Fix #OPPIA-1619 - course owner downloading draft course

DigitalCampus · Feb 13, 2024 · c04f88f · c04f88f
1 parent 4450ad1
commit c04f88f
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 4 deletions.
diff --git a/api/resources/category.py b/api/resources/category.py
@@ -131,9 +131,12 @@ def dehydrate_count_new_downloads_enabled(self, bundle):
         courses = Course.objects.filter(category=bundle.obj).filter(CourseFilter.IS_NOT_ARCHIVED)
 
         if not bundle.request.user.is_staff:
-            courses = courses.filter(CourseFilter.IS_NOT_DRAFT | Q(pk__in=CoursePermissions.objects.filter(
-                                         user=bundle.request.user).values('course')))\
-                    .filter(CourseFilter.get_restricted_filter_for_user(bundle.request.user))
+            courses = courses.filter(CourseFilter.IS_NOT_DRAFT
+                                     | Q(pk__in=CoursePermissions.objects.filter(
+                                         user=bundle.request.user).values('course'))
+                                     | (CourseCategoryFilter.COURSE_IS_DRAFT
+                                        & Q(coursecategory__course__user=bundle.request.user)))\
+                    .filter(CourseFilter.get_restricted_filter_for_user(bundle.request.user)).distinct()
 
         return courses.filter(category=bundle.obj).filter(CourseFilter.NEW_DOWNLOADS_ENABLED).count()
 
@@ -143,7 +146,9 @@ def dehydrate_course_statuses(self, bundle):
         if not bundle.request.user.is_staff:
             courses = courses.filter(CourseFilter.IS_NOT_DRAFT
                                      | Q(pk__in=CoursePermissions.objects.filter(
-                                         user=bundle.request.user).values('course')))
+                                         user=bundle.request.user).values('course'))
+                                     | (CourseCategoryFilter.COURSE_IS_DRAFT
+                                        & Q(coursecategory__course__user=bundle.request.user)))
 
         return {course.shortname: course.status for course in courses}
 

diff --git a/tests/api/v2/test_category.py b/tests/api/v2/test_category.py
@@ -234,6 +234,24 @@ def test_draft_course_is_included_in_course_statuses_normal_user_with_manager_pe
         course_statuses = self.get_category_attr_in_results(tags, 'reference', 'course_statuses')
         self.assertEqual(expected.get('reference'), course_statuses)
 
+    def test_draft_course_is_included_in_course_statuses_normal_teacher_with_publisher_permissions(self):
+        expected = {
+            'reference': {'ref-1': 'live', 'draft-test': 'draft'}
+        }
+        course = Course.objects.get(shortname='draft-test')
+        original_owner = course.user
+        course.user = self.teacher
+        course.save()
+
+        resp = self.api_client.get(self.url, format='json', data=self.teacher_auth)
+        tags = self.assert_valid_response_and_get_tags(resp)
+        course_statuses = self.get_category_attr_in_results(tags, 'reference', 'course_statuses')
+        self.assertEqual(expected.get('reference'), course_statuses)
+
+        # reset back to original owner
+        course.user = original_owner
+        course.save()
+
     def test_draft_course_is_included_in_course_statuses_normal_teacher_with_viewer_permissions(self):
         expected = {
             'reference': {'ref-1': 'live', 'draft-test': 'draft'}