Skip to content

Commit

Permalink
Merge pull request #307 from eduNEXT/FG/Superset_student_rol_definition
Browse files Browse the repository at this point in the history
feat: Add student role with minimal access in Superset
  • Loading branch information
Ian2012 authored Aug 25, 2023
2 parents 79486dd + ab56715 commit 708505b
Show file tree
Hide file tree
Showing 5 changed files with 1,040 additions and 1,028 deletions.
1 change: 1 addition & 0 deletions tutoraspects/plugin.py
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,7 @@
"instructor": "Instructor",
"operator": "Operator",
"admin": "Admin",
"student": "Student",
},
),
("SUPERSET_ADMIN_EMAIL", "admin@openedx.org"),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -174,9 +174,15 @@ def _get_user_roles(self, username, language):
return ["instructor", f"instructor-{language}"]
else:
roles = self.extra_get_user_roles(username, decoded_access_token)
if bool("{{SUPERSET_BLOCK_STUDENT_ACCESS}}") and not roles:
if roles:
if {{SUPERSET_BLOCK_STUDENT_ACCESS}} and 'student' in roles:
raise Exception(f"Student access not allowed for {username} due to SUPERSET_BLOCK_STUDENT_ACCESS setting.")
return roles

if {{SUPERSET_BLOCK_STUDENT_ACCESS}}:
raise Exception(f"Student {username} tried to access Superset")
return roles if roles else []
else:
return ["student", f"student-{language}"]

def extra_get_user_roles(self, username, decoded_access_token):
"""
Expand Down Expand Up @@ -222,8 +228,4 @@ def get_courses(self, username, permission="staff", next_url=None):
for course_id in next_courses:
courses.append(course_id)

# If the user has no staff access to any courses, they are a student
if not courses and bool("{{SUPERSET_BLOCK_STUDENT_ACCESS}}"):
raise Exception(f"User {username} is not an instructor")
else:
return courses
return courses
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,6 @@
# Will allow user self registration, allowing to create Flask users from Authorized User
AUTH_USER_REGISTRATION = True

# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "{{SUPERSET_ROLES_MAPPING.instructor}}"

# Should we replace ALL the user's roles each login, or only on registration?
AUTH_ROLES_SYNC_AT_LOGIN = True

Expand All @@ -63,12 +60,15 @@
"alpha": ["Alpha"], # Global staff
"gamma": ["Gamma"], # Course staff
"instructor": ["{{SUPERSET_ROLES_MAPPING.instructor}}"], # Course instructors
"student": ["{{SUPERSET_ROLES_MAPPING.student}}"], # Course students
"operator": ["{{SUPERSET_ROLES_MAPPING.operator}}"], # Installation operators
"public": ["Public"], # AKA anonymous users
}

for language in LANGUAGES.keys():
AUTH_ROLES_MAPPING[f"instructor-{language}"] = [f"{{SUPERSET_ROLES_MAPPING.instructor}} - {language}"]
AUTH_ROLES_MAPPING[f"student-{language}"] = [f"{{SUPERSET_ROLES_MAPPING.student}} - {language}"]
AUTH_ROLES_MAPPING[f"operator-{language}"] = [f"{{SUPERSET_ROLES_MAPPING.operator}} - {language}"]


from openedx_sso_security_manager import OpenEdxSsoSecurityManager
Expand Down
Loading

0 comments on commit 708505b

Please sign in to comment.