From 8b7ff1ac2ae5273854e61349e972df6dcd8646a0 Mon Sep 17 00:00:00 2001
From: Adam Butterworth <abutterworth@edx.org>
Date: Fri, 3 Apr 2020 10:21:06 -0400
Subject: [PATCH] Eliminate extra has staff access checks

---
 openedx/core/djangoapps/courseware_api/views.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/openedx/core/djangoapps/courseware_api/views.py b/openedx/core/djangoapps/courseware_api/views.py
index c7593bbfc7..c6cb01af77 100644
--- a/openedx/core/djangoapps/courseware_api/views.py
+++ b/openedx/core/djangoapps/courseware_api/views.py
@@ -80,8 +80,11 @@ class CoursewareInformation(RetrieveAPIView):
 
     serializer_class = CourseInfoSerializer
 
-    def _check_access(self, user, overview):
-        if has_access(user, 'staff', overview):
+    def _check_access(self, user, overview, is_staff=None):
+        if is_staff is None:
+            is_staff = has_access(user, 'staff', overview)
+
+        if is_staff:
             return True
 
         # We can only trust has_access in its false case because it doesn't check everything we
@@ -122,8 +125,8 @@ class CoursewareInformation(RetrieveAPIView):
             )
         overview.enrollment = {'mode': mode, 'is_active': is_active}
 
-        overview.can_load_course = self._check_access(self.request.user, overview)
         overview.is_staff = has_access(self.request.user, 'staff', overview).has_access
+        overview.can_load_course = self._check_access(self.request.user, overview, overview.is_staff)
 
         overview.user_has_access = overview.can_load_course  # TODO: TNL-7053 Legacy: Delete once ready to contract
         overview.user_has_staff_access = overview.is_staff  # TODO: TNL-7053 Legacy: Delete once ready to contract