From a20e51dfe2a7c5e3c6fd88139b4104b029adbafd Mon Sep 17 00:00:00 2001 From: 0x29a Date: Thu, 14 Sep 2023 14:21:53 +0200 Subject: [PATCH] fix: eSHE Instructor should be able to see forum members and enrollments (cherry picked from commit 2be436d061860e59214a931c9cd17d67f509d5e2) --- lms/djangoapps/instructor/permissions.py | 4 ++++ lms/djangoapps/instructor/views/api.py | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/lms/djangoapps/instructor/permissions.py b/lms/djangoapps/instructor/permissions.py index ac9b430acec1..0d8353653b93 100644 --- a/lms/djangoapps/instructor/permissions.py +++ b/lms/djangoapps/instructor/permissions.py @@ -29,6 +29,8 @@ RESCORE_EXAMS = 'instructor.rescore_exams' VIEW_REGISTRATION = 'instructor.view_registration' VIEW_DASHBOARD = 'instructor.dashboard' +VIEW_ENROLLMENTS = 'instructor.view_enrollments' +VIEW_FORUM_MEMBERS = 'instructor.view_forum_members' perms[ALLOW_STUDENT_TO_BYPASS_ENTRANCE_EXAM] = HasAccessRule('staff') @@ -66,3 +68,5 @@ 'instructor', 'data_researcher' ) | HasAccessRule('staff') | HasAccessRule('instructor') +perms[VIEW_ENROLLMENTS] = HasAccessRule('staff') +perms[VIEW_FORUM_MEMBERS] = HasAccessRule('staff') diff --git a/lms/djangoapps/instructor/views/api.py b/lms/djangoapps/instructor/views/api.py index 778cbe5c8b3e..fd346d242fcc 100644 --- a/lms/djangoapps/instructor/views/api.py +++ b/lms/djangoapps/instructor/views/api.py @@ -1661,7 +1661,7 @@ def get_anon_ids(request, course_id): @require_POST @ensure_csrf_cookie @cache_control(no_cache=True, no_store=True, must_revalidate=True) -@require_course_permission(permissions.CAN_ENROLL) +@require_course_permission(permissions.VIEW_ENROLLMENTS) @require_post_params( unique_student_identifier="email or username of student for whom to get enrollment status" ) @@ -2611,7 +2611,7 @@ def problem_grade_report(request, course_id): @require_POST @ensure_csrf_cookie @cache_control(no_cache=True, no_store=True, must_revalidate=True) -@require_course_permission(permissions.CAN_ENROLL) +@require_course_permission(permissions.VIEW_FORUM_MEMBERS) @require_post_params('rolename') def list_forum_members(request, course_id): """