Allowed staff/admin of course to view ccx coach dashboard

e1035c7b · Amir Qayyum Khan · db5fe130 · e1035c7b · e1035c7b · e1035c7b
Commit e1035c7b authored Jan 15, 2016 by Amir Qayyum Khan
Hide whitespace changes
Inline Side-by-side

Showing with 101 additions and 14 deletions

lms/djangoapps/ccx/plugins.py
+3 -0

lms/djangoapps/ccx/tests/test_views.py
+79 -1

lms/djangoapps/ccx/views.py
+19 -13

No files found.
--- a/lms/djangoapps/ccx/plugins.py
+++ b/lms/djangoapps/ccx/plugins.py
@@ -7,6 +7,7 @@ from django.utils.translation import ugettext_noop

 from xmodule.tabs import CourseTab
 from student.roles import CourseCcxCoachRole
+from courseware.access import has_access


 class CcxCourseTab(CourseTab):
@@ -28,5 +29,7 @@ class CcxCourseTab(CourseTab):
            return True
        if not settings.FEATURES.get('CUSTOM_COURSES_EDX', False) or not course.enable_ccx:
            return False
+        if has_access(user, 'staff', course) or has_access(user, 'instructor', course):
+            return True
        role = CourseCcxCoachRole(course.id)
        return role.has_user(user)
--- a/lms/djangoapps/ccx/tests/test_views.py
+++ b/lms/djangoapps/ccx/tests/test_views.py
@@ -23,7 +23,11 @@ from django.test import RequestFactory
 from edxmako.shortcuts import render_to_response
 from request_cache.middleware import RequestCache
 from opaque_keys.edx.keys import CourseKey
-from student.roles import CourseCcxCoachRole
+from student.roles import (
+    CourseCcxCoachRole,
+    CourseInstructorRole,
+    CourseStaffRole
+)
 from student.models import (
    CourseEnrollment,
    CourseEnrollmentAllowed,
@@ -116,6 +120,75 @@ def setup_students_and_grades(context):
                    )


+class TestAdminAccessCoachDashboard(CcxTestCase, LoginEnrollmentTestCase):
+    """
+    Tests for Custom Courses views.
+    """
+    MODULESTORE = TEST_DATA_SPLIT_MODULESTORE
+
+    def make_staff(self):
+        """
+        create staff user
+        """
+        staff = AdminFactory.create(password="test")
+        role = CourseStaffRole(self.course.id)
+        role.add_users(staff)
+
+        return staff
+
+    def make_instructor(self):
+        """
+        create staff instructor
+        """
+        instructor = AdminFactory.create(password="test")
+        role = CourseInstructorRole(self.course.id)
+        role.add_users(instructor)
+
+        return instructor
+
+    def test_staff_access_coach_dashboard(self):
+        """
+        User is staff, should access coach dashboard.
+        """
+        staff = self.make_staff()
+        self.client.login(username=staff.username, password="test")
+        self.make_coach()
+        ccx = self.make_ccx()
+        url = reverse(
+            'ccx_coach_dashboard',
+            kwargs={'course_id': CCXLocator.from_course_locator(self.course.id, ccx.id)})
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 200)
+
+    def test_instructor_access_coach_dashboard(self):
+        """
+        User is instructor, should access coach dashboard.
+        """
+        instructor = self.make_instructor()
+        self.client.login(username=instructor.username, password="test")
+        self.make_coach()
+        ccx = self.make_ccx()
+        url = reverse(
+            'ccx_coach_dashboard',
+            kwargs={'course_id': CCXLocator.from_course_locator(self.course.id, ccx.id)})
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 200)
+
+    def test_forbidden_user_access_coach_dashboard(self):
+        """
+        Assert user with no access must not see dashboard.
+        """
+        user = UserFactory.create(password="test")
+        self.client.login(username=user.username, password="test")
+        self.make_coach()
+        ccx = self.make_ccx()
+        url = reverse(
+            'ccx_coach_dashboard',
+            kwargs={'course_id': CCXLocator.from_course_locator(self.course.id, ccx.id)})
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 403)
+
+
 @attr('shard_1')
 @ddt.ddt
 class TestCoachDashboard(CcxTestCase, LoginEnrollmentTestCase):
@@ -164,7 +237,12 @@ class TestCoachDashboard(CcxTestCase, LoginEnrollmentTestCase):
        """
        User is not a coach, should get Forbidden response.
        """
+        self.make_coach()
        ccx = self.make_ccx()
+
+        # create session of non-coach user
+        user = UserFactory.create(password="test")
+        self.client.login(username=user.username, password="test")
        url = reverse(
            'ccx_coach_dashboard',
            kwargs={'course_id': CCXLocator.from_course_locator(self.course.id, ccx.id)})

--- a/lms/djangoapps/ccx/views.py
+++ b/lms/djangoapps/ccx/views.py
@@ -26,6 +26,7 @@ from django.views.decorators.cache import cache_control
 from django.views.decorators.csrf import ensure_csrf_cookie
 from django.contrib.auth.models import User

+from courseware.access import has_access
 from courseware.courses import get_course_by_id

 from courseware.field_overrides import disable_overrides
@@ -85,20 +86,25 @@ def coach_dashboard(view):
            ccx = CustomCourseForEdX.objects.get(pk=ccx_id)
            course_key = ccx.course_id

-        role = CourseCcxCoachRole(course_key)
-        if not role.has_user(request.user):
-            return HttpResponseForbidden(
-                _('You must be a CCX Coach to access this view.'))
-
        course = get_course_by_id(course_key, depth=None)
-
-        # if there is a ccx, we must validate that it is the ccx for this coach
-        if ccx is not None:
-            coach_ccx = get_ccx_by_ccx_id(course, request.user, ccx.id)
-            if coach_ccx is None:
-                return HttpResponseForbidden(
-                    _('You must be the coach for this ccx to access this view')
-                )
+        is_staff = has_access(request.user, 'staff', course)
+        is_instructor = has_access(request.user, 'instructor', course)
+
+        if is_staff or is_instructor:
+            # if user is staff or instructor then he can view ccx coach dashboard.
+            return view(request, course, ccx)
+        else:
+            role = CourseCcxCoachRole(course_key)
+            if not role.has_user(request.user):
+                return HttpResponseForbidden(_('You must be a CCX Coach to access this view.'))
+
+            # if there is a ccx, we must validate that it is the ccx for this coach
+            if ccx is not None:
+                coach_ccx = get_ccx_by_ccx_id(course, request.user, ccx.id)
+                if coach_ccx is None:
+                    return HttpResponseForbidden(
+                        _('You must be the coach for this ccx to access this view')
+                    )

        return view(request, course, ccx)
    return wrapper