Description
We want to modify https://github.com/openedx/openedx-platform/blob/ff0690f6c8768158dd07ab6a43e88e8695798283/common/djangoapps/student/auth.py#L183 to allow read access by default when using the new authz system (we don't need an explicit view permission for read).
In #283, we have that if someone doesn't have the manage_advanced_setting permission, they can see advanced_settings but can't edit them (read-only).
Right now, in the code, we are also restricting the view (if they don't have manage, they can't view); we want to fix that.
Acceptance criteria
PR merged that allows reading the advanced settings, and the manage_advanced_settings permission is only used to write actions.
Description
We want to modify https://github.com/openedx/openedx-platform/blob/ff0690f6c8768158dd07ab6a43e88e8695798283/common/djangoapps/student/auth.py#L183 to allow read access by default when using the new authz system (we don't need an explicit view permission for read).
In #283, we have that if someone doesn't have the manage_advanced_setting permission, they can see advanced_settings but can't edit them (read-only).
Right now, in the code, we are also restricting the view (if they don't have manage, they can't view); we want to fix that.
Acceptance criteria
PR merged that allows reading the advanced settings, and the manage_advanced_settings permission is only used to write actions.