Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: eSHE Instructor should be able to see forum members and enrollments [BB-7841] #585

Merged
merged 1 commit into from
Sep 18, 2023
Merged

fix: eSHE Instructor should be able to see forum members and enrollments [BB-7841] #585

merged 1 commit into from
Sep 18, 2023

Conversation

0x29a
Copy link
Member

@0x29a 0x29a commented Sep 14, 2023
edited
Loading

Description

Consider this diff. We've modified CAN_ENROLL permission in a way that eSHE Instructors don't have it, but eSHE Instructor + Staff have.

However, the same permission is used to control two other endpoints that shouldn't be forbidden to eSHE Instructor. One of them, get_student_enrollment_status, is used for this instructor view:
image

So this PR fixes these two endpoints for eSHE Instructors by introducing two new permissions, specific to these endpoints, with the same access level as before.

Testing instructions

  1. Switch your devstack to the 0x29a/bb7841/fix-permissions branch from the [email protected]:open-craft/edx-platform.git repo.
  2. Enable the eSHE Instructor role by setting this to True.
  3. Open two browser tabs, one of them should be anonymous.
  4. In one tab log in as staff, in the other register as [email protected].
  5. As a staff, give [email protected] the eSHE Instructor course team role (that can be done in the Instructor Dashboard).
  6. Now, verify that [email protected] can view enrollment status of [email protected].

@0x29a 0x29a force-pushed the 0x29a/bb7841/fix-permissions branch from d27b3f4 to 2be436d Compare September 14, 2023 13:16
viadanna
viadanna approved these changes Sep 16, 2023
View reviewed changes
Copy link
Member

@viadanna viadanna left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

  • I tested this
  • I read through the code

lms/djangoapps/instructor/views/api.py
@@ -1659,7 +1659,7 @@ def get_anon_ids(request, course_id):
@require_POST
@ensure_csrf_cookie
@cache_control(no_cache=True, no_store=True, must_revalidate=True)
@require_course_permission(permissions.CAN_ENROLL)
@require_course_permission(permissions.VIEW_ENROLLMENTS)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes much more sense than having it require the CAN_ENROLL 👍

@0x29a 0x29a mentioned this pull request Sep 18, 2023
Merged
@0x29a 0x29a merged commit d5e16f5 into opencraft-release/palm.1 Sep 18, 2023
41 checks passed
@0x29a 0x29a deleted the 0x29a/bb7841/fix-permissions branch September 18, 2023 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@viadanna viadanna viadanna approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@0x29a @viadanna