diff --git a/lms/djangoapps/courseware/access.py b/lms/djangoapps/courseware/access.py index 8259507617..7c85e1e787 100644 --- a/lms/djangoapps/courseware/access.py +++ b/lms/djangoapps/courseware/access.py @@ -114,6 +114,7 @@ def _has_access_course_desc(user, course, action): Valid actions: 'load' -- load the courseware, see inside the course + 'load_forum' -- can load and contribute to the forums (one access level for now) 'enroll' -- enroll. Checks for enrollment window, ACCESS_REQUIRE_STAFF_FOR_COURSE, 'see_exists' -- can see that the course exists. @@ -128,6 +129,13 @@ def _has_access_course_desc(user, course, action): # delegate to generic descriptor check to check start dates return _has_access_descriptor(user, course, 'load') + def can_load_forum(): + """ + Can this user access the forums in this course? + """ + return (CourseEnrollment.is_enrolled(request.user, course_id) or \ + _has_staff_access_to_descriptor(user, course) + def can_enroll(): """ First check if restriction of enrollment by login method is enabled, both @@ -193,6 +201,7 @@ def _has_access_course_desc(user, course, action): checkers = { 'load': can_load, + 'load_forum': can_load_forum, 'enroll': can_enroll, 'see_exists': see_exists, 'staff': lambda: _has_staff_access_to_descriptor(user, course), diff --git a/lms/djangoapps/django_comment_client/forum/views.py b/lms/djangoapps/django_comment_client/forum/views.py index 1d4bb033f6..4f8de29145 100644 --- a/lms/djangoapps/django_comment_client/forum/views.py +++ b/lms/djangoapps/django_comment_client/forum/views.py @@ -109,7 +109,7 @@ def inline_discussion(request, course_id, discussion_id): """ Renders JSON for DiscussionModules """ - course = get_course_with_access(request.user, course_id, 'load') + course = get_course_with_access(request.user, course_id, 'load_forum') try: threads, query_params = get_threads(request, course_id, discussion_id, per_page=INLINE_THREADS_PER_PAGE) @@ -169,13 +169,8 @@ def forum_form_discussion(request, course_id): """ Renders the main Discussion page, potentially filtered by a search query """ - if not CourseEnrollment.is_enrolled(request.user, course_id) and \ - not has_access(request.user, course_id, 'staff'): - access_violation_msg = "Unenrolled user {} tried to access forum for {}" - log.warning(access_violation_msg.format(request.user, course_id)) - raise Http404 - course = get_course_with_access(request.user, course_id, 'load') + course = get_course_with_access(request.user, course_id, 'load_forum') category_map = utils.get_discussion_category_map(course) try: @@ -245,7 +240,7 @@ def forum_form_discussion(request, course_id): @login_required def single_thread(request, course_id, discussion_id, thread_id): - course = get_course_with_access(request.user, course_id, 'load') + course = get_course_with_access(request.user, course_id, 'load_forum') cc_user = cc.User.from_django_user(request.user) user_info = cc_user.to_dict() @@ -280,7 +275,7 @@ def single_thread(request, course_id, discussion_id, thread_id): log.error("Error loading single thread.") raise Http404 - course = get_course_with_access(request.user, course_id, 'load') + course = get_course_with_access(request.user, course_id, 'load_forum') for thread in threads: courseware_context = get_courseware_context(thread, course) @@ -340,7 +335,7 @@ def single_thread(request, course_id, discussion_id, thread_id): @login_required def user_profile(request, course_id, user_id): #TODO: Allow sorting? - course = get_course_with_access(request.user, course_id, 'load') + course = get_course_with_access(request.user, course_id, 'load_forum') try: profiled_user = cc.User(id=user_id, course_id=course_id) @@ -381,7 +376,7 @@ def user_profile(request, course_id, user_id): def followed_threads(request, course_id, user_id): - course = get_course_with_access(request.user, course_id, 'load') + course = get_course_with_access(request.user, course_id, 'load_forum') try: profiled_user = cc.User(id=user_id, course_id=course_id)