fix: do not deny proctoring access when masquerading as verified learner (#29937)

Co-authored-by: Simon Chen <schen@edx-c02fw0guml85.lan>
2022-02-16 15:02:29 -05:00
parent 5cfec9732b
commit a76f8d4f32
2 changed files with 35 additions and 3 deletions
--- a/openedx/core/djangoapps/courseware_api/tests/test_views.py
+++ b/openedx/core/djangoapps/courseware_api/tests/test_views.py
@@ -436,6 +436,29 @@ class CourseApiTestViews(BaseCoursewareTests, MasqueradeMixin):
        assert 'can_access_proctored_exams' in courseware_data
        assert courseware_data['can_access_proctored_exams'] == result

+    @ddt.data(
+        (1, False),
+        (2, True),
+        (3, True),
+    )
+    @ddt.unpack
+    @mock.patch.dict('django.conf.settings.FEATURES', {'DISABLE_HONOR_CERTIFICATES': True})
+    def test_can_access_proctored_exams_masquerading(self, masquerade_group_id, result):
+        self.user.is_staff = True
+        self.user.save()
+        CourseEnrollment.enroll(self.user, self.course.id, 'audit')
+        masquerade_config = {
+            'role': 'student',
+            'user_partition_id': ENROLLMENT_TRACK_PARTITION_ID,
+            'group_id': masquerade_group_id
+        }
+        self.update_masquerade(**masquerade_config)
+        response = self.client.get(self.url)
+        assert response.status_code == 200
+        courseware_data = response.json()
+        assert 'can_access_proctored_exams' in courseware_data
+        assert courseware_data['can_access_proctored_exams'] == result
+

@ddt.ddt
 class SequenceApiTestViews(MasqueradeMixin, BaseCoursewareTests):
--- a/openedx/core/djangoapps/courseware_api/views.py
+++ b/openedx/core/djangoapps/courseware_api/views.py
@@ -391,9 +391,18 @@ class CoursewareMeta:

    @property
    def can_access_proctored_exams(self):
-        enrollment_mode = self.enrollment['mode']
-        enrollment_active = self.enrollment['is_active']
-        return enrollment_active and CourseMode.is_eligible_for_certificate(enrollment_mode)
+        """Returns if the user is eligible to access proctored exams"""
+        if is_masquerading_as_non_audit_enrollment(
+            self.effective_user,
+            self.course_key,
+            self.course_masquerade
+        ):
+            # Masquerading should mimic the correct enrollment track behavior.
+            return True
+        else:
+            enrollment_mode = self.enrollment['mode']
+            enrollment_active = self.enrollment['is_active']
+            return enrollment_active and CourseMode.is_eligible_for_certificate(enrollment_mode)


 class CoursewareInformation(RetrieveAPIView):