From b90e22baa6beaecfdffbdacdc6d53c14f0c150ca Mon Sep 17 00:00:00 2001 From: Cristhian Garcia Date: Wed, 23 Oct 2024 11:38:07 -0500 Subject: [PATCH] feat: allow to block instructor access --- tutoraspects/plugin.py | 1 + .../apps/superset/pythonpath/openedx_sso_security_manager.py | 2 ++ 2 files changed, 3 insertions(+) diff --git a/tutoraspects/plugin.py b/tutoraspects/plugin.py index 3768d35f2..a3410633a 100644 --- a/tutoraspects/plugin.py +++ b/tutoraspects/plugin.py @@ -368,6 +368,7 @@ # course cache anyway. ("SUPERSET_USER_PERMISSIONS_CACHE_TIMEOUT", 120), ("SUPERSET_BLOCK_STUDENT_ACCESS", True), + ("SUPERSET_BLOCK_INSTRUCTOR_ACCESS", False), # This setting allows Superset to run behind a reverse proxy in HTTPS and # redirect to the correct http/s based on the headers sent from the proxy. # By default it is on if Caddy is enabled, but it can be set separately in diff --git a/tutoraspects/templates/aspects/apps/superset/pythonpath/openedx_sso_security_manager.py b/tutoraspects/templates/aspects/apps/superset/pythonpath/openedx_sso_security_manager.py index 75eb62b32..06ea382ba 100644 --- a/tutoraspects/templates/aspects/apps/superset/pythonpath/openedx_sso_security_manager.py +++ b/tutoraspects/templates/aspects/apps/superset/pythonpath/openedx_sso_security_manager.py @@ -181,6 +181,8 @@ def _get_user_roles(self, username, locale): # the course permissions cache if necessary by logging out and back in. courses = self.get_courses(username, force=True) if courses: + if {{ SUPERSET_BLOCK_INSTRUCTOR_ACCESS }}: + raise Exception(f"Instructor {username} tried to access Superset") return ["instructor", f"instructor-{locale}"] else: roles = self.extra_get_user_roles(username, decoded_access_token)