diff --git a/common/djangoapps/student/views.py b/common/djangoapps/student/views.py index 87490786c1..53e855b1c9 100644 --- a/common/djangoapps/student/views.py +++ b/common/djangoapps/student/views.py @@ -94,8 +94,9 @@ def main_index(extra_context = {}, user=None): context.update(extra_context) return render_to_response('index.html', context) -def course_from_id(id): - course_loc = CourseDescriptor.id_to_location(id) +def course_from_id(course_id): + """Return the CourseDescriptor corresponding to this course_id""" + course_loc = CourseDescriptor.id_to_location(course_id) return modulestore().get_item(course_loc) @@ -158,15 +159,19 @@ def try_change_enrollment(request): @login_required def change_enrollment_view(request): + """Delegate to change_enrollment to actually do the work.""" return HttpResponse(json.dumps(change_enrollment(request))) - def change_enrollment(request): if request.method != "POST": raise Http404 - action = request.POST.get("enrollment_action", "") user = request.user + if not user.is_authenticated(): + raise Http404 + + action = request.POST.get("enrollment_action", "") + course_id = request.POST.get("course_id", None) if course_id == None: return HttpResponse(json.dumps({'success': False, 'error': 'There was an error receiving the course id.'})) @@ -184,7 +189,7 @@ def change_enrollment(request): if settings.MITX_FEATURES.get('ACCESS_REQUIRE_STAFF_FOR_COURSE'): # require that user be in the staff_* group (or be an overall admin) to be able to enroll # eg staff_6.002x or staff_6.00x - if not has_staff_access_to_course(user,course): + if not has_staff_access_to_course(user, course): staff_group = course_staff_group_name(course) log.debug('user %s denied enrollment to %s ; not in %s' % (user,course.location.url(),staff_group)) return {'success': False, 'error' : '%s membership required to access course.' % staff_group} @@ -264,6 +269,7 @@ def logout_user(request): def change_setting(request): ''' JSON call to change a profile setting: Right now, location ''' + # TODO (vshnayder): location is no longer used up = UserProfile.objects.get(user=request.user) # request.user.profile_cache if 'location' in request.POST: up.location = request.POST['location'] diff --git a/lms/djangoapps/courseware/views.py b/lms/djangoapps/courseware/views.py index 59f8de7b38..96d6890823 100644 --- a/lms/djangoapps/courseware/views.py +++ b/lms/djangoapps/courseware/views.py @@ -228,12 +228,10 @@ def jump_to(request, location): ''' Show the page that contains a specific location. - If the location is invalid, return a 404. + If the location is invalid or not in any class, return a 404. - If the location is valid, but not present in a course, ? - - If the location is valid, but in a course the current user isn't registered for, ? - TODO -- let the index view deal with it? + Otherwise, delegates to the index view to figure out whether this user + has access, and what they should see. ''' # Complain if the location isn't valid try: @@ -249,16 +247,16 @@ def jump_to(request, location): except NoPathToItem: raise Http404("This location is not in any class: {0}".format(location)) - # Rely on index to do all error handling + # Rely on index to do all error handling and access control. return index(request, course_id, chapter, section, position) @ensure_csrf_cookie def course_info(request, course_id): - ''' + """ Display the course's info.html, or 404 if there is no such course. Assumes the course_id is in a valid format. - ''' + """ course = check_course(course_id) return render_to_response('info.html', {'course': course}) @@ -284,7 +282,10 @@ def course_about(request, course_id): @ensure_csrf_cookie @cache_if_anonymous def university_profile(request, org_id): - all_courses = sorted(modulestore().get_courses(), key=lambda course: course.number) + """ + Return the profile for the particular org_id. 404 if it's not valid. + """ + all_courses = modulestore().get_courses() valid_org_ids = set(c.org for c in all_courses) if org_id not in valid_org_ids: raise Http404("University Profile not found for {0}".format(org_id))