Checks access using the CCX course key,

instead of using the base course key (which does not contain the CCX info).
This removes the need for special checking of CCXKey/CCXLocator types, and just
treats them like normal CourseKeys.

This fix allows users with a Staff role on a CCX course to view CCX courses in Insights.

lms/djangoapps/courseware/access.py

@@ -156,9 +156,6 @@ def has_access(user, action, obj, course_key=None):
     if isinstance(obj, XBlock):
         return _has_access_descriptor(user, action, obj, course_key)
 
-    if isinstance(obj, CCXLocator):
-        return _has_access_ccx_key(user, action, obj)
-
     if isinstance(obj, CourseKey):
         return _has_access_course_key(user, action, obj)
 
@@ -621,16 +618,6 @@ def _has_access_course_key(user, action, course_key):
     return _dispatch(checkers, action, user, course_key)
 
 
-def _has_access_ccx_key(user, action, ccx_key):
-    """Check if user has access to the course for this ccx_key
-
-    Delegates checking to _has_access_course_key
-    Valid actions: same as for that function
-    """
-    course_key = ccx_key.to_course_locator()
-    return _has_access_course_key(user, action, course_key)
-
-
 def _has_access_string(user, action, perm):
     """
     Check if user has certain special access, specified as string.  Valid strings:

lms/djangoapps/courseware/tests/helpers.py

@@ -33,7 +33,8 @@ class LoginEnrollmentTestCase(TestCase):
             self.email,
             self.password,
         )
-        self.activate_user(self.email)
+        # activate_user re-fetches and returns the activated user record
+        self.user = self.activate_user(self.email)
         self.login(self.email, self.password)
 
     def assert_request_status_code(self, status_code, url, method="GET", **kwargs):
@@ -100,7 +101,10 @@ class LoginEnrollmentTestCase(TestCase):
         url = reverse('activate', kwargs={'key': activation_key})
         self.assert_request_status_code(200, url)
         # Now make sure that the user is now actually activated
-        self.assertTrue(User.objects.get(email=email).is_active)
+        user = User.objects.get(email=email)
+        self.assertTrue(user.is_active)
+        # And return the user we fetched.
+        return user
 
     def enroll(self, course, verify=False):
         """

lms/djangoapps/courseware/tests/test_access.py

@@ -30,7 +30,7 @@ from courseware.tests.factories import (
 from courseware.tests.helpers import LoginEnrollmentTestCase
 from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
 from student.models import CourseEnrollment
-from student.roles import CourseCcxCoachRole
+from student.roles import CourseCcxCoachRole, CourseStaffRole
 from student.tests.factories import (
     AdminFactory,
     AnonymousUserFactory,
@@ -123,6 +123,23 @@ class CoachAccessTestCaseCCX(SharedModuleStoreTestCase, LoginEnrollmentTestCase)
         self.setup_user()
         self.assertFalse(access.has_ccx_coach_role(self.user, ccx_locator))
 
+    def test_ccx_coach_has_staff_role(self):
+        """
+        Assert that user has staff access on ccx.
+        """
+        ccx_locator = self.make_ccx()
+
+        # coach user has access as staff on ccx
+        self.assertTrue(access.has_access(self.coach, 'staff', ccx_locator))
+
+        # basic user doesn't have staff access on ccx..
+        self.setup_user()
+        self.assertFalse(access.has_access(self.user, 'staff', ccx_locator))
+
+        # until we give her a staff role.
+        CourseStaffRole(ccx_locator).add_users(self.user)
+        self.assertTrue(access.has_access(self.user, 'staff', ccx_locator))
+
     def test_access_student_progress_ccx(self):
         """
         Assert that only a coach can see progress of student.