diff --git a/core/controllers/acl_decorators.py b/core/controllers/acl_decorators.py index 818c3ec0ad3f..45496224f9b5 100644 --- a/core/controllers/acl_decorators.py +++ b/core/controllers/acl_decorators.py @@ -24,6 +24,7 @@ from core import android_validation_constants from core import feconf +from core import platform_feature_list from core import utils from core.constants import constants from core.controllers import base @@ -33,6 +34,7 @@ from core.domain import classroom_config_services from core.domain import email_manager from core.domain import feedback_services +from core.domain import platform_feature_services from core.domain import question_services from core.domain import rights_manager from core.domain import role_services @@ -1241,8 +1243,19 @@ def test_can_access_contributor_dashboard_admin_page( if not self.user_id: raise self.NotLoggedInException - if role_services.ACTION_ACCESS_CONTRIBUTOR_DASHBOARD_ADMIN_PAGE in ( - self.user.actions): + new_dashboard_enabled = platform_feature_services.is_feature_enabled( + platform_feature_list.ParamNames.CD_ADMIN_DASHBOARD_NEW_UI.value) + + if new_dashboard_enabled and ( + role_services + .ACTION_ACCESS_NEW_CONTRIBUTOR_DASHBOARD_ADMIN_PAGE + in self.user.actions + ): + return handler(self, **kwargs) + + if not new_dashboard_enabled and ( + role_services.ACTION_ACCESS_CONTRIBUTOR_DASHBOARD_ADMIN_PAGE in ( + self.user.actions)): return handler(self, **kwargs) raise self.UnauthorizedUserException( diff --git a/core/controllers/acl_decorators_test.py b/core/controllers/acl_decorators_test.py index f8c5607f3928..320c84e8e53d 100644 --- a/core/controllers/acl_decorators_test.py +++ b/core/controllers/acl_decorators_test.py @@ -35,6 +35,9 @@ from core.domain import exp_domain from core.domain import exp_services from core.domain import feedback_services +from core.domain import platform_feature_services as feature_services +from core.domain import platform_parameter_domain +from core.domain import platform_parameter_list from core.domain import question_domain from core.domain import question_services from core.domain import rights_domain @@ -3296,6 +3299,8 @@ def setUp(self) -> None: super().setUp() self.signup(self.banned_user_email, self.banned_user) self.signup(self.user_email, self.username) + self.signup(self.OWNER_EMAIL, self.OWNER_USERNAME) + self.owner_id = self.get_user_id_from_email(self.OWNER_EMAIL) self.mark_user_banned(self.banned_user) self.user = user_services.get_user_actions_info( user_services.get_user_id_from_username(self.username)) @@ -3317,6 +3322,76 @@ def test_banned_user_cannot_access_contributor_dashboard_admin_page( self.assertEqual(response['error'], error_msg) self.logout() + def test_question_admin_cannot_access_new_contributor_dashboard_admin_page( + self + ) -> None: + feature_services.update_feature_flag( + platform_parameter_list.ParamNames.CD_ADMIN_DASHBOARD_NEW_UI.value, + self.owner_id, 'flag update', + [ + platform_parameter_domain.PlatformParameterRule.from_dict({ + 'filters': [ + { + 'type': 'platform_type', + 'conditions': [ + [ + '=', + platform_parameter_domain + .ALLOWED_PLATFORM_TYPES[0] + ] + ] + } + ], + 'value_when_matched': True + }) + ] + ) + self.add_user_role( + self.username, feconf.ROLE_ID_QUESTION_ADMIN) + self.login(self.user_email) + with self.swap(constants, 'DEV_MODE', True): + with self.swap(self, 'testapp', self.mock_testapp): + response = self.get_json('/mock/', expected_status_int=401) + error_msg = ( + 'You do not have credentials to access contributor dashboard ' + 'admin page.' + ) + self.assertEqual(response['error'], error_msg) + self.logout() + + def test_question_coordinator_can_access_new_cd_admin_page( + self + ) -> None: + feature_services.update_feature_flag( + platform_parameter_list.ParamNames.CD_ADMIN_DASHBOARD_NEW_UI.value, + self.owner_id, 'flag update', + [ + platform_parameter_domain.PlatformParameterRule.from_dict({ + 'filters': [ + { + 'type': 'platform_type', + 'conditions': [ + [ + '=', + platform_parameter_domain + .ALLOWED_PLATFORM_TYPES[0] + ] + ] + } + ], + 'value_when_matched': True + }) + ] + ) + self.add_user_role( + self.username, feconf.ROLE_ID_QUESTION_COORDINATOR) + self.login(self.user_email) + with self.swap(constants, 'DEV_MODE', True): + with self.swap(self, 'testapp', self.mock_testapp): + response = self.get_json('/mock/') + self.assertEqual(response['success'], 1) + self.logout() + def test_question_admin_can_access_contributor_dashboard_admin_page( self ) -> None: diff --git a/core/controllers/admin.py b/core/controllers/admin.py index bb0274abfcbf..4ad6af97b49d 100644 --- a/core/controllers/admin.py +++ b/core/controllers/admin.py @@ -1247,7 +1247,7 @@ class AdminRoleHandler( } } - @acl_decorators.can_access_admin_page + @acl_decorators.open_access def get(self) -> None: """Retrieves information about users based on different filter criteria to populate the roles tab. diff --git a/core/domain/role_services.py b/core/domain/role_services.py index 276be69793db..ce7615b189b6 100644 --- a/core/domain/role_services.py +++ b/core/domain/role_services.py @@ -50,6 +50,8 @@ ACTION_ACCESS_TOPICS_AND_SKILLS_DASHBOARD = 'ACCESS_TOPICS_AND_SKILLS_DASHBOARD' ACTION_ACCESS_CONTRIBUTOR_DASHBOARD_ADMIN_PAGE = ( 'ACCESS_CONTRIBUTOR_DASHBOARD_ADMIN_PAGE') +ACTION_ACCESS_NEW_CONTRIBUTOR_DASHBOARD_ADMIN_PAGE = ( + 'ACTION_ACCESS_NEW_CONTRIBUTOR_DASHBOARD_ADMIN_PAGE') ACTION_CHANGE_TOPIC_STATUS = 'CHANGE_TOPIC_STATUS' ACTION_CHANGE_STORY_STATUS = 'CHANGE_STORY_STATUS' ACTION_CREATE_COLLECTION = 'CREATE_COLLECTION' @@ -256,6 +258,7 @@ ACTION_MANAGE_TRANSLATION_CONTRIBUTOR_ROLES ], feconf.ROLE_ID_TRANSLATION_COORDINATOR: [ + ACTION_ACCESS_NEW_CONTRIBUTOR_DASHBOARD_ADMIN_PAGE, ACTION_ACCESS_CONTRIBUTOR_DASHBOARD_ADMIN_PAGE, ACTION_MANAGE_TRANSLATION_CONTRIBUTOR_ROLES ], @@ -270,6 +273,7 @@ ACTION_ACCESS_BLOG_DASHBOARD ], feconf.ROLE_ID_QUESTION_COORDINATOR: [ + ACTION_ACCESS_NEW_CONTRIBUTOR_DASHBOARD_ADMIN_PAGE, ACTION_ACCESS_CONTRIBUTOR_DASHBOARD_ADMIN_PAGE, ACTION_MANAGE_QUESTION_CONTRIBUTOR_ROLES ]