#1583 cleaning up super user references (#1614)

* #1583 cleaning up super user references
tl-its-umich-edu · Sep 12, 2024 · 4411436 · 4411436
1 parent 6698811
commit 4411436
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 17 deletions.
diff --git a/assets/src/containers/Course.js b/assets/src/containers/Course.js
@@ -61,18 +61,16 @@ function Course (props) {
         Course {courseId} has not been set up in MyLA. Contact your instructor, who can enable the visualizations by clicking on MyLA in the course navigation.
       </WarningBanner>
     )
-  }
-  else if (error.message === '403' || error.message === 'Forbidden') {
+  } else if (error.message === '403' || error.message === 'Forbidden') {
     return (
       <WarningBanner>
         You do not have access to course {courseId}.
       </WarningBanner>
     )
-  }
-  else if (error) {
+  } else if (error) {
     return (<WarningBanner />)
   }
-  
+
   if (loaded && isObjectEmpty(courseInfo)) return (<WarningBanner>My Learning Analytics is not enabled for this course.</WarningBanner>)
 
   const notLoadedAltMessage = 'Mouse running on wheel with text "Course Data Being Processed, Try Back in 24 Hours"'

diff --git a/assets/src/globals.js b/assets/src/globals.js
@@ -19,9 +19,8 @@ const user = Object.freeze({
   username: mylaGlobals.username,
   displayName: mylaGlobals.display_name,
   initials: mylaGlobals.initials,
-  admin: mylaGlobals.is_superuser,
+  admin: mylaGlobals.is_admin,
   relatedCourses: mylaGlobals.user_courses_info,
-  isSuperuser: mylaGlobals.is_superuser,
   isLoggedIn: !!mylaGlobals.username,
   loginURL: mylaGlobals.login,
   logoutURL: mylaGlobals.logout,

diff --git a/dashboard/common/db_util.py b/dashboard/common/db_util.py
@@ -117,15 +117,15 @@ class CourseEnrollment(TypedDict):
     course_name: str
     enrollment_types: List[str]
 
-def is_superuser(user_name: str) -> bool:
-    logger.debug(is_superuser.__name__+f' \'{user_name}\'')
+def is_staff(user_name: str) -> bool:
+    logger.debug(is_staff.__name__+f' \'{user_name}\'')
 
     user = DjangoUser.objects.filter(username=user_name)
     if user.count() == 0:
         result = False
     else:
-        result = user[0].is_superuser
-    logger.debug(is_superuser.__name__+f' \'{user_name}\':{result}')
+        result = user[0].is_staff
+    logger.debug(is_staff.__name__+f' \'{user_name}\':{result}')
     return result
 
 def get_user_courses_info(username: str, course_id: Union[int, None] = None) -> List[CourseEnrollment]:
@@ -145,7 +145,7 @@ def get_user_courses_info(username: str, course_id: Union[int, None] = None) ->
     else:
         user_enrollments = User.objects.filter(sis_name=username)
     if user_enrollments.count() == 0:
-        if not is_superuser(username):
+        if not is_staff(username):
             logger.warning(
                 f'Couldn\'t find user {username} in enrollment info. Enrollment data has not been populated yet.')
         return []

diff --git a/dashboard/common/utils.py b/dashboard/common/utils.py
@@ -84,7 +84,7 @@ def get_myla_globals(request):
     google_analytics_id = ""
     course_id = get_course_id_from_request_url(request.path)
 
-    is_superuser = current_user.is_staff
+    is_admin = current_user.is_staff
     if current_user.is_authenticated:
         username = current_user.get_username()
         user_courses_info = db_util.get_user_courses_info(username, course_id)
@@ -109,7 +109,7 @@ def get_myla_globals(request):
         "username" : username,
         "display_name" : display_name,
         "initials" : initials,
-        "is_superuser": is_superuser,
+        "is_admin": is_admin,
         "user_courses_info": user_courses_info,
         "login": login_url,
         "logout": logout_url,

diff --git a/dashboard/rules.py b/dashboard/rules.py
@@ -11,7 +11,7 @@ def is_admin(self, user):
     if self.context.get(user.id):
         return self.context.get(user.id)
 
-    result = user.is_superuser
+    result = user.is_staff
 
     # set cache
     self.context[user.id] = result

diff --git a/dashboard/templates/base.html b/dashboard/templates/base.html
@@ -44,7 +44,7 @@
                     {{ flatpages.first.content|safe }}
                 </td>
                 {% endif %}
-                {% if user.is_superuser and git_version %}
+                {% if user.is_staff and git_version %}
                 <td style="text-align: left">
                     Git version:
                     <a href="{{ git_version.repo }}/commit/{{ git_version.commit }}" target="_blank">{{ git_version.commit_abbrev }}</a>

diff --git a/docs/configuration.md b/docs/configuration.md
@@ -103,11 +103,17 @@ MyLA is designed to be deployed as an LTI tool. To grant admin privileges to a u
 do the following:
 
 1. Have the user launch the tool in Canvas.
-1. Modify their `auth_user` record in the database directly so that `is_staff` and `is_superuser` are true.
+2. Modify their `auth_user` record in the database directly so that `is_staff` and `is_superuser` are true to give full Myla Admin access.
     ```sql
     # Replace username with the user's Canvas username.
     UPDATE auth_user SET is_staff=1, is_superuser=1 where auth_user.username='username';
     ```
+3. Modify their `auth_user` record in the database directly `is_staff`, this gives limited access to admin UI and minimally add the permission "Dashboard | Course | Can view Course" to give them access to see the other courses in the system and navigate them through the Course link in the admin.   
+    ```sql
+    # Replace username with the user's Canvas username.
+    UPDATE auth_user SET is_staff=1 where auth_user.username='username';
+    ```
+
 
 Subsequently, that user can grant other users admin privileges using the admin UI.