Merge pull request #23814 from open-craft/toxinu/fix-anonymous-permission

Check contentlibrary permissions only if user is logged in

openedx/core/djangoapps/content_libraries/permissions.py

@@ -56,7 +56,7 @@ perms[CAN_LEARN_FROM_THIS_CONTENT_LIBRARY] = (
     # Regular users can learn if the library allows public learning:
     Attribute('allow_public_learning', True) |
     # Users/groups who are explicitly granted permission can learn from the library:
-    has_explicit_read_permission_for_library
+    (is_user_active & has_explicit_read_permission_for_library)
 )
 
 # Is the user allowed to create content libraries?

openedx/core/tests/test_admin_view.py

@@ -41,3 +41,6 @@ class TestAdminView(TestCase):
             response = self.client.get(reverse('admin:login'))
             assert response.url == '/login?next=/admin'
             assert response.status_code == 302
+        with ENABLE_LOGIN_USING_THIRDPARTY_AUTH_ONLY.override(False):
+            response = self.client.get(reverse('admin:login'))
+            assert response.template_name == ['admin/login.html']