Scope permissions in Discussion service only to enrolled users.

d6a16e8d · Jonathan Piacenti · 44363495 · d6a16e8d
Commit d6a16e8d authored Aug 13, 2015 by Jonathan Piacenti
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

common/lib/xmodule/xmodule/x_module.py
+2 -2

No files found.
--- a/common/lib/xmodule/xmodule/x_module.py
+++ b/common/lib/xmodule/xmodule/x_module.py
@@ -1613,7 +1613,7 @@ class DiscussionService(object):
        request.user = user
        user_info = cc.User.from_django_user(self.runtime.user).to_dict()
        course_id = self.runtime.course_id
-        course = get_course_with_access(self.runtime.user, 'load', course_id)
+        course = get_course_with_access(self.runtime.user, 'load', course_id, check_if_enrolled=True)
        user_cohort_id = get_cohort_id(user, course_id)

        unsafethreads, query_params = get_threads(request, course_id)
@@ -1674,7 +1674,7 @@ class DiscussionService(object):
        course_id = self.runtime.course_id
        user = self.runtime.user

-        course = get_course_with_access(user, 'load', course_id)
+        course = get_course_with_access(user, 'load', course_id, check_if_enrolled=True)
        category_map = get_discussion_category_map(course, user)

        is_moderator = has_permission(user, "see_all_cohorts", course_id)