_perms

--- a/common/djangoapps/student/tests/test_authz.py
+++ b/common/djangoapps/student/tests/test_authz.py
@@ -9,8 +9,9 @@ from django.core.exceptions import PermissionDenied
 from student.roles import CourseInstructorRole, CourseStaffRole, CourseCreatorRole
 from student.tests.factories import AdminFactory
-from student.auth import user_has_role, add_users, remove_users
+from student.auth import user_has_role, add_users, remove_users, has_studio_write_access, has_studio_read_access
 from opaque_keys.edx.locations import SlashSeparatedCourseKey
+from ccx_keys.locator import CCXLocator
 class CreatorGroupTest(TestCase):
@@ -132,6 +133,45 @@ class CreatorGroupTest(TestCase):
            remove_users(self.admin, CourseCreatorRole(), self.user)
+class CCXCourseGroupTest(TestCase):
+    """
+    Test that access to a CCX course in Studio is disallowed
+    """
+    def setUp(self):
+        """
+        Set up test variables
+        """
+        super(CourseGroupTest, self).setUp()
+        self.global_admin = AdminFactory()
+        self.staff = User.objects.create_user('teststaff', 'teststaff+courses@edx.org', 'foo')
+        self.ccx_course_key = CCXLocator.from_string('ccx-v1:edX+DemoX+Demo_Course+ccx@1')
+        add_users(self.global_admin, CourseStaffRole(self.ccx_course_key), self.staff)
+    def test_no_global_admin_write_access(self):
+        """
+        Test that global admins have no write access
+        """
+        self.assertFalse(has_studio_write_access(self.global_admin, self.ccx_course_key))
+    def test_no_staff_write_access(self):
+        """
+        Test that course staff have no write access
+        """
+        self.assertFalse(has_studio_write_access(self.staff, self.ccx_course_key))
+    def test_no_global_admin_read_access(self):
+        """
+        Test that global admins have no read access
+        """
+        self.assertFalse(has_studio_write_access(self.global_admin, self.ccx_course_key))
+    def test_no_staff_write_access(self):
+        """
+        Test that course staff have no read access
+        """
+        self.assertFalse(has_studio_write_access(self.staff, self.ccx_course_key))
 class CourseGroupTest(TestCase):
    """
    Tests for instructor and staff groups for a particular course.