4624bb7c3e
The course outline view has a way for a staff user to make a request as if they are another user, not just by using the masquerade mechanism but also by setting a request parameter. This can result in false positives in the safe-sessions middleware, and if `ENFORCE_SAFE_SESSIONS` is enabled the responses will be 401 errors. The fix here is to do the same thing that masquerading does in setting a `real_user` property on the new user object, which the safe-sessions middleware then undoes (restoring the request.user) before determing whether there's a mismatch. (Without this fix, enabling `ENFORCE_SAFE_SESSIONS` also causes some tests in `test_views.py` to fail.)
Open edX -------- This is the root package for Open edX. The intent is that all importable code from Open edX will eventually live here, including the code in the lms, cms, and common directories. If you're adding a new Django app, place it in core/djangoapps. If you're adding utilities that require Django, place them in core/djangolib. If you're adding code that defines no Django models or views of its own but is widely useful, put it in core/lib. Note: All new code should be created in this package, and the legacy code will be moved here gradually. For now the code is not structured like this, and hence legacy code will continue to live in a number of different packages.