From c66bc865b615ed6601edcf7ab461cb9972307303 Mon Sep 17 00:00:00 2001 From: Dillon Dumesnil Date: Wed, 5 Aug 2020 07:22:07 -0700 Subject: [PATCH] AA-275: Persist Masquerade User staff status We need both the original user's staff status as well as the staff status of the user being masqueraded as. --- .../course_home_api/course_metadata/v1/serializers.py | 5 +++-- .../course_home_api/course_metadata/v1/views.py | 5 +++++ openedx/core/djangoapps/courseware_api/serializers.py | 1 + openedx/core/djangoapps/courseware_api/views.py | 11 ++++++----- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/lms/djangoapps/course_home_api/course_metadata/v1/serializers.py b/lms/djangoapps/course_home_api/course_metadata/v1/serializers.py index d012390bdf..9afbb77832 100644 --- a/lms/djangoapps/course_home_api/course_metadata/v1/serializers.py +++ b/lms/djangoapps/course_home_api/course_metadata/v1/serializers.py @@ -30,10 +30,11 @@ class CourseHomeMetadataSerializer(serializers.Serializer): Serializer for the Course Home Course Metadata """ course_id = serializers.CharField() + is_enrolled = serializers.BooleanField() + is_self_paced = serializers.BooleanField() is_staff = serializers.BooleanField() number = serializers.CharField() org = serializers.CharField() + original_user_is_staff = serializers.BooleanField() tabs = CourseTabSerializer(many=True) title = serializers.CharField() - is_self_paced = serializers.BooleanField() - is_enrolled = serializers.BooleanField() diff --git a/lms/djangoapps/course_home_api/course_metadata/v1/views.py b/lms/djangoapps/course_home_api/course_metadata/v1/views.py index 8fed35903d..348c495172 100644 --- a/lms/djangoapps/course_home_api/course_metadata/v1/views.py +++ b/lms/djangoapps/course_home_api/course_metadata/v1/views.py @@ -33,6 +33,9 @@ class CourseHomeMetadataView(RetrieveAPIView): is_enrolled: (bool) Indicates if the user is enrolled in the course is_self_paced: (bool) Indicates if the course is self paced is_staff: (bool) Indicates if the user is staff + original_user_is_staff: (bool) Indicates if the original user has staff access + Used for when masquerading to distinguish between the original requesting user + and the user being masqueraded as. number: (str) The Course's number org: (str) The Course's organization tabs: List of Course Tabs to display. They are serialized as: @@ -52,6 +55,7 @@ class CourseHomeMetadataView(RetrieveAPIView): def get(self, request, *args, **kwargs): course_key_string = kwargs.get('course_key_string') course_key = CourseKey.from_string(course_key_string) + original_user_is_staff = has_access(request.user, 'staff', course_key).has_access _, request.user = setup_masquerade( request, @@ -66,6 +70,7 @@ class CourseHomeMetadataView(RetrieveAPIView): data = { 'course_id': course.id, 'is_staff': has_access(request.user, 'staff', course_key).has_access, + 'original_user_is_staff': original_user_is_staff, 'number': course.display_number_with_default, 'org': course.display_org_with_default, 'tabs': get_course_tab_list(request.user, course), diff --git a/openedx/core/djangoapps/courseware_api/serializers.py b/openedx/core/djangoapps/courseware_api/serializers.py index dbc4e7d097..a674ebb006 100644 --- a/openedx/core/djangoapps/courseware_api/serializers.py +++ b/openedx/core/djangoapps/courseware_api/serializers.py @@ -84,6 +84,7 @@ class CourseInfoSerializer(serializers.Serializer): # pylint: disable=abstract- tabs = serializers.ListField() verified_mode = serializers.DictField() show_calculator = serializers.BooleanField() + original_user_is_staff = serializers.BooleanField() is_staff = serializers.BooleanField() can_load_courseware = serializers.DictField() notes = serializers.DictField() diff --git a/openedx/core/djangoapps/courseware_api/views.py b/openedx/core/djangoapps/courseware_api/views.py index c5ddb57cb9..33870ffdc1 100644 --- a/openedx/core/djangoapps/courseware_api/views.py +++ b/openedx/core/djangoapps/courseware_api/views.py @@ -48,16 +48,16 @@ class CoursewareMeta: course_key, ) self.effective_user = self.overview.effective_user - # We need to memoize `is_staff` _before_ we configure masquerade. - self.is_staff = has_access(self.effective_user, 'staff', self.overview).has_access + self.original_user_is_staff = has_access(request.user, 'staff', self.overview).has_access self.course_key = course_key self.enrollment_object = CourseEnrollment.get_enrollment(self.effective_user, self.course_key, select_related=['celebration']) - course_masquerade, _user = setup_masquerade( + course_masquerade, user = setup_masquerade( request, course_key, - staff_access=self.is_staff, + staff_access=self.original_user_is_staff, ) + self.is_staff = has_access(user, 'staff', self.overview).has_access self.course_masquerade = course_masquerade def __getattr__(self, name): @@ -208,7 +208,8 @@ class CoursewareInformation(RetrieveAPIView): * mode: `audit`, `verified`, etc * is_active: boolean * can_load_course: Whether the user can view the course (AccessResponse object) - * is_staff: Whether the user has staff access to the course + * is_staff: Whether the effective user has staff access to the course + * original_user_is_staff: Whether the original user has staff access to the course **Parameters:**