Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add student role with minimal access in Superset #307

Merged
merged 7 commits into from
Aug 25, 2023
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 62 additions & 0 deletions config.yml
nandodev-net marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
CMS_OAUTH2_SECRET: mUDPC0mAIsrI55e6ewLCpOAF
ID: jV4UITdO51qynTEP6EWBEYIA
JWT_RSA_PRIVATE_KEY: '-----BEGIN RSA PRIVATE KEY-----

MIIEogIBAAKCAQEAs24MJudBS4NvRqY3lXpz4XnaPWeCMie5iQbqT1oBV47BXlqq

rqjCv6ajKNlW2cM2qpeDn1T/5CCFY1a0uBmft/GqHFjpiyh8gnvLP8fiqdM+YzGe

RdyucbND0LTLNp14E4wEiK7s/lLUXe0mqsiFJCDumedHlm1e21AF+PZJ4xkpLL3d

OUVke+8OOuOIOfGjXP5a6COUOTqPmPH51L2tP6/b/6vmSOYDja9GyUwJf8IJqDFx

x/MbLqtkQJ22Ho7sxQbidHjY1LNnkzOOo5E1zOzK65Oayz+RDTAetvhP8FpbclN1

jLnyGxOakfnQ9npqukjzzmucrcSF3sC1S/nicQIDAQABAoIBAAWcjld8ocWEcKtZ

WTFs9RkTBCTpuvAJ30L2cwdEibh0694BMKeZ+k4/XkixpGZW1Tu4VZra8A5QyI8q

5+e+kGjSr2bnznUGUP+NMtX1sMRuKXw1ce1eKZv/duJc9yKIAfh9h2pFaz7IdSET

YMNUVlqjB4dLbQkatk3eVrN6s2SdaEKChKT4cOoknZVjd7y6d+iRNBlYxTQ4EuMH

C0+JzHBxcUvtW8t2WRZAGkT46QDup8JNH/9STE0DJuPXhU+pvpXA90/b5cwm31Eo

DKURa2wWk3916fkhkVxGJoiKkXLCweLqNjrFm+Nz8TZAb6x8gkbcG9CwUsXMWFk4

2sEN3QkCgYEAxjUcCYjwmSTRPQJebcVwe9oT3Edg8XLPEGDtOzeBuNK8OUd+kRPi

nc+YI3aLq0Q907rJLtiLQyT0TslB5M0zC7X8liDqPqvq3LViajKT+dyT496rL3Qd

gWsUaplZAAAJjFHCwoiOUXTiJh/+2D0M4jtnyPmTDy3Q34hVHpAUC6kCgYEA579Q

X0xWXrJ+Sl/HfPI5CcfQ6oE9OEBl1PtbRjcNNqPESKqjHi3sRN2eqyjDJm/kfECD

F+3atMrxWMHjiNoyTZEOQWtfDs+BPlhwgm4jwG0vmK+mLun27KpFsb/3FnF3/nVw

UPibJN1bqpjGWcwv4JkvfVKSlPKMmpKo2wzxnYkCgYAt4GMR7elKeRQZG/BBVh63

+/z20mqk2B8HOngOacWTwusgEuU/rSuZvVAIfUrMpGnvFN+2ARcSvn3xsnGXBMvY

3RGOqiWtxdsBpNYXoIdRoPV2G7bhr+2YY/GAzuejsV6EZPRAVJ0kS3qAuo0g/dh6

kKdwBBw+uisLYiHZhh2tqQKBgBv3nZZymvXAqrcFCgkNHk8M2yyBvkaclu12DBTU

LfcLGnP+i8LnndzNtglH2Q05caSBEJEBtmQdHbUtaO0qD+oGeGbysz0RU7KXb7R9

4DintJfDktWUjKURA2opFYOS2/1MZOqQpgBz6k0TNNS/bIO5WN7R6TiqcMdyrYgJ

7tqpAoGAZRrwIiVB26uqqTsalF/bnIU2e6ir9UmqR+BAljm2sKLzUcU1PH8H+j1p

DnD91xqkUbXBiYPnGgvCetk+vazoTeOjJjA3USlO4h+b44tnL5YqHc3c73f2bol5

hMoSDyn5uIPeWlQrbSLoi+W/e+45CiGAmM2IK6urIcq5gpjQS44=

-----END RSA PRIVATE KEY-----'
MYSQL_ROOT_PASSWORD: LIYV7fuy
OPENEDX_MYSQL_PASSWORD: nZERSPxK
OPENEDX_SECRET_KEY: PHI9tC5jFehfRxSBsSHTSpyv
PLUGINS:
- mfe
PLUGIN_INDEXES:
- https://overhang.io/tutor/main
1 change: 1 addition & 0 deletions tutoraspects/plugin.py
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,7 @@
"instructor": "Instructor",
"operator": "Operator",
"admin": "Admin",
"student": "Student",
},
),
("SUPERSET_ADMIN_EMAIL", "admin@openedx.org"),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -174,9 +174,11 @@ def _get_user_roles(self, username, language):
return ["instructor", f"instructor-{language}"]
else:
roles = self.extra_get_user_roles(username, decoded_access_token)
if bool("{{SUPERSET_BLOCK_STUDENT_ACCESS}}") and not roles:
raise Exception(f"Student {username} tried to access Superset")
return roles if roles else []
if roles:
return roles
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm somewhat concerned about this logic. Having a student role returned here would override SUPERSET_BLOCK_STUDENT_ACCESS. Maybe not a big deal, but can we add a check for that and throw an exception if it happens?

if not bool("{{SUPERSET_BLOCK_STUDENT_ACCESS}}"):
return ["student", f"student - {language}"]
Ian2012 marked this conversation as resolved.
Show resolved Hide resolved
raise Exception(f"Student {username} tried to access Superset")

def extra_get_user_roles(self, username, decoded_access_token):
"""
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -63,12 +63,15 @@
"alpha": ["Alpha"], # Global staff
"gamma": ["Gamma"], # Course staff
"instructor": ["{{SUPERSET_ROLES_MAPPING.instructor}}"], # Course instructors
"student": ["{{SUPERSET_ROLES_MAPPING.student}}"], # Course students
"operator": ["{{SUPERSET_ROLES_MAPPING.operator}}"], # Installation operators
"public": ["Public"], # AKA anonymous users
}

for language in LANGUAGES.keys():
AUTH_ROLES_MAPPING[f"instructor-{language}"] = [f"{{SUPERSET_ROLES_MAPPING.instructor}} - {language}"]
AUTH_ROLES_MAPPING[f"student-{language}"] = [f"{{SUPERSET_ROLES_MAPPING.student}} - {language}"]
Ian2012 marked this conversation as resolved.
Show resolved Hide resolved
AUTH_ROLES_MAPPING[f"operator-{language}"] = [f"{{SUPERSET_ROLES_MAPPING.operator}} - {language}"]


from openedx_sso_security_manager import OpenEdxSsoSecurityManager
Expand Down
Loading