diff --git a/common/djangoapps/student/views.py b/common/djangoapps/student/views.py
index 35ce225011..ace1f8f576 100644
--- a/common/djangoapps/student/views.py
+++ b/common/djangoapps/student/views.py
@@ -37,6 +37,7 @@ from xmodule.modulestore.exceptions import ItemNotFoundError
from models import Registration, UserProfile, PendingNameChange, PendingEmailChange, CourseEnrollment
from datetime import date
from collections import namedtuple
+from courseware.courses import course_staff_group_name, has_staff_access_to_course
log = logging.getLogger("mitx.student")
Article = namedtuple('Article', 'title url author image deck publication publish_date')
@@ -184,6 +185,14 @@ def change_enrollment(request):
.format(user.username, enrollment.course_id))
return {'success': False, 'error': 'The course requested does not exist.'}
+ if settings.MITX_FEATURES.get('ACCESS_REQUIRE_STAFF_FOR_COURSE'):
+ # require that user be in the staff_* group (or be an overall admin) to be able to enroll
+ # eg staff_6.002x or staff_6.00x
+ if not has_staff_access_to_course(user,course):
+ staff_group = course_staff_group_name(course)
+ log.debug('user %s denied enrollment to %s ; not in %s' % (user,course.location.url(),staff_group))
+ return {'success': False, 'error' : '%s membership required to access course.' % staff_group}
+
enrollment, created = CourseEnrollment.objects.get_or_create(user=user, course_id=course.id)
return {'success': True}
diff --git a/lms/djangoapps/courseware/courses.py b/lms/djangoapps/courseware/courses.py
index 19eef3ee80..e11fb566f4 100644
--- a/lms/djangoapps/courseware/courses.py
+++ b/lms/djangoapps/courseware/courses.py
@@ -114,3 +114,23 @@ def get_course_info_section(course, section_key):
return "! Info section missing !"
raise KeyError("Invalid about key " + str(section_key))
+
+def course_staff_group_name(course):
+ return 'staff_%s' % course.metadata['course']
+
+def has_staff_access_to_course(user,course):
+ '''
+ Returns True if the given user has staff access to the course.
+ This means that user is in the staff_* group, or is an overall admin.
+ '''
+ if user.is_staff:
+ return True
+ user_groups = [x[1] for x in user.groups.values_list()] # note this is the Auth group, not UserTestGroup
+ log.debug('user is in groups %s' % user_groups)
+ staff_group = course_staff_group_name(course)
+ if staff_group in user_groups:
+ return True
+ return False
+
+
+
diff --git a/lms/envs/dev.py b/lms/envs/dev.py
index a4655bf763..3e681e6b0d 100644
--- a/lms/envs/dev.py
+++ b/lms/envs/dev.py
@@ -60,12 +60,13 @@ SECRET_KEY = '85920908f28904ed733fe576320db18cabd7b6cd'
################################ LMS Migration #################################
MITX_FEATURES['ENABLE_LMS_MIGRATION'] = True
+MITX_FEATURES['ACCESS_REQUIRE_STAFF_FOR_COURSE'] = True
LMS_MIGRATION_ALLOWED_IPS = ['any']
################################ OpenID Auth #################################
MITX_FEATURES['AUTH_USE_OPENID'] = True
-MITX_FEATURES['BYPASS_ACTIVATION_EMAIL_FOR_EXTAUTH'] = True
+MITX_FEATURES['BYPASS_ACTIVATION_EMAIL_FOR_EXTAUTH'] = True # require that user be in the staff_* group to be able to enroll
INSTALLED_APPS += ('external_auth',)
INSTALLED_APPS += ('django_openid_auth',)
diff --git a/lms/templates/portal/course_about.html b/lms/templates/portal/course_about.html
index e6359d0542..afecc2f795 100644
--- a/lms/templates/portal/course_about.html
+++ b/lms/templates/portal/course_about.html
@@ -19,6 +19,8 @@
$(document).delegate('#class_enroll_form', 'ajax:success', function(data, json, xhr) {
if(json.success) {
location.href="${reverse('dashboard')}";
+ }else{
+ document.getElementById('register_message').innerHTML = "" + json.error + "
";
}
});
})(this)
@@ -63,6 +65,7 @@
You are registered for this course (${course.number}).
%else:
Register for ${course.number}
+
%endif
%else:
Register for ${course.number}