diff --git a/lms/djangoapps/teams/api.py b/lms/djangoapps/teams/api.py index 83ff077f01..83e575b20e 100644 --- a/lms/djangoapps/teams/api.py +++ b/lms/djangoapps/teams/api.py @@ -14,7 +14,7 @@ from course_modes.models import CourseMode from lms.djangoapps.discussion.django_comment_client.utils import has_discussion_privileges from lms.djangoapps.teams.models import CourseTeam from openedx.core.lib.teams_config import TeamsetType -from student.models import CourseEnrollment +from student.models import CourseEnrollment, anonymous_id_for_user from student.roles import CourseInstructorRole, CourseStaffRole from xmodule.modulestore.django import modulestore @@ -288,3 +288,25 @@ def get_team_for_user_course_topic(user, course_id, topic_id): membership__user__username=user.username, topic_id=topic_id, ).first() + + +def anonymous_user_ids_for_team(user, team): + """ Get the anonymous user IDs for members of a team, used in team submissions + Requesting user must be a member of the team or course staff + + Returns: + (Array) User IDs, sorted to remove any correlation to usernames + """ + if not user or not team: + raise Exception("User and team must be provided for ID lookup") + + if not has_course_staff_privileges(user, team.course_id) and not user_is_a_team_member(user, team): + raise Exception("User {user} is not permitted to access team info for {team}".format( + user=user.username, + team=team.team_id + )) + + return sorted([ + anonymous_id_for_user(user=team_member, course_id=team.course_id, save=False) + for team_member in team.users.all() + ]) diff --git a/lms/djangoapps/teams/services.py b/lms/djangoapps/teams/services.py index 077c8e0d2b..9a839e16cf 100644 --- a/lms/djangoapps/teams/services.py +++ b/lms/djangoapps/teams/services.py @@ -19,3 +19,7 @@ class TeamsService(object): topic_id=team.topic_id, team_id=team.team_id, ) + + def get_anonymous_user_ids_for_team(self, user, team): + from . import api + return api.anonymous_user_ids_for_team(user, team) diff --git a/lms/djangoapps/teams/tests/test_api.py b/lms/djangoapps/teams/tests/test_api.py index 3ba360277e..6fb7a3bf35 100644 --- a/lms/djangoapps/teams/tests/test_api.py +++ b/lms/djangoapps/teams/tests/test_api.py @@ -185,6 +185,36 @@ class PythonAPITests(SharedModuleStoreTestCase): with self.assertRaisesMessage(ValueError, message): teams_api.get_team_for_user_course_topic(self.user1, invalid_course_id, 'who-cares') + def test_anonymous_user_ids_for_team(self): + """ + A learner should be able to get the anonymous user IDs of their team members + """ + team_anonymous_user_ids = teams_api.anonymous_user_ids_for_team(self.user1, self.team1) + self.assertEqual(len(self.team1.users.all()), len(team_anonymous_user_ids)) + + def test_anonymous_user_ids_for_team_not_on_team(self): + """ + A learner should not be able to get IDs from members of a team they are not a member of + """ + self.assertRaises(Exception, teams_api.anonymous_user_ids_for_team, self.user1, self.team2) + + def test_anonymous_user_ids_for_team_bad_user_or_team(self): + """ + An exception should be thrown when a bad user or team are passed to the endpoint + """ + self.assertRaises(Exception, teams_api.anonymous_user_ids_for_team, None, self.team1) + + def test_anonymous_user_ids_for_team_staff(self): + """ + Course staff should be able to get anonymous IDs for teams in their course + """ + user_staff = UserFactory.create(username='user_staff') + CourseEnrollmentFactory.create(user=user_staff, course_id=COURSE_KEY1) + CourseStaffRole(COURSE_KEY1).add_users(user_staff) + + team_anonymous_user_ids = teams_api.anonymous_user_ids_for_team(user_staff, self.team1) + self.assertEqual(len(self.team1.users.all()), len(team_anonymous_user_ids)) + @ddt.ddt class TeamAccessTests(SharedModuleStoreTestCase):