From 747cdb43808f47949af99faee06f4c737c59f522 Mon Sep 17 00:00:00 2001
From: alangsto <46360176+alangsto@users.noreply.github.com>
Date: Mon, 3 Aug 2020 16:57:42 -0400
Subject: [PATCH] Prevent non edX staff from requesting changes to certain
 settings via POST request (#28)

* modify post data based on user

* added spacing
---
 src/proctored-exam-settings/ProctoredExamSettings.jsx      | 6 ++++--
 src/proctored-exam-settings/ProctoredExamSettings.test.jsx | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/proctored-exam-settings/ProctoredExamSettings.jsx b/src/proctored-exam-settings/ProctoredExamSettings.jsx
index 2e327aa4a..02d14c77d 100644
--- a/src/proctored-exam-settings/ProctoredExamSettings.jsx
+++ b/src/proctored-exam-settings/ProctoredExamSettings.jsx
@@ -77,12 +77,14 @@ function ExamSettings(props) {
     const dataToPostBack = {
       proctored_exam_settings: {
         enable_proctored_exams: enableProctoredExams,
-        allow_proctoring_opt_out: allowOptingOut,
         proctoring_provider: proctoringProvider,
         proctoring_escalation_email: proctortrackEscalationEmail,
-        create_zendesk_tickets: createZendeskTickets,
       },
     };
+    if (isEdxStaff) {
+      dataToPostBack.proctored_exam_settings.allow_proctoring_opt_out = allowOptingOut;
+      dataToPostBack.proctored_exam_settings.create_zendesk_tickets = createZendeskTickets;
+    }
     setSubmissionInProgress(true);
     StudioApiService.saveProctoredExamSettingsData(props.courseId, dataToPostBack).then(() => {
       setSaveSuccess(true);
diff --git a/src/proctored-exam-settings/ProctoredExamSettings.test.jsx b/src/proctored-exam-settings/ProctoredExamSettings.test.jsx
index 6d93ac2dd..7f4aa5b5b 100644
--- a/src/proctored-exam-settings/ProctoredExamSettings.test.jsx
+++ b/src/proctored-exam-settings/ProctoredExamSettings.test.jsx
@@ -447,7 +447,7 @@ describe('ProctoredExamSettings save settings tests', () => {
       get: mockClientGet,
       post: mockClientPost,
     }));
-    auth.getAuthenticatedUser = jest.fn(() => ({ userId: 3 }));
+    auth.getAuthenticatedUser = jest.fn(() => ({ userId: 3, administrator: true }));
     return { mockClientGet, mockClientPost };
   }