Merge pull request #554 from MITx/feature/victor/fix-staff-profile-view

Set request.user = student when impersonating a student

Merge pull request #554 from MITx/feature/victor/fix-staff-profile-view
Set request.user = student when impersonating a student
955dc947 · David Ormsbee · d042578a · 7a6fa1dd · 955dc947 · 955dc947
Commit 955dc947 authored Aug 25, 2012 by David Ormsbee
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 6 deletions

lms/djangoapps/courseware/module_render.py
+6 -3

lms/djangoapps/courseware/views.py
+6 -3

No files found.
--- a/lms/djangoapps/courseware/module_render.py
+++ b/lms/djangoapps/courseware/module_render.py
@@ -143,8 +143,9 @@ def get_module(user, request, location, student_module_cache, course_id, positio
    exists.

    Arguments:
-      - user                  : current django User
-      - request               : current django HTTPrequest
+      - user                  : User for whom we're getting the module
+      - request               : current django HTTPrequest -- used in particular for auth
+                                (This is important e.g. for prof impersonation of students in progress view)
      - location              : A Location-like object identifying the module to load
      - student_module_cache  : a StudentModuleCache
      - course_id             : the course_id in the context of which to load module
@@ -170,7 +171,9 @@ def _get_module(user, request, location, student_module_cache, course_id, positi
    descriptor = modulestore().get_instance(course_id, location)

    # Short circuit--if the user shouldn't have access, bail without doing any work
-    if not has_access(user, descriptor, 'load'):
+    # NOTE: Do access check on request.user -- that's who actually needs access (e.g. could be prof
+    # impersonating a user)
+    if not has_access(request.user, descriptor, 'load'):
        return None

    #TODO Only check the cache if this module can possibly have state

--- a/lms/djangoapps/courseware/views.py
+++ b/lms/djangoapps/courseware/views.py
@@ -325,14 +325,17 @@ def progress(request, course_id, student_id=None):
            raise Http404
        student = User.objects.get(id=int(student_id))

+    # NOTE: To make sure impersonation by instructor works, use
+    # student instead of request.user in the rest of the function.
+
    student_module_cache = StudentModuleCache.cache_for_descriptor_descendents(
-        course_id, request.user, course)
-    course_module = get_module(request.user, request, course.location,
+        course_id, student, course)
+    course_module = get_module(student, request, course.location,
                               student_module_cache, course_id)

    courseware_summary = grades.progress_summary(student, course_module,
                                                 course.grader, student_module_cache)
-    grade_summary = grades.grade(request.user, request, course, student_module_cache)
+    grade_summary = grades.grade(student, request, course, student_module_cache)

    context = {'course': course,
               'courseware_summary': courseware_summary,