Add ability to grant view results permission to additional groups.

You can now use the XBLOCK_POLL_EXTRA_VIEW_GROUPS django setting
to allow users from additional groups to view the results.

By default only course staff has permission to view the results.

README.md

@@ -229,3 +229,11 @@ The resulting events look like this for polls:
     {"username": "staff", "host": "precise64", "event_source": "server", "event_type": "xblock.survey.submitted", "context": {"course_user_tags": {}, "user_id": 1, "org_id": "JediAcademy", "module": {"display_name": "Survey"}, "course_id": "JediAcademy/FW301/2015", "path": "/courses/JediAcademy/FW301/2015/xblock/i4x:;_;_JediAcademy;_FW301;_survey;_e4975240b6c64a1e988bad86ea917070/handler/vote"}, "time": "2015-01-12T19:13:13.115038+00:00", "ip": "10.0.2.2", "event": {"url_name": "e4975240b6c64a1e988bad86ea917070", "choices": {"enjoy": "Y", "learn": "M", "recommend": "N"}}, "agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:34.0) Gecko/20100101 Firefox/34.0", "page": "x_module"}
     {"username": "staff", "host": "precise64", "event_source": "server", "event_type": "xblock.survey.view_results", "context": {"course_user_tags": {}, "user_id": 1, "org_id": "JediAcademy", "module": {"display_name": "Survey"}, "course_id": "JediAcademy/FW301/2015", "path": "/courses/JediAcademy/FW301/2015/xblock/i4x:;_;_JediAcademy;_FW301;_survey;_e4975240b6c64a1e988bad86ea917070/handler/get_results"}, "time": "2015-01-12T19:13:13.513909+00:00", "ip": "10.0.2.2", "event": {}, "agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:34.0) Gecko/20100101 Firefox/34.0", "page": "x_module"}
 
+
+## Viewing the Results
+
+When running inside the edX LMS, course staff members have the ability to view results without voting.
+If you want to grant members of other groups ability to view the results, you can configure the group
+names in the django settings using the `XBLOCK_POLL_EXTRA_VIEW_GROUPS` setting, for example:
+
+    XBLOCK_POLL_EXTRA_VIEW_GROUPS = ['poll_staff']

poll/poll.py

@@ -34,10 +34,15 @@ from xblock.fragment import Fragment
 from xblockutils.publish_event import PublishEventMixin
 from xblockutils.resources import ResourceLoader
 
+HAS_EDX_ACCESS = False
 try:
-    from courseware.access import has_access  # pylint: disable=import-error
+    # pylint: disable=import-error
+    from django.conf import settings
+    from courseware.access import has_access
+    from api_manager.models import GroupProfile
+    HAS_EDX_ACCESS = True
 except ImportError:
-    has_access = None
+    pass
 
 
 class ResourceMixin(object):
@@ -176,8 +181,17 @@ class PollBase(XBlock, ResourceMixin, PublishEventMixin):
         Checks to see if the user has permissions to view private results.
         This only works inside the LMS.
         """
-        if has_access and hasattr(self.runtime, 'user') and hasattr(self.runtime, 'course_id'):
-            return has_access(self.runtime.user, 'staff', self, self.runtime.course_id)
+        if HAS_EDX_ACCESS and hasattr(self.runtime, 'user') and hasattr(self.runtime, 'course_id'):
+            # Course staff users have permission to view results.
+            if has_access(self.runtime.user, 'staff', self, self.runtime.course_id):
+                return True
+            else:
+                # Check if user is member of a group that is explicitly granted
+                # permission to view the results through django configuration.
+                group_names = getattr(settings, 'XBLOCK_POLL_EXTRA_VIEW_GROUPS', [])
+                if group_names:
+                    group_ids = self.runtime.user.groups.values_list('id', flat=True)
+                    return GroupProfile.objects.filter(group_id__in=group_ids, name__in=group_names).exists()
         else:
             return False
 

pylintrc

@@ -24,4 +24,4 @@ disable=
 	unused-argument
 
 [SIMILARITIES]
-min-similarity-lines=8
+min-similarity-lines=8
\ No newline at end of file