Merge pull request #3065 from edx/waheed/lms2442-fix-is_authenticated-in-roles

Change user.is_authenticated to user.is_authenticated() in roles.py.

common/djangoapps/student/roles.py

@@ -64,7 +64,7 @@ class GlobalStaff(AccessRole):
 
     def add_users(self, *users):
         for user in users:
-            if (user.is_authenticated and user.is_active):
+            if (user.is_authenticated() and user.is_active):
                 user.is_staff = True
                 user.save()
 
@@ -98,7 +98,7 @@ class GroupBasedRole(AccessRole):
         """
         Return whether the supplied django user has access to this role.
         """
-        if not (user.is_authenticated and user.is_active):
+        if not (user.is_authenticated() and user.is_active):
             return False
 
         # pylint: disable=protected-access
@@ -113,7 +113,7 @@ class GroupBasedRole(AccessRole):
         """
         # silently ignores anonymous and inactive users so that any that are
         # legit get updated.
-        users = [user for user in users if user.is_authenticated and user.is_active]
+        users = [user for user in users if user.is_authenticated() and user.is_active]
         group, _ = Group.objects.get_or_create(name=self._group_names[0])
         group.user_set.add(*users)
         # remove cache

common/djangoapps/student/tests/test_authz.py

@@ -4,7 +4,7 @@ Tests authz.py
 import mock
 
 from django.test import TestCase
-from django.contrib.auth.models import User
+from django.contrib.auth.models import User, AnonymousUser
 from xmodule.modulestore import Location
 from django.core.exceptions import PermissionDenied
 
@@ -78,9 +78,10 @@ class CreatorGroupTest(TestCase):
         """
         with mock.patch.dict('django.conf.settings.FEATURES',
                              {'DISABLE_COURSE_CREATION': False, "ENABLE_CREATOR_GROUP": True}):
-            self.user.is_authenticated = False
-            add_users(self.admin, CourseCreatorRole(), self.user)
-            self.assertFalse(has_access(self.user, CourseCreatorRole()))
+            anonymous_user = AnonymousUser()
+            role = CourseCreatorRole()
+            add_users(self.admin, role, anonymous_user)
+            self.assertFalse(has_access(anonymous_user, role))
 
     def test_add_user_not_active(self):
         """

common/djangoapps/student/tests/test_email.py

@@ -5,7 +5,7 @@ import unittest
 from student.tests.factories import UserFactory, RegistrationFactory, PendingEmailChangeFactory
 from student.views import reactivation_email_for_user, change_email_request, confirm_email_change
 from student.models import UserProfile, PendingEmailChange
-from django.contrib.auth.models import User
+from django.contrib.auth.models import User, AnonymousUser
 from django.test import TestCase, TransactionTestCase
 from django.test.client import RequestFactory
 from mock import Mock, patch
@@ -157,10 +157,11 @@ class EmailChangeRequestTests(TestCase):
         self.assertFalse(self.user.email_user.called)
 
     def test_unauthenticated(self):
-        self.user.is_authenticated = False
+        self.request.user = AnonymousUser()
+        self.request.user.email_user = Mock()
         with self.assertRaises(Http404):
             change_email_request(self.request)
-        self.assertFalse(self.user.email_user.called)
+        self.assertFalse(self.request.user.email_user.called)
 
     def test_invalid_password(self):
         self.request.POST['password'] = 'wrong'

common/djangoapps/student/views.py

@@ -1522,7 +1522,7 @@ def change_email_request(request):
     """ AJAX call from the profile page. User wants a new e-mail.
     """
     ## Make sure it checks for existing e-mail conflicts
-    if not request.user.is_authenticated:
+    if not request.user.is_authenticated():
         raise Http404
 
     user = request.user