feat: upgrading simple api to drf compatible.

openedx · Jul 19, 2024 · 968d5bc · 968d5bc
1 parent cb87bdc
commit 968d5bc
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 26 deletions.
diff --git a/lms/djangoapps/instructor/permissions.py b/lms/djangoapps/instructor/permissions.py
@@ -1,11 +1,13 @@
 """
 Permissions for the instructor dashboard and associated actions
 """
-
 from bridgekeeper import perms
 from bridgekeeper.rules import is_staff
+from opaque_keys.edx.keys import CourseKey
+from rest_framework.permissions import BasePermission
 
 from lms.djangoapps.courseware.rules import HasAccessRule, HasRolesRule
+from openedx.core.lib.courses import get_course_by_id
 
 ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM = 'instructor.allow_student_to_bypass_entrance_exam'
 ASSIGN_TO_COHORTS = 'instructor.assign_to_cohorts'
@@ -72,3 +74,15 @@
 ) | HasAccessRule('staff') | HasAccessRule('instructor')
 perms[VIEW_ENROLLMENTS] = HasAccessRule('staff')
 perms[VIEW_FORUM_MEMBERS] = HasAccessRule('staff')
+
+
+class InstructorPermission(BasePermission):
+    """
+    Custom permission class for verifying user permissions on a specific course.
+    This permission class checks if the user has a specific permission associated
+    with a course. The permission name is expected to be an attribute of the view.
+    """
+    def has_permission(self, request, view):
+        course = get_course_by_id(CourseKey.from_string(view.kwargs.get('course_id')))
+        permission = getattr(view, 'permission_name', None)
+        return request.user.has_perm(permission, course)
diff --git a/lms/djangoapps/instructor/views/api.py b/lms/djangoapps/instructor/views/api.py
@@ -231,29 +231,6 @@ def wrapped(*args, **kwargs):
     return decorator
 
 
-def verify_course_permission(permission):
-    """
-        Decorator with argument that requires a specific permission of the requesting
-        user. If the requirement is not satisfied, returns an
-        HttpResponseForbidden (403).
-        Assumes that request is in self.
-        Assumes that course_id is in kwargs['course_id'].
-        """
-    def decorator(func):
-        def wrapped(self, *args, **kwargs):
-            request = self.request
-            course = get_course_by_id(CourseKey.from_string(kwargs['course_id']))
-
-            if request.user.has_perm(permission, course):
-                return func(self, *args, **kwargs)
-            else:
-                return HttpResponseForbidden()
-
-        return wrapped
-
-    return decorator
-
-
 def require_sales_admin(func):
     """
     Decorator for checking sales administrator access before executing an HTTP endpoint. This decorator
@@ -2372,11 +2349,11 @@ class ListEntranceExamInstructorTasks(APIView):
         BearerAuthenticationAllowInactiveUser,
         SessionAuthenticationAllowInactiveUser,
     )
-    permission_classes = (IsAuthenticated,)
+    permission_classes = (IsAuthenticated, permissions.InstructorPermission)
+    permission_name = permissions.SHOW_TASKS
     http_method_names = ['post']
 
     @method_decorator(ensure_csrf_cookie)
-    @verify_course_permission(permissions.SHOW_TASKS)
     @method_decorator(cache_control(no_cache=True, no_store=True, must_revalidate=True))
     def post(self, request, course_id):
         """