Change enrollment checks to use QuerySet get method.

Relies on the uniqueness of enrollments based on (course_instance, user_profile). Requires exception handling for nonexisting entries. In addition, HTTP error changed from PermissionDenied to NotFound when accessing LTI service with unenrolled user. Closes #600.
apluslms · Feb 8, 2021 · a8dcad3 · a8dcad3
1 parent 856a2fd
commit a8dcad3
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 6 deletions.
diff --git a/course/models.py b/course/models.py
@@ -539,7 +539,10 @@ def tag_user(self, user, tag):
         UserTagging.objects.create(tag=tag, user=user.userprofile, course_instance=self)
 
     def get_enrollment_for(self, user):
-        return Enrollment.objects.filter(course_instance=self, user_profile=user.userprofile).first()
+        try:
+            return Enrollment.objects.get(course_instance=self, user_profile=user.userprofile)
+        except Enrollment.DoesNotExist:
+            return None
 
     def get_user_tags(self, user):
         return self.taggings.filter(user=user.uesrprofile).select_related('tag')

diff --git a/external_services/lti.py b/external_services/lti.py
@@ -2,8 +2,8 @@
 from urllib.parse import urlsplit, urljoin
 
 from django.conf import settings
-from django.core.exceptions import PermissionDenied
-from django.utils.translation import get_language
+from django.http import Http404
+from django.utils.translation import get_language, ugettext_lazy as _
 from rest_framework.reverse import reverse
 from rest_framework.settings import api_settings
 from oauthlib.common import urldecode
@@ -93,9 +93,10 @@ def __init__(self, service, user, instance, request, title, context_id=None, lin
     def user_info(self, course_instance, user):
         if self.service.is_anonymous:
             # Anonymize user information
-            enrollment = Enrollment.objects.filter(course_instance=course_instance, user_profile=user.userprofile).first()
-            if not enrollment:
-                raise PermissionDenied()
+            try:
+                enrollment = Enrollment.objects.get(course_instance=course_instance, user_profile=user.userprofile)
+            except Enrollment.DoesNotExist:
+                raise Http404(_("Course enrollment required for accessing the LTI service."))
             # Creates anon name and id for pre-pseudonymisation Enrollments
             if not (enrollment.anon_name or enrollment.anon_id):
                 # the model's post_save functions take care of the creation

diff --git a/locale/fi/LC_MESSAGES/django.po b/locale/fi/LC_MESSAGES/django.po
@@ -2908,6 +2908,10 @@ msgstr ""
 "Palauttaaksesi tehtäviä sinun pitää rekisteröityä ja ilmoittautua kurssin "
 "etusivulla."
 
+#: external_services/lti.py
+msgid "Course enrollment required for accessing the LTI service."
+msgstr "Kurssille ilmoittautuminen vaaditaan LTI-palveluun pääsemiseksi."
+
 #: external_services/models.py
 msgid "Url can not contain scheme or domain part."
 msgstr "Url ei voi sisältää skeema- tai verkkotunnusosaa."