Fix improper parsing of location string

542dff19 · Julia Hansbrough · 741cdf95 · 542dff19 · 542dff19
Commit 542dff19 authored May 13, 2014 by Julia Hansbrough
Show whitespace changes
Inline Side-by-side

Showing with 24 additions and 4 deletions

lms/djangoapps/courseware/tests/test_views.py
+22 -3

lms/djangoapps/courseware/views.py
+2 -1

No files found.
--- a/lms/djangoapps/courseware/tests/test_views.py
+++ b/lms/djangoapps/courseware/tests/test_views.py
@@ -79,15 +79,19 @@ class ViewsTestCase(TestCase):
    Tests for views.py methods.
    """
    def setUp(self):
+        course = CourseFactory()
+        chapter = ItemFactory(category='chapter', parent_location=course.location)  # pylint: disable=no-member
+        section = ItemFactory(category='sequential', parent_location=chapter.location, due=datetime(2013, 9, 18, 11, 30, 00))
+        vertical = ItemFactory(category='vertical', parent_location=section.location)
+        self.component = ItemFactory(category='problem', parent_location=vertical.location)
+
+        self.course_key = course.id
        self.user = User.objects.create(username='dummy', password='123456',
                                        email='test@mit.edu')
        self.date = datetime(2013, 1, 22, tzinfo=UTC)
-        self.course_key = SlashSeparatedCourseKey('edX', 'toy', '2012_Fall')
        self.enrollment = CourseEnrollment.enroll(self.user, self.course_key)
        self.enrollment.created = self.date
        self.enrollment.save()
-        self.location = ['tag', 'org', 'course', 'category', 'name']
-
        self.request_factory = RequestFactory()
        chapter = 'Overview'
        self.chapter_url = '%s/%s/%s' % ('/courses', self.course_key, chapter)
@@ -244,6 +248,21 @@ class ViewsTestCase(TestCase):
        # clean up course modes
        CourseMode.objects.all().delete()

+    def test_submission_history_accepts_valid_ids(self):
+        # log into a staff account
+        admin = AdminFactory()
+
+        self.client.login(username=admin.username, password='test')
+
+        url = reverse('submission_history', kwargs={
+            'course_id': self.course_key.to_deprecated_string(),
+            'student_username': 'dummy',
+            'location': unicode(self.component.location)
+        })
+        response = self.client.get(url)
+        # Tests that we do not get an "Invalid x" response when passing correct arguments to view
+        self.assertFalse('Invalid' in response.content)
+
    def test_submission_history_xss(self):
        # log into a staff account
        admin = AdminFactory()

--- a/lms/djangoapps/courseware/views.py
+++ b/lms/djangoapps/courseware/views.py
@@ -46,6 +46,7 @@ from opaque_keys import InvalidKeyError

 from microsite_configuration import microsite
 from xmodule.modulestore.locations import SlashSeparatedCourseKey
+from xmodule.modulestore.keys import UsageKey

 log = logging.getLogger("edx.courseware")

@@ -739,7 +740,7 @@ def submission_history(request, course_id, student_username, location):
        return HttpResponse(escape(_(u'Invalid course id.')))

    try:
-        usage_key = course_key.make_usage_key_from_deprecated_string(location)
+        usage_key = UsageKey.from_string(location)
    except (InvalidKeyError, AssertionError):
        return HttpResponse(escape(_(u'Invalid location.')))