def test_consent_necessary_for_course(self, consent_provided_state,
                                       ec_consent_enabled,
                                       ec_consent_enforcement,
                                       expected_result):
     user = UserFactory()
     enterprise_customer = EnterpriseCustomerFactory(
         enable_data_sharing_consent=ec_consent_enabled,
         enforce_data_sharing_consent=ec_consent_enforcement,
     )
     enterprise_user = EnterpriseCustomerUserFactory(
         user_id=user.id, enterprise_customer=enterprise_customer)
     course_id = 'course-v1:edX+DemoX+Demo_Course'
     enrollment = EnterpriseCourseEnrollment.objects.create(
         enterprise_customer_user=enterprise_user,
         consent_granted=consent_provided_state,
         course_id=course_id)
     assert consent_necessary_for_course(user, course_id) is expected_result
     account_consent = UserDataSharingConsentAuditFactory(
         user=enterprise_user,
         state=UserDataSharingConsentAudit.ENABLED,
     )
     assert consent_necessary_for_course(user, course_id) is False
     account_consent.delete()  # pylint: disable=no-member
     enrollment.delete()
     assert consent_necessary_for_course(user, course_id) is False
Exemple #2
0
def consent_needed_for_course(user, course_id):
    """
    Wrap the enterprise app check to determine if the user needs to grant
    data sharing permissions before accessing a course.
    """
    if not enterprise_enabled():
        return False
    return consent_necessary_for_course(user, course_id)
Exemple #3
0
def consent_needed_for_course(user, course_id):
    """
    Wrap the enterprise app check to determine if the user needs to grant
    data sharing permissions before accessing a course.
    """
    if not enterprise_enabled():
        return False
    return consent_necessary_for_course(user, course_id)
Exemple #4
0
    def get_course_specific_consent(self, request, course_id):
        """
        Render a form with course-specific information about data sharing consent.

        This particular variant of the method is called when a `course_id` parameter
        is passed to the view. In this case, the form is rendered with information
        about the specific course that's being set up.

        A 404 will be raised if any of the following conditions are met:
            * Enrollment is not to be deferred, but there is no EnterpriseCourseEnrollment
              associated with the current user.
            * Enrollment is not to be deferred and there's an EnterpriseCourseEnrollment
              associated with the current user, but the corresponding EnterpriseCustomer
              does not require course-level consent for this course.
            * Enrollment is to be deferred, but either no EnterpriseCustomer was
              supplied (via the enrollment_deferred GET parameter) or the supplied
              EnterpriseCustomer doesn't exist.
        """
        try:
            client = CourseApiClient()
            course_details = client.get_course_details(course_id)
        except HttpClientError:
            raise Http404
        next_url = request.GET.get('next')
        failure_url = request.GET.get('failure_url')

        enrollment_deferred = request.GET.get('enrollment_deferred')
        if enrollment_deferred is None:
            customer = get_object_or_404(
                EnterpriseCourseEnrollment,
                enterprise_customer_user__user_id=request.user.id,
                course_id=course_id
            ).enterprise_customer_user.enterprise_customer

            if not consent_necessary_for_course(request.user, course_id):
                raise Http404
        else:
            # For deferred enrollment, expect to receive the EnterpriseCustomer from the GET parameters,
            # which is used for display purposes.
            enterprise_uuid = request.GET.get('enterprise_id')
            if not enterprise_uuid:
                raise Http404
            customer = get_object_or_404(EnterpriseCustomer,
                                         uuid=enterprise_uuid)

        platform_name = configuration_helpers.get_value(
            "PLATFORM_NAME", settings.PLATFORM_NAME)
        course_name = course_details['name']
        context_data = self.get_default_context(customer, platform_name)
        # Translators: bold_start and bold_end are HTML tags for specifying
        # enterprise name in bold text.
        course_specific_context = {
            'consent_request_prompt':
            _('To access this course and use your discount, you must first consent to share your '
              'learning achievements with {bold_start}{enterprise_customer_name}{bold_end}.'
              ).format(
                  enterprise_customer_name=customer.name,
                  bold_start='<b>',
                  bold_end='</b>',
              ),
            'confirmation_alert_prompt':
            _('In order to start this course and use your discount, {bold_start}you must{bold_end} consent '
              'to share your course data with {enterprise_customer_name}.').
            format(
                enterprise_customer_name=customer.name,
                bold_start='<b>',
                bold_end='</b>',
            ),
            'confirmation_alert_prompt_warning':
            CONFIRMATION_ALERT_PROMPT_WARNING.format(  # pylint: disable=no-member
                enterprise_customer_name=customer.name, ),
            'LANGUAGE_CODE':
            get_language_from_request(request),
            'platform_name':
            platform_name,
            'course_id':
            course_id,
            'course_name':
            course_name,
            'redirect_url':
            next_url,
            'enterprise_customer_name':
            customer.name,
            'course_specific':
            True,
            'enrollment_deferred':
            enrollment_deferred is not None,
            'failure_url':
            failure_url,
            'requested_permissions': [
                _('your enrollment in this course'),
                _('your learning progress'),
                _('course completion'),
            ],
            'enterprise_customer':
            customer,
            'enterprise_welcome_text':
            self.enterprise_welcome_text.format(
                enterprise_customer_name=customer.name,
                platform_name=platform_name,
                strong_start='<strong>',
                strong_end='</strong>',
            )
        }
        context_data.update(course_specific_context)
        if customer.require_account_level_consent:
            context_data.update({
                'consent_request_prompt':
                _('To access this and other courses sponsored by {bold_start}{enterprise_customer_name}{bold_end}, '
                  'and to use the discounts available to you, you must first consent to share your '
                  'learning achievements with {bold_start}{enterprise_customer_name}{bold_end}.'
                  ).format(
                      enterprise_customer_name=customer.name,
                      bold_start='<b>',
                      bold_end='</b>',
                  ),
                'requested_permissions': [
                    _('your enrollment in all sponsored courses'),
                    _('your learning progress'),
                    _('course completion'),
                ],
            })

        return render(request,
                      'enterprise/grant_data_sharing_permissions.html',
                      context=context_data)
Exemple #5
0
    def get_course_specific_consent(self, request, course_id):
        """
        Render a form with course-specific information about data sharing consent.

        This particular variant of the method is called when a `course_id` parameter
        is passed to the view. In this case, the form is rendered with information
        about the specific course that's being set up.

        A 404 will be raised if any of the following conditions are met:
            * Enrollment is not to be deferred, but there is no EnterpriseCourseEnrollment
              associated with the current user.
            * Enrollment is not to be deferred and there's an EnterpriseCourseEnrollment
              associated with the current user, but the corresponding EnterpriseCustomer
              does not require course-level consent for this course.
            * Enrollment is to be deferred, but either no EnterpriseCustomer was
              supplied (via the enrollment_deferred GET parameter) or the supplied
              EnterpriseCustomer doesn't exist.
        """
        try:
            client = CourseApiClient()
            course_details = client.get_course_details(course_id)
        except HttpClientError:
            raise Http404
        next_url = request.GET.get('next')
        failure_url = request.GET.get('failure_url')

        enrollment_deferred = request.GET.get('enrollment_deferred')
        if enrollment_deferred is None:
            customer = get_object_or_404(
                EnterpriseCourseEnrollment,
                enterprise_customer_user__user_id=request.user.id,
                course_id=course_id
            ).enterprise_customer_user.enterprise_customer

            if not consent_necessary_for_course(request.user, course_id):
                raise Http404
        else:
            # For deferred enrollment, expect to receive the EnterpriseCustomer from the GET parameters,
            # which is used for display purposes.
            enterprise_uuid = request.GET.get('enterprise_id')
            if not enterprise_uuid:
                raise Http404
            customer = get_object_or_404(EnterpriseCustomer,
                                         uuid=enterprise_uuid)

        platform_name = configuration_helpers.get_value(
            "PLATFORM_NAME", settings.PLATFORM_NAME)
        course_name = course_details['name']
        context_data = self.get_default_context(customer, platform_name)
        course_specific_context = {
            'consent_request_prompt':
            _('To access this course and use your discount, you must first consent to share your '
              'learning achievements with {enterprise_customer_name}.').format(
                  enterprise_customer_name=customer.name),
            'confirmation_alert_prompt':
            _('In order to start this course and use your discount, you must consent to share your '
              'course data with {enterprise_customer_name}.').format(
                  enterprise_customer_name=customer.name),
            'page_language':
            get_language_from_request(request),
            'platform_name':
            platform_name,
            'course_id':
            course_id,
            'course_name':
            course_name,
            'redirect_url':
            next_url,
            'enterprise_customer_name':
            customer.name,
            'course_specific':
            True,
            'enrollment_deferred':
            enrollment_deferred is not None,
            'failure_url':
            failure_url,
            'requested_permissions': [
                _('your enrollment in this course'),
                _('your learning progress'),
                _('course completion'),
            ]
        }
        context_data.update(course_specific_context)
        return render_to_response('grant_data_sharing_permissions.html',
                                  context_data,
                                  request=request)
Exemple #6
0
    def get_course_specific_consent(self, request, course_id):
        """
        Render a form with course-specific information about data sharing consent.

        This particular variant of the method is called when a `course_id` parameter
        is passed to the view. In this case, the form is rendered with information
        about the specific course that's being set up.

        A 404 will be raised if any of the following conditions are met:
            * Enrollment is not to be deferred, but there is no EnterpriseCourseEnrollment
              associated with the current user.
            * Enrollment is not to be deferred and there's an EnterpriseCourseEnrollment
              associated with the current user, but the corresponding EnterpriseCustomer
              does not require course-level consent for this course.
            * Enrollment is to be deferred, but either no EnterpriseCustomer was
              supplied (via the enrollment_deferred GET parameter) or the supplied
              EnterpriseCustomer doesn't exist.
        """
        try:
            client = CourseApiClient()
            course_details = client.get_course_details(course_id)
        except HttpClientError:
            raise Http404
        next_url = request.GET.get('next')

        enrollment_deferred = request.GET.get('enrollment_deferred')
        if enrollment_deferred is None:
            customer = get_object_or_404(
                EnterpriseCourseEnrollment,
                enterprise_customer_user__user_id=request.user.id,
                course_id=course_id
            ).enterprise_customer_user.enterprise_customer

            if not consent_necessary_for_course(request.user, course_id):
                raise Http404
        else:
            # For deferred enrollment, expect to receive the EnterpriseCustomer from the GET parameters,
            # which is used for display purposes.
            enterprise_uuid = request.GET.get('enterprise_id')
            if not enterprise_uuid:
                raise Http404
            customer = get_object_or_404(EnterpriseCustomer,
                                         uuid=enterprise_uuid)

        platform_name = configuration_helpers.get_value(
            "PLATFORM_NAME", settings.PLATFORM_NAME)
        course_name = course_details['name']
        data = {
            'platform_name': platform_name,
            'data_sharing_consent': 'required',
            "messages": {
                "warning": self.get_course_warning(customer.name, course_name),
                "note": self.get_course_note(customer.name, course_name),
            },
            'course_id': course_id,
            'course_name': course_name,
            'redirect_url': next_url,
            'enterprise_customer_name': customer.name,
            'course_specific': True,
            'enrollment_deferred': enrollment_deferred is not None,
        }
        return render_to_response('grant_data_sharing_permissions.html',
                                  data,
                                  request=request)