fix: move progress related api staff-perms to standard permission file

nelc · Jan 2, 2025 · dc2311c · dc2311c
1 parent 3381de6
commit dc2311c
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/lms/djangoapps/course_home_api/course_metadata/views.py b/lms/djangoapps/course_home_api/course_metadata/views.py
@@ -16,6 +16,7 @@
 from lms.djangoapps.course_api.api import course_detail
 from lms.djangoapps.course_goals.models import UserActivity
 from lms.djangoapps.course_home_api.course_metadata.serializers import CourseHomeMetadataSerializer
+from lms.djangoapps.course_home_api.permissions import HAS_STAFF_ACCESS_ON_COURSE_API
 from lms.djangoapps.courseware.access import has_access
 from lms.djangoapps.courseware.context_processor import user_timezone_locale_prefs
 from lms.djangoapps.courseware.courses import check_course_access
@@ -75,10 +76,11 @@ def get(self, request, *args, **kwargs):
         course_key_string = kwargs.get('course_key_string')
         course_key = CourseKey.from_string(course_key_string)
         original_user_is_global_staff = self.request.user.is_staff
-        original_user_is_staff = has_access(request.user, 'staff', course_key).has_access
 
         course = course_detail(request, request.user.username, course_key)
 
+        original_user_is_staff = request.user.has_perm(HAS_STAFF_ACCESS_ON_COURSE_API, course)
+
         # We must compute course load access *before* setting up masquerading,
         # else course staff (who are not enrolled) will not be able view
         # their course from the perspective of a learner.

diff --git a/lms/djangoapps/course_home_api/permissions.py b/lms/djangoapps/course_home_api/permissions.py
@@ -0,0 +1,11 @@
+"""
+Permission definitions for the ccx djangoapp
+"""
+
+from bridgekeeper import perms
+
+from lms.djangoapps.courseware.rules import HasAccessRule
+
+HAS_STAFF_ACCESS_ON_COURSE_API = 'course_home_api.staff_access_on_course_api'
+
+perms[HAS_STAFF_ACCESS_ON_COURSE_API] = HasAccessRule('staff')
diff --git a/lms/djangoapps/course_home_api/progress/views.py b/lms/djangoapps/course_home_api/progress/views.py
@@ -14,6 +14,8 @@
 
 from xmodule.modulestore.django import modulestore
 from common.djangoapps.student.models import CourseEnrollment
+from lms.djangoapps.course_api.api import course_detail
+from lms.djangoapps.course_home_api.permissions import HAS_STAFF_ACCESS_ON_COURSE_API
 from lms.djangoapps.course_home_api.progress.serializers import ProgressTabSerializer
 from lms.djangoapps.course_home_api.toggles import course_home_mfe_progress_tab_is_active
 from lms.djangoapps.courseware.access import has_access, has_ccx_coach_role
@@ -185,7 +187,9 @@ def get(self, request, *args, **kwargs):
         monitoring_utils.set_custom_attribute('course_id', course_key_string)
         monitoring_utils.set_custom_attribute('user_id', request.user.id)
         monitoring_utils.set_custom_attribute('is_staff', request.user.is_staff)
-        is_staff = bool(has_access(request.user, 'staff', course_key))
+        is_staff = request.user.has_perm(
+            HAS_STAFF_ACCESS_ON_COURSE_API, course_detail(request, request.user.username, course_key)
+        )
 
         student = self._get_student_user(request, course_key, student_id, is_staff)
         username = get_enterprise_learner_generic_name(request) or student.username