fix perms instructor certificates #257
Conversation
melvinsoft
requested review from
johnbaldwin,
bezidejni,
tkeemon,
OmarIthawi,
bryanlandia and
amirtds
and removed request for
johnbaldwin
There was a problem hiding this comment.
Hey @melvinsoft - looks great. A couple things:
Please add another test method below here:
to check for the non-global staff condition. Also, I wonder if there are business reasons edX has chosen global staff only. What do you think?
I checked, and this functionality hasn't changed at HEAD of edx/master so yeah, probably a good candidate for upstream.
|
@bryanlandia Thanks for reviewing the PR. I've asked in the #general channel in edX slack, but I didn't received a response yet. I'm gonna wait one more day and then ping again. |
|
That's a huge change @melvinsoft. While it might work fine, but I think we should think twice before getting it merged. Please also fix the import, otherwise courseware won't work: 13:05:36 omar@oryx:edx-platform $ git diff
diff --git a/lms/djangoapps/courseware/views/views.py b/lms/djangoapps/courseware/views/views.py
index 73357f9..970f3dd 100644
--- a/lms/djangoapps/courseware/views/views.py
+++ b/lms/djangoapps/courseware/views/views.py
@@ -33,7 +33,7 @@ from opaque_keys import InvalidKeyError
from opaque_keys.edx.keys import CourseKey, UsageKey
from opaque_keys.edx.locations import SlashSeparatedCourseKey
from rest_framework import status
-from lms.djangoapps.instructor.views.api import require_global_staff
+from util.views import require_global_staff
from lms.djangoapps.ccx.utils import prep_course_for_grading
from lms.djangoapps.grades.new.course_grade import CourseGradeFactory
from lms.djangoapps.instructor.enrollment import uses_shibThere's also the unpleasant fact that tests are failing: Succeeds without your change, all the 49. When adding the changes in this PR, 4 tests fails: Could you please check them? |
There was a problem hiding this comment.
Thanks @melvinsoft! Please consider fixing the tests, and the import issue.
| @@ -35,7 +35,6 @@ | |||
| FileValidationException, UniversalNewlineIterator | |||
| ) | |||
| from util.json_request import JsonResponse, JsonResponseBadRequest | |||
| from util.views import require_global_staff | |||
There was a problem hiding this comment.
This line breaks the expectations in lms/djangoapps/courseware/views/views.py, please consider keeping it.
@bryanlandia @melvinsoft I thought that edX chose that for a business reason also, but looking at both of the:
There seem to be nothing about which |
|
@melvinsoft Update: edX engineer Saleem Latif have just replied and it looks like our change is fine. I'm going to do a final test and mark this PR as ✔️ |
There was a problem hiding this comment.
@melvinsoft Thanks for catching the error and fixing it.
If the change works for AMC, please merge it. Let's please consider contributing this upstream. It looks like an easy one.
| @@ -53,6 +53,7 @@ def setUp(self): | |||
| super(CertificatesInstructorDashTest, self).setUp() | |||
| self.global_staff = GlobalStaffFactory() | |||
| self.instructor = InstructorFactory(course_key=self.course.id) | |||
| self.staff = StaffFactory(course_key=self.course.id) | |||
There was a problem hiding this comment.
StaffFactory is not imported. Tests are still broken.
There was a problem hiding this comment.
@OmarIthawi this line is still broken, right?
There was a problem hiding this comment.
@melvinsoft take another look when you get a chance.
There was a problem hiding this comment.
@bryanlandia @OmarIthawi import fixed! Sorry I cannot run tests properly on the AMC devstack ATM. Please give it another try and let me know.
|
@bryanlandia @OmarIthawi Thanks for all your efforts here! Much appreciated! I've fixed the tests, but I cannot try them in my devstack, please let me know if it works to you, and if everything looks good, I'm going to squash and rebase the PR before merge. Thanks again! |
|
@melvinsoft It fixes part of the broken tests, but not all of them. Please consider having the latest edX docker devstack so you can run tests on. Having the tests fail quickly is better than waiting for someone else to report. |
|
@OmarIthawi @bryanlandia I tried to run the tests in a new docker devstack, and they're still failing. We need to deliver this to the customer, so we've two options:
Please let me know. |
@melvinsoft We create tech debt regularly so this won't be an issue. However, the fact that tests are failing, could mean an actual bug being pushed to production. It depends on how much you'd like to ensure that another bug isn't happening. Both manual and automated tests work equally in this case. If you think it's ready, please feel free to deploy. |
|
@OmarIthawi Thanks! but I did one more effort, and I run the test, cherrypicking the commits, and I was able to fix them. Can you do a final review over the changes? // cc @bryanlandia Thanks! |
There was a problem hiding this comment.
@melvinsoft Thanks for taking the extra efforts. This is really helpful for maintenance in the future.
Please address the the issue below, and feel free to merge.
| @@ -284,25 +296,6 @@ def _assert_redirects_to_instructor_dash(self, response): | |||
| expected_redirect += '#view-certificates' | |||
| self.assertRedirects(response, expected_redirect) | |||
|
|
|||
| def test_certificate_generation_api_without_global_staff(self): | |||
There was a problem hiding this comment.
Please add the test back, I've fixed it:
def test_certificate_generation_api_without_global_staff(self):
"""
Test certificates generation api endpoint returns permission denied if
user who made the request is not member of global staff.
"""
user = UserFactory.create()
self.client.login(username=user.username, password='test')
url = reverse(
'start_certificate_generation',
kwargs={'course_id': unicode(self.course.id)}
)
response = self.client.post(url)
self.assertEqual(response.status_code, 403)
self.client.login(username=self.instructor.username, password='test')
response = self.client.post(url)
self.assertEqual(response.status_code, 200)
OmarIthawi
dismissed
bryanlandia’s stale review
No longer applicable. Thanks Bryan!
…or dashboard change all require_global_staff for require_level fix tests and import fix import in test for StaffFactory fix more tests fix test
melvinsoft
force-pushed
the
bugfix/fix-perms-instructor-certificates
branch
from
f288e44
to
1262ba9
Compare
|
Commits squashed! |
Per 12. Make your fix public. I am merging this fix.
The Certificates tab in the Instructor dashboard (and all the action) require global staff permissions, which doesn't makes sense with the rest of the Instructor dashboard architecture. The permissions check is always if the user is staff in the course, not global.
This bug came up in Tahoe since none of our users have global staff, but it's affecting other customers as well, also this is something we should push upstream.