From a8dcad3d933d8fd6a896c335191aed425edd1dc2 Mon Sep 17 00:00:00 2001 From: Pasi Sarolahti Date: Tue, 19 Jan 2021 09:45:29 +0200 Subject: [PATCH] Change enrollment checks to use QuerySet get method. Relies on the uniqueness of enrollments based on (course_instance, user_profile). Requires exception handling for nonexisting entries. In addition, HTTP error changed from PermissionDenied to NotFound when accessing LTI service with unenrolled user. Closes #600. --- course/models.py | 5 ++++- external_services/lti.py | 11 ++++++----- locale/fi/LC_MESSAGES/django.po | 4 ++++ 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/course/models.py b/course/models.py index 5e1a3eb18..1b43be705 100644 --- a/course/models.py +++ b/course/models.py @@ -539,7 +539,10 @@ def tag_user(self, user, tag): UserTagging.objects.create(tag=tag, user=user.userprofile, course_instance=self) def get_enrollment_for(self, user): - return Enrollment.objects.filter(course_instance=self, user_profile=user.userprofile).first() + try: + return Enrollment.objects.get(course_instance=self, user_profile=user.userprofile) + except Enrollment.DoesNotExist: + return None def get_user_tags(self, user): return self.taggings.filter(user=user.uesrprofile).select_related('tag') diff --git a/external_services/lti.py b/external_services/lti.py index 7e869f349..37a20fc64 100644 --- a/external_services/lti.py +++ b/external_services/lti.py @@ -2,8 +2,8 @@ from urllib.parse import urlsplit, urljoin from django.conf import settings -from django.core.exceptions import PermissionDenied -from django.utils.translation import get_language +from django.http import Http404 +from django.utils.translation import get_language, ugettext_lazy as _ from rest_framework.reverse import reverse from rest_framework.settings import api_settings from oauthlib.common import urldecode @@ -93,9 +93,10 @@ def __init__(self, service, user, instance, request, title, context_id=None, lin def user_info(self, course_instance, user): if self.service.is_anonymous: # Anonymize user information - enrollment = Enrollment.objects.filter(course_instance=course_instance, user_profile=user.userprofile).first() - if not enrollment: - raise PermissionDenied() + try: + enrollment = Enrollment.objects.get(course_instance=course_instance, user_profile=user.userprofile) + except Enrollment.DoesNotExist: + raise Http404(_("Course enrollment required for accessing the LTI service.")) # Creates anon name and id for pre-pseudonymisation Enrollments if not (enrollment.anon_name or enrollment.anon_id): # the model's post_save functions take care of the creation diff --git a/locale/fi/LC_MESSAGES/django.po b/locale/fi/LC_MESSAGES/django.po index e76cbf921..8c8ccc471 100644 --- a/locale/fi/LC_MESSAGES/django.po +++ b/locale/fi/LC_MESSAGES/django.po @@ -2908,6 +2908,10 @@ msgstr "" "Palauttaaksesi tehtäviä sinun pitää rekisteröityä ja ilmoittautua kurssin " "etusivulla." +#: external_services/lti.py +msgid "Course enrollment required for accessing the LTI service." +msgstr "Kurssille ilmoittautuminen vaaditaan LTI-palveluun pääsemiseksi." + #: external_services/models.py msgid "Url can not contain scheme or domain part." msgstr "Url ei voi sisältää skeema- tai verkkotunnusosaa."