Update course enrollments API to allow beta users to see a course.

Also adds me as an author JIRA: https://openedx.atlassian.net/browse/MA-76

Update course enrollments API to allow beta users to see a course.
Also adds me as an author JIRA: https://openedx.atlassian.net/browse/MA-76
ffd6d894 · Akiva Leffert · 8b73de91 · ffd6d894 · ffd6d894 · ffd6d894
Commit ffd6d894 authored Oct 30, 2014 by Akiva Leffert
Show whitespace changes
Inline Side-by-side

Showing with 58 additions and 19 deletions

AUTHORS
+1 -0

lms/djangoapps/mobile_api/users/tests.py
+45 -15

lms/djangoapps/mobile_api/users/views.py
+12 -4

No files found.
--- a/AUTHORS
+++ b/AUTHORS
@@ -179,3 +179,4 @@ Henry Tareque <henry.tareque@gmail.com>
 Eugeny Kolpakov <eugeny.kolpakov@gmail.com>
 Omar Al-Ithawi <oithawi@qrf.org>
 Louis Pilfold <louis@lpil.uk>
+Akiva Leffert <akiva@edx.org>
--- a/lms/djangoapps/mobile_api/users/tests.py
+++ b/lms/djangoapps/mobile_api/users/tests.py
 """
 Tests for users API
 """
+
+import ddt
 from rest_framework.test import APITestCase
 from xmodule.modulestore.tests.factories import CourseFactory
 from xmodule.modulestore.tests.django_utils import ModuleStoreTestCase
@@ -8,8 +10,10 @@ from courseware.tests.factories import UserFactory
 from django.core.urlresolvers import reverse
 from mobile_api.users.serializers import CourseEnrollmentSerializer
 from student.models import CourseEnrollment
+from student import auth


+@ddt.ddt
 class TestUserApi(ModuleStoreTestCase, APITestCase):
    """
    Test the user info API
@@ -25,44 +29,70 @@ class TestUserApi(ModuleStoreTestCase, APITestCase):
        super(TestUserApi, self).tearDown()
        self.client.logout()

-    def _enroll(self):
+    def _enrollment_url(self):
+        """
+        api url that gets the current user's course enrollments
+        """
+        return reverse('courseenrollment-detail', kwargs={'username': self.user.username})
+
+    def _enroll(self, course):
        """
        enroll test user in test course
        """
        resp = self.client.post(reverse('change_enrollment'), {
            'enrollment_action': 'enroll',
-            'course_id': self.course.id.to_deprecated_string(),
+            'course_id': course.id.to_deprecated_string(),
            'check_access': True,
        })
        self.assertEqual(resp.status_code, 200)

-    def test_user_enrollments(self):
-        url = reverse('courseenrollment-detail', kwargs={'username': self.user.username})
+    def _verify_single_course_enrollment(self, course):
+        """
+        check that enrolling in course adds us to it
+        """

+        url = self._enrollment_url()
        self.client.login(username=self.username, password=self.password)
+        self._enroll(course)
        response = self.client.get(url)
+
        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.data, [])  # pylint: disable=E1103

-        self._enroll()
+        courses = response.data   # pylint: disable=maybe-no-member
+        self.assertEqual(len(courses), 1)
+
+        found_course = courses[0]['course']
+        self.assertTrue('video_outline' in found_course)
+        self.assertTrue('course_handouts' in found_course)
+        self.assertEqual(found_course['id'], unicode(course.id))
+        self.assertEqual(courses[0]['mode'], 'honor')
+
+    def test_non_mobile_enrollments(self):
+        url = self._enrollment_url()
+        non_mobile_course = CourseFactory.create(mobile_available=False)
+        self.client.login(username=self.username, password=self.password)
+
+        self._enroll(non_mobile_course)
        response = self.client.get(url)
        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.data, [])    # pylint: disable=maybe-no-member

-        courses = response.data  # pylint: disable=E1103
+    @ddt.data(auth.CourseBetaTesterRole, auth.CourseStaffRole, auth.CourseInstructorRole)
+    def test_privileged_enrollments(self, role):
+        non_mobile_course = CourseFactory.create(mobile_available=False)
+        role(non_mobile_course.id).add_users(self.user)

-        self.assertTrue(len(courses), 1)
-        course = courses[0]['course']
-        self.assertTrue('video_outline' in course)
-        self.assertTrue('course_handouts' in course)
-        self.assertEqual(course['id'], self.course.id.to_deprecated_string())
-        self.assertEqual(courses[0]['mode'], 'honor')
+        self._verify_single_course_enrollment(non_mobile_course)
+
+    def test_mobile_enrollments(self):
+        self._verify_single_course_enrollment(self.course)

    def test_user_overview(self):
        self.client.login(username=self.username, password=self.password)
        url = reverse('user-detail', kwargs={'username': self.user.username})
        response = self.client.get(url)
        self.assertEqual(response.status_code, 200)
-        data = response.data  # pylint: disable=E1103
+        data = response.data  # pylint: disable=maybe-no-member
        self.assertEqual(data['username'], self.user.username)
        self.assertEqual(data['email'], self.user.email)

@@ -89,7 +119,7 @@ class TestUserApi(ModuleStoreTestCase, APITestCase):

    def test_course_serializer(self):
        self.client.login(username=self.username, password=self.password)
-        self._enroll()
+        self._enroll(self.course)
        serialized = CourseEnrollmentSerializer(CourseEnrollment.enrollments_for_user(self.user)[0]).data  # pylint: disable=E1101
        self.assertEqual(serialized['course']['video_outline'], None)
        self.assertEqual(serialized['course']['name'], self.course.display_name)
--- a/lms/djangoapps/mobile_api/users/views.py
+++ b/lms/djangoapps/mobile_api/users/views.py
@@ -8,8 +8,10 @@ from rest_framework.authentication import OAuth2Authentication, SessionAuthentic
 from rest_framework.decorators import api_view, authentication_classes, permission_classes
 from rest_framework.permissions import IsAuthenticated

-from courseware.access import has_access
+from courseware import access
 from student.models import CourseEnrollment, User
+from student.roles import CourseBetaTesterRole
+from student import auth

 from .serializers import CourseEnrollmentSerializer, UserSerializer

@@ -119,12 +121,18 @@ def my_user_info(request):

 def mobile_course_enrollments(enrollments, user):
    """
-    Return enrollments only if courses are mobile_available (or if the user has staff access)
-    enrollments is a list of CourseEnrollments.
+    Return enrollments only if courses are mobile_available (or if the user has
+    privileged (beta, staff, instructor) access)
+
+    :param enrollments is a list of CourseEnrollments.
    """
    for enr in enrollments:
        course = enr.course
+
+        # Implicitly includes instructor role via the following has_access check
+        role = CourseBetaTesterRole(course.id)
+
        # The course doesn't always really exist -- we can have bad data in the enrollments
        # pointing to non-existent (or removed) courses, in which case `course` is None.
-        if course and (course.mobile_available or has_access(user, 'staff', course)):
+        if course and (course.mobile_available or auth.has_access(user, role) or access.has_access(user, 'staff', course)):
            yield enr