Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: check masquerade on instructor dashboard tab acess check #601

Merged
merged 1 commit into from
Nov 8, 2023
Merged

fix: check masquerade on instructor dashboard tab acess check #601

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions lms/djangoapps/instructor/tests/views/test_instructor_dashboard.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
from common.djangoapps.student.tests.factories import UserFactory
from common.test.utils import XssTestMixin
from lms.djangoapps.courseware.courses import get_studio_url
from lms.djangoapps.courseware.masquerade import CourseMasquerade
from lms.djangoapps.courseware.tabs import get_course_tab_list
from lms.djangoapps.courseware.tests.factories import StudentModuleFactory
from lms.djangoapps.courseware.tests.helpers import LoginEnrollmentTestCase
Expand Down Expand Up @@ -121,6 +122,11 @@ def has_instructor_tab(user, course):
staff = StaffFactory(course_key=self.course.id)
assert has_instructor_tab(staff, self.course)

masquerade_staff = StaffFactory(course_key=self.course.id)
masquerade = CourseMasquerade(self.course.id, role='student')
masquerade_staff.masquerade_settings = {self.course.id: masquerade}
assert not has_instructor_tab(masquerade_staff, self.course)

student = UserFactory.create()
assert not has_instructor_tab(student, self.course)

Expand Down
5 changes: 4 additions & 1 deletion lms/djangoapps/instructor/views/instructor_dashboard.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@
from lms.djangoapps.courseware.access import has_access
from lms.djangoapps.courseware.courses import get_studio_url
from lms.djangoapps.courseware.block_render import get_block_by_usage_id
from lms.djangoapps.courseware.masquerade import get_masquerade_role
from lms.djangoapps.discussion.django_comment_client.utils import has_forum_access
from lms.djangoapps.grades.api import is_writable_gradebook_enabled
from lms.djangoapps.instructor.constants import INSTRUCTOR_DASHBOARD_PLUGIN_VIEW_NAME
Expand Down Expand Up @@ -93,7 +94,9 @@ def is_enabled(cls, course, user=None):
"""
Returns true if the specified user has staff access.
"""
return bool(user and user.is_authenticated and user.has_perm(permissions.VIEW_DASHBOARD, course.id))
return bool(user and user.is_authenticated and
get_masquerade_role(user, course.id) != 'student' and
user.has_perm(permissions.VIEW_DASHBOARD, course.id))


def show_analytics_dashboard_message(course_key):
Expand Down
Loading