fix: ensure that course staff can see course outline content when masquerading as a learner

AA-727

lms/djangoapps/course_home_api/outline/v1/tests/test_views.py

@@ -13,6 +13,7 @@ from edx_toggles.toggles.testutils import override_waffle_flag
 
 from common.djangoapps.course_modes.models import CourseMode
 from common.djangoapps.student.models import CourseEnrollment
+from common.djangoapps.student.roles import CourseInstructorRole
 from common.djangoapps.student.tests.factories import UserFactory
 from lms.djangoapps.course_home_api.tests.utils import BaseCourseHomeTests
 from lms.djangoapps.course_home_api.toggles import COURSE_HOME_MICROFRONTEND, COURSE_HOME_MICROFRONTEND_OUTLINE_TAB
@@ -127,6 +128,29 @@ class OutlineTabTestViews(BaseCourseHomeTests):
         self.update_masquerade(username=user.username)
         assert self.client.get(self.url).data['dates_widget']['user_timezone'] == 'Asia/Tokyo'
 
+    @override_experiment_waffle_flag(COURSE_HOME_MICROFRONTEND, active=True)
+    @override_waffle_flag(COURSE_HOME_MICROFRONTEND_OUTLINE_TAB, active=True)
+    def test_course_staff_can_see_non_user_specific_content_in_masquerade(self):
+        """
+        Test that course staff can see the outline and other non-user-specific content when masquerading as a learner
+        """
+        self.store.create_item(
+            self.user.id, self.course.id, 'course_info', 'handouts', fields={'data': '<p>Handouts</p>'}
+        )
+
+        instructor = UserFactory(
+            username='instructor',
+            email=u'instructor@example.com',
+            password='foo',
+            is_staff=False
+        )
+        CourseInstructorRole(self.course.id).add_users(instructor)
+        self.client.login(username=instructor, password='foo')
+        self.update_masquerade(role="student")
+        response = self.client.get(self.url)
+        assert response.data['course_blocks'] is not None
+        assert response.data['handouts_html'] is not None
+
     @override_experiment_waffle_flag(COURSE_HOME_MICROFRONTEND, active=True)
     @override_waffle_flag(COURSE_HOME_MICROFRONTEND_OUTLINE_TAB, active=True)
     @override_waffle_flag(COURSE_ENABLE_UNENROLLED_ACCESS_FLAG, active=True)

lms/djangoapps/course_home_api/outline/v1/views.py

@@ -35,7 +35,7 @@ from lms.djangoapps.courseware.access import has_access
 from lms.djangoapps.courseware.context_processor import user_timezone_locale_prefs
 from lms.djangoapps.courseware.courses import get_course_date_blocks, get_course_info_section, get_course_with_access
 from lms.djangoapps.courseware.date_summary import TodaysDate
-from lms.djangoapps.courseware.masquerade import setup_masquerade
+from lms.djangoapps.courseware.masquerade import is_masquerading, setup_masquerade
 from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
 from openedx.core.lib.api.authentication import BearerAuthenticationAllowInactiveUser
 from openedx.features.course_duration_limits.access import get_access_expiration_data
@@ -170,13 +170,15 @@ class OutlineTabView(RetrieveAPIView):
 
         course = get_course_with_access(request.user, 'load', course_key, check_if_enrolled=False)
 
-        _masquerade, request.user = setup_masquerade(
+        masquerade_object, request.user = setup_masquerade(
             request,
             course_key,
             staff_access=has_access(request.user, 'staff', course_key),
             reset_masquerade_data=True,
         )
 
+        user_is_masquerading = is_masquerading(request.user, course_key, course_masquerade=masquerade_object)
+
         course_overview = CourseOverview.get_from_id(course_key)
         enrollment = CourseEnrollment.get_enrollment(request.user, course_key)
         allow_anonymous = COURSE_ENABLE_UNENROLLED_ACCESS_FLAG.is_enabled(course_key)
@@ -259,9 +261,9 @@ class OutlineTabView(RetrieveAPIView):
                 start_block = get_start_block(course_blocks)
                 resume_course['url'] = start_block['lms_web_url']
 
-        elif allow_public_outline or allow_public:
+        elif allow_public_outline or allow_public or user_is_masquerading:
             course_blocks = get_course_outline_block_tree(request, course_key_string, None)
-            if allow_public:
+            if allow_public or user_is_masquerading:
                 handouts_html = get_course_info_section(request, request.user, course, 'handouts')
 
         if not show_enrolled: