Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
E
edx-platform
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
edx
edx-platform
Commits
2a7b4167
Commit
2a7b4167
authored
Jul 19, 2017
by
Marko Jevtic
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[LEARNER-1104] Allow staff members to view enrollment for any user
parent
2d6b477e
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
5 additions
and
5 deletions
+5
-5
common/djangoapps/enrollment/tests/test_views.py
+4
-4
common/djangoapps/enrollment/views.py
+1
-1
No files found.
common/djangoapps/enrollment/tests/test_views.py
View file @
2a7b4167
...
...
@@ -385,7 +385,7 @@ class EnrollmentTest(EnrollmentTestMixin, ModuleStoreTestCase, APITestCase, Ente
def
test_user_does_not_match_param
(
self
):
"""
The view should return status 404 if the enrollment username does not match the username of the user
making the request, unless the request is made by a s
uper
user or with a server API key.
making the request, unless the request is made by a s
taff
user or with a server API key.
"""
CourseModeFactory
.
create
(
course_id
=
self
.
course
.
id
,
...
...
@@ -403,9 +403,9 @@ class EnrollmentTest(EnrollmentTestMixin, ModuleStoreTestCase, APITestCase, Ente
response
=
self
.
client
.
get
(
url
,
**
{
'HTTP_X_EDX_API_KEY'
:
self
.
API_KEY
})
self
.
assertEqual
(
response
.
status_code
,
status
.
HTTP_200_OK
)
# Verify s
uperusers
have access to this endpoint
s
uperuser
=
UserFactory
.
create
(
password
=
self
.
PASSWORD
,
is_superuser
=
True
)
self
.
client
.
login
(
username
=
s
uper
user
.
username
,
password
=
self
.
PASSWORD
)
# Verify s
taff
have access to this endpoint
s
taff_user
=
UserFactory
.
create
(
password
=
self
.
PASSWORD
,
is_staff
=
True
)
self
.
client
.
login
(
username
=
s
taff_
user
.
username
,
password
=
self
.
PASSWORD
)
response
=
self
.
client
.
get
(
url
)
self
.
assertEqual
(
response
.
status_code
,
status
.
HTTP_200_OK
)
...
...
common/djangoapps/enrollment/views.py
View file @
2a7b4167
...
...
@@ -167,7 +167,7 @@ class EnrollmentView(APIView, ApiKeyPermissionMixIn):
# TODO Implement proper permissions
if
request
.
user
.
username
!=
username
and
not
self
.
has_api_key_permissions
(
request
)
\
and
not
request
.
user
.
is_s
uperuser
:
and
not
request
.
user
.
is_s
taff
:
# Return a 404 instead of a 403 (Unauthorized). If one user is looking up
# other users, do not let them deduce the existence of an enrollment.
return
Response
(
status
=
status
.
HTTP_404_NOT_FOUND
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment