From 122b2872b559343348c2252006cef92bf24f84d7 Mon Sep 17 00:00:00 2001 From: Sampo Kulonen Date: Thu, 26 Aug 2021 14:21:57 +0300 Subject: [PATCH] Remove student self-unenrollment The ability for students to unenroll themselves from a course turned out to be an undesired feature. Therefore this commit disables it. UI elements have been commented out, the /enroll/ URL has been commented out, and the DELETE operation on the course students API view is now only available for course staff. --- course/api/views.py | 22 ++++++++++++++-------- course/long_urls.py | 6 +++--- course/templates/course/_course_menu.html | 2 ++ course/templates/course/course_base.html | 2 ++ 4 files changed, 21 insertions(+), 11 deletions(-) diff --git a/course/api/views.py b/course/api/views.py index 586864787..77f3d0c60 100644 --- a/course/api/views.py +++ b/course/api/views.py @@ -147,12 +147,11 @@ class CourseStudentsViewSet(NestedViewSetMixin, returns the details of the current user. `DELETE /courses//students//`: - removes the enrollment. + removes the enrollment. Students cannot unenroll themselves. - URL parameters: - `status`: the new status for the enrollment. `REMOVED` and `BANNED` - are currently supported. Students can only remove (not ban) - themselves. + are currently supported. """ permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES + [ IsCourseAdminOrUserObjIsSelf, @@ -171,6 +170,13 @@ def get_queryset(self): return self.instance.students def destroy(self, request, *args, **kwargs): + if not self.is_course_staff: + return Response( + 'Student self-unenrollment is not allowed. Contact course ' + 'staff if you wish to remove your enrollment.', + status=status.HTTP_403_FORBIDDEN + ) + status_arg = self.request.GET.get('status') if status_arg not in Enrollment.ENROLLMENT_STATUS.keys(): return Response( @@ -184,11 +190,11 @@ def destroy(self, request, *args, **kwargs): 'Enrollments cannot be activated via this API', status=status.HTTP_400_BAD_REQUEST ) - if status_code != Enrollment.ENROLLMENT_STATUS.REMOVED and not self.is_course_staff: - return Response( - 'Students can only unenroll themselves (status=REMOVED) via this API', - status=status.HTTP_403_FORBIDDEN - ) + # if status_code != Enrollment.ENROLLMENT_STATUS.REMOVED and not self.is_course_staff: + # return Response( + # 'Students can only unenroll themselves (status=REMOVED) via this API', + # status=status.HTTP_403_FORBIDDEN + # ) user = self.get_object().user enrollment = self.instance.get_enrollment_for(user) diff --git a/course/long_urls.py b/course/long_urls.py index 34aee71fb..47330f2a9 100644 --- a/course/long_urls.py +++ b/course/long_urls.py @@ -8,9 +8,9 @@ url(USER_URL_PREFIX + r'enroll/$', views.Enroll.as_view(), name='enroll'), - url(USER_URL_PREFIX + r'unenroll/$', - views.Unenroll.as_view(), - name='unenroll'), + # url(USER_URL_PREFIX + r'unenroll/$', + # views.Unenroll.as_view(), + # name='unenroll'), url(USER_URL_PREFIX + r'setlang', views.LanguageView.as_view(), name="set-enrollment-language"), diff --git a/course/templates/course/_course_menu.html b/course/templates/course/_course_menu.html index 73f38bcdc..566f4080a 100644 --- a/course/templates/course/_course_menu.html +++ b/course/templates/course/_course_menu.html @@ -211,6 +211,7 @@

{{ group.label|parse_localization }}

{% endif %} +{% comment %} {% if is_student %}

  • {% trans "ENROLLMENT" %}

    @@ -222,3 +223,4 @@

    {% trans "ENROLLMENT" %}

    • {% endif %} +{% endcomment %} diff --git a/course/templates/course/course_base.html b/course/templates/course/course_base.html index 2c69ad704..72d8bc65b 100644 --- a/course/templates/course/course_base.html +++ b/course/templates/course/course_base.html @@ -146,6 +146,7 @@

    {% trans "Calendar" %}

    +{% comment %} +{% endcomment %} {% endblock %} {% block mobilemenu %}