Skip to content

E
edx-platform
Commit 2f466537 by Kevin Chugh
Options

Merge pull request #745 from edx/dave/block_forums_for_unenrolled 

Make it so that students who are not enrolled cannot see the forum
parents e79f8c43 25d98778
Showing with 19 additions and 6 deletions
lms/djangoapps/courseware/access.py
......@@ -17,6 +17,7 @@ from student.models import CourseEnrollmentAllowed
from external_auth.models import ExternalAuthMap
from courseware.masquerade import is_masquerading_as_student
from django.utils.timezone import UTC
from student.models import CourseEnrollment
DEBUG_ACCESS = False
......@@ -114,6 +115,7 @@ def _has_access_course_desc(user, course, action):
Valid actions:
'load' -- load the courseware, see inside the course
'load_forum' -- can load and contribute to the forums (one access level for now)
'enroll' -- enroll. Checks for enrollment window,
ACCESS_REQUIRE_STAFF_FOR_COURSE,
'see_exists' -- can see that the course exists.
......@@ -128,6 +130,15 @@ def _has_access_course_desc(user, course, action):
# delegate to generic descriptor check to check start dates
return _has_access_descriptor(user, course, 'load')
def can_load_forum():
"""
Can this user access the forums in this course?
"""
return (can_load() and \
(CourseEnrollment.is_enrolled(user, course.id) or \
_has_staff_access_to_descriptor(user, course)
))
def can_enroll():
"""
First check if restriction of enrollment by login method is enabled, both
......@@ -193,6 +204,7 @@ def _has_access_course_desc(user, course, action):
checkers = {
'load': can_load,
'load_forum': can_load_forum,
'enroll': can_enroll,
'see_exists': see_exists,
'staff': lambda: _has_staff_access_to_descriptor(user, course),
......
lms/djangoapps/django_comment_client/forum/views.py
......@@ -108,7 +108,7 @@ def inline_discussion(request, course_id, discussion_id):
"""
Renders JSON for DiscussionModules
"""
course = get_course_with_access(request.user, course_id, 'load')
course = get_course_with_access(request.user, course_id, 'load_forum')
try:
threads, query_params = get_threads(request, course_id, discussion_id, per_page=INLINE_THREADS_PER_PAGE)
......@@ -168,7 +168,8 @@ def forum_form_discussion(request, course_id):
"""
Renders the main Discussion page, potentially filtered by a search query
"""
course = get_course_with_access(request.user, course_id, 'load')
course = get_course_with_access(request.user, course_id, 'load_forum')
category_map = utils.get_discussion_category_map(course)
try:
......@@ -238,7 +239,7 @@ def forum_form_discussion(request, course_id):
@login_required
def single_thread(request, course_id, discussion_id, thread_id):
course = get_course_with_access(request.user, course_id, 'load')
course = get_course_with_access(request.user, course_id, 'load_forum')
cc_user = cc.User.from_django_user(request.user)
user_info = cc_user.to_dict()
......@@ -273,7 +274,7 @@ def single_thread(request, course_id, discussion_id, thread_id):
log.error("Error loading single thread.")
raise Http404
course = get_course_with_access(request.user, course_id, 'load')
course = get_course_with_access(request.user, course_id, 'load_forum')
for thread in threads:
courseware_context = get_courseware_context(thread, course)
......@@ -333,7 +334,7 @@ def single_thread(request, course_id, discussion_id, thread_id):
@login_required
def user_profile(request, course_id, user_id):
#TODO: Allow sorting?
course = get_course_with_access(request.user, course_id, 'load')
course = get_course_with_access(request.user, course_id, 'load_forum')
try:
profiled_user = cc.User(id=user_id, course_id=course_id)
......@@ -374,7 +375,7 @@ def user_profile(request, course_id, user_id):
def followed_threads(request, course_id, user_id):
course = get_course_with_access(request.user, course_id, 'load')
course = get_course_with_access(request.user, course_id, 'load_forum')
try:
profiled_user = cc.User(id=user_id, course_id=course_id)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment