Skip to content

Commit

Permalink
Fixed course being accessed from a different org site (#588)
Browse files Browse the repository at this point in the history
Co-authored-by: Abdul Manan <[email protected]>
  • Loading branch information
manan-memon and abdulmanann authored Nov 21, 2024
1 parent 24e9dfb commit 59fe81f
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 1 deletion.
9 changes: 8 additions & 1 deletion lms/djangoapps/course_wiki/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,10 @@

import logging
import re
import six

from django.conf import settings
from django.http import Http404
from django.shortcuts import redirect
from django.utils.translation import ugettext as _
from opaque_keys.edx.keys import CourseKey
Expand All @@ -18,6 +20,7 @@
from openedx.core.djangoapps.site_configuration import helpers as configuration_helpers
from openedx.core.djangolib.markup import Text
from openedx.features.enterprise_support.api import data_sharing_consent_required
from openedx.features.edly.utils import is_course_org_same_as_site_org

log = logging.getLogger(__name__)

Expand All @@ -38,7 +41,11 @@ def course_wiki_redirect(request, course_id, wiki_path=""):
as it's home page. A course's wiki must be an article on the root (for
example, "/6.002x") to keep things simple.
"""
course = get_course_by_id(CourseKey.from_string(course_id))
course_key = CourseKey.from_string(course_id)
if not is_course_org_same_as_site_org(request.site, course_key):
raise Http404(u"Course not found: {}.".format(six.text_type(course_key)))

course = get_course_by_id(course_key)
course_slug = course_wiki_slug(course)

valid_slug = True
Expand Down
5 changes: 5 additions & 0 deletions lms/djangoapps/courseware/courses.py
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
from openedx.features.course_duration_limits.access import AuditExpiredError
from openedx.features.course_experience import RELATIVE_DATES_FLAG
from openedx.features.course_experience.utils import is_block_structure_complete_for_assignments
from openedx.features.edly.utils import is_course_org_same_as_site_org
from common.djangoapps.static_replace import replace_static_urls
from lms.djangoapps.survey.utils import SurveyRequiredAccessError, check_survey_required_and_unanswered
from common.djangoapps.util.date_utils import strftime_localized
Expand Down Expand Up @@ -126,6 +127,10 @@ def get_course_with_access(user, action, course_key, depth=0, check_if_enrolled=
these special cases could not only be handled inside has_access, but could
be plugged in as additional callback checks for different actions.
"""
request = get_current_request()
if not is_course_org_same_as_site_org(request.site, course_key):
raise Http404(u"Course not found: {}.".format(six.text_type(course_key)))

course = get_course_by_id(course_key, depth)
check_course_access_with_redirect(course, user, action, check_if_enrolled, check_survey_complete, check_if_authenticated)
return course
Expand Down
4 changes: 4 additions & 0 deletions lms/djangoapps/instructor/views/instructor_dashboard.py
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@
from openedx.core.djangolib.markup import HTML, Text
from openedx.core.lib.url_utils import quote_slashes
from openedx.core.lib.xblock_utils import wrap_xblock
from openedx.features.edly.utils import is_course_org_same_as_site_org
from common.djangoapps.student.models import CourseEnrollment
from common.djangoapps.student.roles import (
CourseFinanceAdminRole, CourseInstructorRole,
Expand Down Expand Up @@ -112,6 +113,9 @@ def instructor_dashboard_2(request, course_id):
log.error(u"Unable to find course with course key %s while loading the Instructor Dashboard.", course_id)
return HttpResponseServerError()

if not is_course_org_same_as_site_org(request.site, course_key):
raise Http404(u"Course not found: {}.".format(six.text_type(course_key)))

course = get_course_by_id(course_key, depth=0)

access = {
Expand Down

0 comments on commit 59fe81f

Please sign in to comment.