From 4fc1bbaa177a497ea28db0c654e9c6bf72d20c11 Mon Sep 17 00:00:00 2001 From: "hasnain.naveed" Date: Fri, 3 Apr 2020 14:41:11 +0500 Subject: [PATCH] ENT-2675 | Added permission for staff user to change the student's enrollment. --- .../enrollments/tests/test_views.py | 31 +++++++++++++++++-- openedx/core/djangoapps/enrollments/views.py | 2 +- 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/openedx/core/djangoapps/enrollments/tests/test_views.py b/openedx/core/djangoapps/enrollments/tests/test_views.py index 7d4dbc0209..c2eff8664a 100644 --- a/openedx/core/djangoapps/enrollments/tests/test_views.py +++ b/openedx/core/djangoapps/enrollments/tests/test_views.py @@ -134,10 +134,10 @@ class EnrollmentTestMixin(object): return response - def assert_enrollment_activation(self, expected_activation, expected_mode): + def assert_enrollment_activation(self, expected_activation, expected_mode, as_server=True): """Change an enrollment's activation and verify its activation and mode are as expected.""" self.assert_enrollment_status( - as_server=True, + as_server=as_server, mode=expected_mode, is_active=expected_activation, expected_status=status.HTTP_200_OK @@ -855,6 +855,33 @@ class EnrollmentTest(EnrollmentTestMixin, ModuleStoreTestCase, APITestCase, Ente expected_status=expected_status, ) + def test_deactivate_enrollment_with_global_staff(self): + """Without API key but Staff staff permissions, deactivate (i.e., unenroll from) an existing enrollment.""" + # Configure a mode for the course. + mode = CourseMode.VERIFIED + CourseModeFactory.create( + course_id=self.course.id, + mode_slug=mode, + mode_display_name=mode, + ) + + # Create an enrollment with the selected mode. + self.assert_enrollment_status(as_server=True, mode=mode) + + # Check that the enrollment has the correct mode and is active. + self.assertTrue(CourseEnrollment.is_enrolled(self.user, self.course.id)) + course_mode, is_active = CourseEnrollment.enrollment_mode_for_user(self.user, self.course.id) + self.assertTrue(is_active) + self.assertEqual(course_mode, mode) + + username = 'global_staff' + AdminFactory(username=username, email='global_staff@example.com', password=self.PASSWORD) + + self.client.login(username=username, password=self.PASSWORD) + # Verify that the enrollment has been deactivated, and the mode is + # unchanged even by passing the as_server=false which means no API-KEY + self.assert_enrollment_activation(False, mode, as_server=False) + def test_deactivate_enrollment_expired_mode(self): """Verify that an enrollment in an expired mode can be deactivated.""" for mode in (CourseMode.HONOR, CourseMode.VERIFIED): diff --git a/openedx/core/djangoapps/enrollments/views.py b/openedx/core/djangoapps/enrollments/views.py index cf2e73ffd2..6b1ff20cd1 100644 --- a/openedx/core/djangoapps/enrollments/views.py +++ b/openedx/core/djangoapps/enrollments/views.py @@ -768,7 +768,7 @@ class EnrollmentListView(APIView, ApiKeyPermissionMixIn): for attr in enrollment_attributes ] missing_attrs = set(REQUIRED_ATTRIBUTES.get(mode, [])) - set(actual_attrs) - if has_api_key_permissions and (mode_changed or active_changed): + if (GlobalStaff().has_user(request.user) or has_api_key_permissions) and (mode_changed or active_changed): if mode_changed and active_changed and not is_active: # if the requester wanted to deactivate but specified the wrong mode, fail # the request (on the assumption that the requester had outdated information