diff --git a/lms/djangoapps/instructor/tests/test_api.py b/lms/djangoapps/instructor/tests/test_api.py index a776a07fc7..3f9a011f34 100644 --- a/lms/djangoapps/instructor/tests/test_api.py +++ b/lms/djangoapps/instructor/tests/test_api.py @@ -166,7 +166,7 @@ class TestInstructorAPIDenyLevels(ModuleStoreTestCase, LoginEnrollmentTestCase): msg: message to display if assertion fails. """ url = reverse(endpoint, kwargs={'course_id': self.course.id.to_deprecated_string()}) - if endpoint in ['send_email']: + if endpoint in ['send_email', 'students_update_enrollment', 'bulk_beta_modify_access']: response = self.client.post(url, args) else: response = self.client.get(url, args) @@ -310,19 +310,19 @@ class TestInstructorAPIEnrollment(ModuleStoreTestCase, LoginEnrollmentTestCase): def test_missing_params(self): """ Test missing all query parameters. """ url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url) + response = self.client.post(url) self.assertEqual(response.status_code, 400) def test_bad_action(self): """ Test with an invalid action. """ action = 'robot-not-an-action' url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': self.enrolled_student.email, 'action': action}) + response = self.client.post(url, {'identifiers': self.enrolled_student.email, 'action': action}) self.assertEqual(response.status_code, 400) def test_invalid_email(self): url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': 'percivaloctavius@', 'action': 'enroll', 'email_students': False}) + response = self.client.post(url, {'identifiers': 'percivaloctavius@', 'action': 'enroll', 'email_students': False}) self.assertEqual(response.status_code, 200) # test the response data @@ -342,7 +342,7 @@ class TestInstructorAPIEnrollment(ModuleStoreTestCase, LoginEnrollmentTestCase): def test_invalid_username(self): url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': 'percivaloctavius', 'action': 'enroll', 'email_students': False}) + response = self.client.post(url, {'identifiers': 'percivaloctavius', 'action': 'enroll', 'email_students': False}) self.assertEqual(response.status_code, 200) # test the response data @@ -362,7 +362,7 @@ class TestInstructorAPIEnrollment(ModuleStoreTestCase, LoginEnrollmentTestCase): def test_enroll_with_username(self): url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': self.notenrolled_student.username, 'action': 'enroll', 'email_students': False}) + response = self.client.post(url, {'identifiers': self.notenrolled_student.username, 'action': 'enroll', 'email_students': False}) self.assertEqual(response.status_code, 200) # test the response data @@ -393,7 +393,7 @@ class TestInstructorAPIEnrollment(ModuleStoreTestCase, LoginEnrollmentTestCase): def test_enroll_without_email(self): url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': self.notenrolled_student.email, 'action': 'enroll', 'email_students': False}) + response = self.client.post(url, {'identifiers': self.notenrolled_student.email, 'action': 'enroll', 'email_students': False}) print "type(self.notenrolled_student.email): {}".format(type(self.notenrolled_student.email)) self.assertEqual(response.status_code, 200) @@ -435,7 +435,7 @@ class TestInstructorAPIEnrollment(ModuleStoreTestCase, LoginEnrollmentTestCase): url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) params = {'identifiers': self.notenrolled_student.email, 'action': 'enroll', 'email_students': True} environ = {'wsgi.url_scheme': protocol} - response = self.client.get(url, params, **environ) + response = self.client.post(url, params, **environ) print "type(self.notenrolled_student.email): {}".format(type(self.notenrolled_student.email)) self.assertEqual(response.status_code, 200) @@ -493,7 +493,7 @@ class TestInstructorAPIEnrollment(ModuleStoreTestCase, LoginEnrollmentTestCase): url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) params = {'identifiers': self.notregistered_email, 'action': 'enroll', 'email_students': True} environ = {'wsgi.url_scheme': protocol} - response = self.client.get(url, params, **environ) + response = self.client.post(url, params, **environ) self.assertEqual(response.status_code, 200) # Check the outbox @@ -520,7 +520,7 @@ class TestInstructorAPIEnrollment(ModuleStoreTestCase, LoginEnrollmentTestCase): url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) params = {'identifiers': self.notregistered_email, 'action': 'enroll', 'email_students': True} environ = {'wsgi.url_scheme': protocol} - response = self.client.get(url, params, **environ) + response = self.client.post(url, params, **environ) self.assertEqual(response.status_code, 200) self.assertEqual( @@ -539,7 +539,7 @@ class TestInstructorAPIEnrollment(ModuleStoreTestCase, LoginEnrollmentTestCase): url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) params = {'identifiers': self.notregistered_email, 'action': 'enroll', 'email_students': True, 'auto_enroll': True} environ = {'wsgi.url_scheme': protocol} - response = self.client.get(url, params, **environ) + response = self.client.post(url, params, **environ) print "type(self.notregistered_email): {}".format(type(self.notregistered_email)) self.assertEqual(response.status_code, 200) @@ -562,7 +562,7 @@ class TestInstructorAPIEnrollment(ModuleStoreTestCase, LoginEnrollmentTestCase): def test_unenroll_without_email(self): url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': self.enrolled_student.email, 'action': 'unenroll', 'email_students': False}) + response = self.client.post(url, {'identifiers': self.enrolled_student.email, 'action': 'unenroll', 'email_students': False}) print "type(self.enrolled_student.email): {}".format(type(self.enrolled_student.email)) self.assertEqual(response.status_code, 200) @@ -601,7 +601,7 @@ class TestInstructorAPIEnrollment(ModuleStoreTestCase, LoginEnrollmentTestCase): def test_unenroll_with_email(self): url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': self.enrolled_student.email, 'action': 'unenroll', 'email_students': True}) + response = self.client.post(url, {'identifiers': self.enrolled_student.email, 'action': 'unenroll', 'email_students': True}) print "type(self.enrolled_student.email): {}".format(type(self.enrolled_student.email)) self.assertEqual(response.status_code, 200) @@ -652,7 +652,7 @@ class TestInstructorAPIEnrollment(ModuleStoreTestCase, LoginEnrollmentTestCase): def test_unenroll_with_email_allowed_student(self): url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': self.allowed_email, 'action': 'unenroll', 'email_students': True}) + response = self.client.post(url, {'identifiers': self.allowed_email, 'action': 'unenroll', 'email_students': True}) print "type(self.allowed_email): {}".format(type(self.allowed_email)) self.assertEqual(response.status_code, 200) @@ -703,7 +703,7 @@ class TestInstructorAPIEnrollment(ModuleStoreTestCase, LoginEnrollmentTestCase): url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) params = {'identifiers': self.notregistered_email, 'action': 'enroll', 'email_students': True} environ = {'wsgi.url_scheme': protocol} - response = self.client.get(url, params, **environ) + response = self.client.post(url, params, **environ) self.assertEqual(response.status_code, 200) # Check the outbox @@ -731,7 +731,7 @@ class TestInstructorAPIEnrollment(ModuleStoreTestCase, LoginEnrollmentTestCase): url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) # Try with marketing site enabled with patch.dict('django.conf.settings.FEATURES', {'ENABLE_MKTG_SITE': True}): - response = self.client.get(url, {'identifiers': self.notregistered_email, 'action': 'enroll', 'email_students': True}) + response = self.client.post(url, {'identifiers': self.notregistered_email, 'action': 'enroll', 'email_students': True}) self.assertEqual(response.status_code, 200) self.assertEqual( @@ -748,7 +748,7 @@ class TestInstructorAPIEnrollment(ModuleStoreTestCase, LoginEnrollmentTestCase): url = reverse('students_update_enrollment', kwargs={'course_id': self.course.id.to_deprecated_string()}) params = {'identifiers': self.notregistered_email, 'action': 'enroll', 'email_students': True, 'auto_enroll': True} environ = {'wsgi.url_scheme': protocol} - response = self.client.get(url, params, **environ) + response = self.client.post(url, params, **environ) print "type(self.notregistered_email): {}".format(type(self.notregistered_email)) self.assertEqual(response.status_code, 200) @@ -810,14 +810,14 @@ class TestInstructorAPIBulkBetaEnrollment(ModuleStoreTestCase, LoginEnrollmentTe def test_missing_params(self): """ Test missing all query parameters. """ url = reverse('bulk_beta_modify_access', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url) + response = self.client.post(url) self.assertEqual(response.status_code, 400) def test_bad_action(self): """ Test with an invalid action. """ action = 'robot-not-an-action' url = reverse('bulk_beta_modify_access', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': self.beta_tester.email, 'action': action}) + response = self.client.post(url, {'identifiers': self.beta_tester.email, 'action': action}) self.assertEqual(response.status_code, 400) def add_notenrolled(self, response, identifier): @@ -853,25 +853,25 @@ class TestInstructorAPIBulkBetaEnrollment(ModuleStoreTestCase, LoginEnrollmentTe def test_add_notenrolled_email(self): url = reverse('bulk_beta_modify_access', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': self.notenrolled_student.email, 'action': 'add', 'email_students': False}) + response = self.client.post(url, {'identifiers': self.notenrolled_student.email, 'action': 'add', 'email_students': False}) self.add_notenrolled(response, self.notenrolled_student.email) self.assertFalse(CourseEnrollment.is_enrolled(self.notenrolled_student, self.course.id)) def test_add_notenrolled_email_autoenroll(self): url = reverse('bulk_beta_modify_access', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': self.notenrolled_student.email, 'action': 'add', 'email_students': False, 'auto_enroll': True}) + response = self.client.post(url, {'identifiers': self.notenrolled_student.email, 'action': 'add', 'email_students': False, 'auto_enroll': True}) self.add_notenrolled(response, self.notenrolled_student.email) self.assertTrue(CourseEnrollment.is_enrolled(self.notenrolled_student, self.course.id)) def test_add_notenrolled_username(self): url = reverse('bulk_beta_modify_access', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': self.notenrolled_student.username, 'action': 'add', 'email_students': False}) + response = self.client.post(url, {'identifiers': self.notenrolled_student.username, 'action': 'add', 'email_students': False}) self.add_notenrolled(response, self.notenrolled_student.username) self.assertFalse(CourseEnrollment.is_enrolled(self.notenrolled_student, self.course.id)) def test_add_notenrolled_username_autoenroll(self): url = reverse('bulk_beta_modify_access', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': self.notenrolled_student.username, 'action': 'add', 'email_students': False, 'auto_enroll': True}) + response = self.client.post(url, {'identifiers': self.notenrolled_student.username, 'action': 'add', 'email_students': False, 'auto_enroll': True}) self.add_notenrolled(response, self.notenrolled_student.username) self.assertTrue(CourseEnrollment.is_enrolled(self.notenrolled_student, self.course.id)) @@ -880,7 +880,7 @@ class TestInstructorAPIBulkBetaEnrollment(ModuleStoreTestCase, LoginEnrollmentTe url = reverse('bulk_beta_modify_access', kwargs={'course_id': self.course.id.to_deprecated_string()}) params = {'identifiers': self.notenrolled_student.email, 'action': 'add', 'email_students': True} environ = {'wsgi.url_scheme': protocol} - response = self.client.get(url, params, **environ) + response = self.client.post(url, params, **environ) self.assertEqual(response.status_code, 200) self.assertTrue(CourseBetaTesterRole(self.course.id).has_user(self.notenrolled_student)) @@ -925,7 +925,7 @@ class TestInstructorAPIBulkBetaEnrollment(ModuleStoreTestCase, LoginEnrollmentTe url = reverse('bulk_beta_modify_access', kwargs={'course_id': self.course.id.to_deprecated_string()}) params = {'identifiers': self.notenrolled_student.email, 'action': 'add', 'email_students': True, 'auto_enroll': True} environ = {'wsgi.url_scheme': protocol} - response = self.client.get(url, params, **environ) + response = self.client.post(url, params, **environ) self.assertEqual(response.status_code, 200) self.assertTrue(CourseBetaTesterRole(self.course.id).has_user(self.notenrolled_student)) @@ -969,7 +969,7 @@ class TestInstructorAPIBulkBetaEnrollment(ModuleStoreTestCase, LoginEnrollmentTe def test_add_notenrolled_email_mktgsite(self): # Try with marketing site enabled url = reverse('bulk_beta_modify_access', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': self.notenrolled_student.email, 'action': 'add', 'email_students': True}) + response = self.client.post(url, {'identifiers': self.notenrolled_student.email, 'action': 'add', 'email_students': True}) self.assertEqual(response.status_code, 200) self.assertEqual( @@ -986,7 +986,7 @@ class TestInstructorAPIBulkBetaEnrollment(ModuleStoreTestCase, LoginEnrollmentTe def test_enroll_with_email_not_registered(self): # User doesn't exist url = reverse('bulk_beta_modify_access', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': self.notregistered_email, 'action': 'add', 'email_students': True}) + response = self.client.post(url, {'identifiers': self.notregistered_email, 'action': 'add', 'email_students': True}) self.assertEqual(response.status_code, 200) # test the response data expected = { @@ -1007,7 +1007,7 @@ class TestInstructorAPIBulkBetaEnrollment(ModuleStoreTestCase, LoginEnrollmentTe def test_remove_without_email(self): url = reverse('bulk_beta_modify_access', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': self.beta_tester.email, 'action': 'remove', 'email_students': False}) + response = self.client.post(url, {'identifiers': self.beta_tester.email, 'action': 'remove', 'email_students': False}) self.assertEqual(response.status_code, 200) # Works around a caching bug which supposedly can't happen in prod. The instance here is not == @@ -1035,7 +1035,7 @@ class TestInstructorAPIBulkBetaEnrollment(ModuleStoreTestCase, LoginEnrollmentTe def test_remove_with_email(self): url = reverse('bulk_beta_modify_access', kwargs={'course_id': self.course.id.to_deprecated_string()}) - response = self.client.get(url, {'identifiers': self.beta_tester.email, 'action': 'remove', 'email_students': True}) + response = self.client.post(url, {'identifiers': self.beta_tester.email, 'action': 'remove', 'email_students': True}) self.assertEqual(response.status_code, 200) # Works around a caching bug which supposedly can't happen in prod. The instance here is not == diff --git a/lms/djangoapps/instructor/views/api.py b/lms/djangoapps/instructor/views/api.py index 18e08b9138..57ca7763b6 100644 --- a/lms/djangoapps/instructor/views/api.py +++ b/lms/djangoapps/instructor/views/api.py @@ -211,7 +211,7 @@ def require_level(level): @ensure_csrf_cookie @cache_control(no_cache=True, no_store=True, must_revalidate=True) @require_level('staff') -@require_query_params(action="enroll or unenroll", identifiers="stringified list of emails and/or usernames") +@require_post_params(action="enroll or unenroll", identifiers="stringified list of emails and/or usernames") def students_update_enrollment(request, course_id): """ Enroll or unenroll students by email. @@ -250,12 +250,11 @@ def students_update_enrollment(request, course_id): } """ course_id = SlashSeparatedCourseKey.from_deprecated_string(course_id) - - action = request.GET.get('action') - identifiers_raw = request.GET.get('identifiers') + action = request.POST.get('action') + identifiers_raw = request.POST.get('identifiers') identifiers = _split_input_list(identifiers_raw) - auto_enroll = request.GET.get('auto_enroll') in ['true', 'True', True] - email_students = request.GET.get('email_students') in ['true', 'True', True] + auto_enroll = request.POST.get('auto_enroll') in ['true', 'True', True] + email_students = request.POST.get('email_students') in ['true', 'True', True] email_params = {} if email_students: @@ -326,7 +325,7 @@ def students_update_enrollment(request, course_id): @cache_control(no_cache=True, no_store=True, must_revalidate=True) @require_level('instructor') @common_exceptions_400 -@require_query_params( +@require_post_params( identifiers="stringified list of emails and/or usernames", action="add or remove", ) @@ -340,11 +339,11 @@ def bulk_beta_modify_access(request, course_id): - action is one of ['add', 'remove'] """ course_id = SlashSeparatedCourseKey.from_deprecated_string(course_id) - action = request.GET.get('action') - identifiers_raw = request.GET.get('identifiers') + action = request.POST.get('action') + identifiers_raw = request.POST.get('identifiers') identifiers = _split_input_list(identifiers_raw) - email_students = request.GET.get('email_students') in ['true', 'True', True] - auto_enroll = request.GET.get('auto_enroll') in ['true', 'True', True] + email_students = request.POST.get('email_students') in ['true', 'True', True] + auto_enroll = request.POST.get('auto_enroll') in ['true', 'True', True] results = [] rolename = 'beta' course = get_course_by_id(course_id) diff --git a/lms/static/coffee/src/instructor_dashboard/membership.coffee b/lms/static/coffee/src/instructor_dashboard/membership.coffee index 08f951a4ae..744c2b225e 100644 --- a/lms/static/coffee/src/instructor_dashboard/membership.coffee +++ b/lms/static/coffee/src/instructor_dashboard/membership.coffee @@ -197,6 +197,7 @@ class BetaTesterBulkAddition $.ajax dataType: 'json' + type: 'POST' url: @$btn_beta_testers.data 'endpoint' data: send_data success: (data) => @display_response data @@ -287,6 +288,7 @@ class BatchEnrollment $.ajax dataType: 'json' + type: 'POST' url: $(event.target).data 'endpoint' data: send_data success: (data) => @display_response data