diff --git a/lms/djangoapps/courseware/module_render.py b/lms/djangoapps/courseware/module_render.py
index da9828fb12..8a96d2533f 100644
--- a/lms/djangoapps/courseware/module_render.py
+++ b/lms/djangoapps/courseware/module_render.py
@@ -143,8 +143,9 @@ def get_module(user, request, location, student_module_cache, course_id, positio
     exists.
 
     Arguments:
-      - user                  : current django User
-      - request               : current django HTTPrequest
+      - user                  : User for whom we're getting the module
+      - request               : current django HTTPrequest -- used in particular for auth
+                                (This is important e.g. for prof impersonation of students in progress view)
       - location              : A Location-like object identifying the module to load
       - student_module_cache  : a StudentModuleCache
       - course_id             : the course_id in the context of which to load module
@@ -170,7 +171,9 @@ def _get_module(user, request, location, student_module_cache, course_id, positi
     descriptor = modulestore().get_instance(course_id, location)
 
     # Short circuit--if the user shouldn't have access, bail without doing any work
-    if not has_access(user, descriptor, 'load'):
+    # NOTE: Do access check on request.user -- that's who actually needs access (e.g. could be prof
+    # impersonating a user)
+    if not has_access(request.user, descriptor, 'load'):
         return None
 
     #TODO Only check the cache if this module can possibly have state