def test_consent_necessary_for_course(self, consent_provided_state, ec_consent_enabled, ec_consent_enforcement, expected_result): user = UserFactory() enterprise_customer = EnterpriseCustomerFactory( enable_data_sharing_consent=ec_consent_enabled, enforce_data_sharing_consent=ec_consent_enforcement, ) enterprise_user = EnterpriseCustomerUserFactory( user_id=user.id, enterprise_customer=enterprise_customer) course_id = 'course-v1:edX+DemoX+Demo_Course' enrollment = EnterpriseCourseEnrollment.objects.create( enterprise_customer_user=enterprise_user, consent_granted=consent_provided_state, course_id=course_id) assert consent_necessary_for_course(user, course_id) is expected_result account_consent = UserDataSharingConsentAuditFactory( user=enterprise_user, state=UserDataSharingConsentAudit.ENABLED, ) assert consent_necessary_for_course(user, course_id) is False account_consent.delete() # pylint: disable=no-member enrollment.delete() assert consent_necessary_for_course(user, course_id) is False
def consent_needed_for_course(user, course_id): """ Wrap the enterprise app check to determine if the user needs to grant data sharing permissions before accessing a course. """ if not enterprise_enabled(): return False return consent_necessary_for_course(user, course_id)
def get_course_specific_consent(self, request, course_id): """ Render a form with course-specific information about data sharing consent. This particular variant of the method is called when a `course_id` parameter is passed to the view. In this case, the form is rendered with information about the specific course that's being set up. A 404 will be raised if any of the following conditions are met: * Enrollment is not to be deferred, but there is no EnterpriseCourseEnrollment associated with the current user. * Enrollment is not to be deferred and there's an EnterpriseCourseEnrollment associated with the current user, but the corresponding EnterpriseCustomer does not require course-level consent for this course. * Enrollment is to be deferred, but either no EnterpriseCustomer was supplied (via the enrollment_deferred GET parameter) or the supplied EnterpriseCustomer doesn't exist. """ try: client = CourseApiClient() course_details = client.get_course_details(course_id) except HttpClientError: raise Http404 next_url = request.GET.get('next') failure_url = request.GET.get('failure_url') enrollment_deferred = request.GET.get('enrollment_deferred') if enrollment_deferred is None: customer = get_object_or_404( EnterpriseCourseEnrollment, enterprise_customer_user__user_id=request.user.id, course_id=course_id ).enterprise_customer_user.enterprise_customer if not consent_necessary_for_course(request.user, course_id): raise Http404 else: # For deferred enrollment, expect to receive the EnterpriseCustomer from the GET parameters, # which is used for display purposes. enterprise_uuid = request.GET.get('enterprise_id') if not enterprise_uuid: raise Http404 customer = get_object_or_404(EnterpriseCustomer, uuid=enterprise_uuid) platform_name = configuration_helpers.get_value( "PLATFORM_NAME", settings.PLATFORM_NAME) course_name = course_details['name'] context_data = self.get_default_context(customer, platform_name) # Translators: bold_start and bold_end are HTML tags for specifying # enterprise name in bold text. course_specific_context = { 'consent_request_prompt': _('To access this course and use your discount, you must first consent to share your ' 'learning achievements with {bold_start}{enterprise_customer_name}{bold_end}.' ).format( enterprise_customer_name=customer.name, bold_start='<b>', bold_end='</b>', ), 'confirmation_alert_prompt': _('In order to start this course and use your discount, {bold_start}you must{bold_end} consent ' 'to share your course data with {enterprise_customer_name}.'). format( enterprise_customer_name=customer.name, bold_start='<b>', bold_end='</b>', ), 'confirmation_alert_prompt_warning': CONFIRMATION_ALERT_PROMPT_WARNING.format( # pylint: disable=no-member enterprise_customer_name=customer.name, ), 'LANGUAGE_CODE': get_language_from_request(request), 'platform_name': platform_name, 'course_id': course_id, 'course_name': course_name, 'redirect_url': next_url, 'enterprise_customer_name': customer.name, 'course_specific': True, 'enrollment_deferred': enrollment_deferred is not None, 'failure_url': failure_url, 'requested_permissions': [ _('your enrollment in this course'), _('your learning progress'), _('course completion'), ], 'enterprise_customer': customer, 'enterprise_welcome_text': self.enterprise_welcome_text.format( enterprise_customer_name=customer.name, platform_name=platform_name, strong_start='<strong>', strong_end='</strong>', ) } context_data.update(course_specific_context) if customer.require_account_level_consent: context_data.update({ 'consent_request_prompt': _('To access this and other courses sponsored by {bold_start}{enterprise_customer_name}{bold_end}, ' 'and to use the discounts available to you, you must first consent to share your ' 'learning achievements with {bold_start}{enterprise_customer_name}{bold_end}.' ).format( enterprise_customer_name=customer.name, bold_start='<b>', bold_end='</b>', ), 'requested_permissions': [ _('your enrollment in all sponsored courses'), _('your learning progress'), _('course completion'), ], }) return render(request, 'enterprise/grant_data_sharing_permissions.html', context=context_data)
def get_course_specific_consent(self, request, course_id): """ Render a form with course-specific information about data sharing consent. This particular variant of the method is called when a `course_id` parameter is passed to the view. In this case, the form is rendered with information about the specific course that's being set up. A 404 will be raised if any of the following conditions are met: * Enrollment is not to be deferred, but there is no EnterpriseCourseEnrollment associated with the current user. * Enrollment is not to be deferred and there's an EnterpriseCourseEnrollment associated with the current user, but the corresponding EnterpriseCustomer does not require course-level consent for this course. * Enrollment is to be deferred, but either no EnterpriseCustomer was supplied (via the enrollment_deferred GET parameter) or the supplied EnterpriseCustomer doesn't exist. """ try: client = CourseApiClient() course_details = client.get_course_details(course_id) except HttpClientError: raise Http404 next_url = request.GET.get('next') failure_url = request.GET.get('failure_url') enrollment_deferred = request.GET.get('enrollment_deferred') if enrollment_deferred is None: customer = get_object_or_404( EnterpriseCourseEnrollment, enterprise_customer_user__user_id=request.user.id, course_id=course_id ).enterprise_customer_user.enterprise_customer if not consent_necessary_for_course(request.user, course_id): raise Http404 else: # For deferred enrollment, expect to receive the EnterpriseCustomer from the GET parameters, # which is used for display purposes. enterprise_uuid = request.GET.get('enterprise_id') if not enterprise_uuid: raise Http404 customer = get_object_or_404(EnterpriseCustomer, uuid=enterprise_uuid) platform_name = configuration_helpers.get_value( "PLATFORM_NAME", settings.PLATFORM_NAME) course_name = course_details['name'] context_data = self.get_default_context(customer, platform_name) course_specific_context = { 'consent_request_prompt': _('To access this course and use your discount, you must first consent to share your ' 'learning achievements with {enterprise_customer_name}.').format( enterprise_customer_name=customer.name), 'confirmation_alert_prompt': _('In order to start this course and use your discount, you must consent to share your ' 'course data with {enterprise_customer_name}.').format( enterprise_customer_name=customer.name), 'page_language': get_language_from_request(request), 'platform_name': platform_name, 'course_id': course_id, 'course_name': course_name, 'redirect_url': next_url, 'enterprise_customer_name': customer.name, 'course_specific': True, 'enrollment_deferred': enrollment_deferred is not None, 'failure_url': failure_url, 'requested_permissions': [ _('your enrollment in this course'), _('your learning progress'), _('course completion'), ] } context_data.update(course_specific_context) return render_to_response('grant_data_sharing_permissions.html', context_data, request=request)
def get_course_specific_consent(self, request, course_id): """ Render a form with course-specific information about data sharing consent. This particular variant of the method is called when a `course_id` parameter is passed to the view. In this case, the form is rendered with information about the specific course that's being set up. A 404 will be raised if any of the following conditions are met: * Enrollment is not to be deferred, but there is no EnterpriseCourseEnrollment associated with the current user. * Enrollment is not to be deferred and there's an EnterpriseCourseEnrollment associated with the current user, but the corresponding EnterpriseCustomer does not require course-level consent for this course. * Enrollment is to be deferred, but either no EnterpriseCustomer was supplied (via the enrollment_deferred GET parameter) or the supplied EnterpriseCustomer doesn't exist. """ try: client = CourseApiClient() course_details = client.get_course_details(course_id) except HttpClientError: raise Http404 next_url = request.GET.get('next') enrollment_deferred = request.GET.get('enrollment_deferred') if enrollment_deferred is None: customer = get_object_or_404( EnterpriseCourseEnrollment, enterprise_customer_user__user_id=request.user.id, course_id=course_id ).enterprise_customer_user.enterprise_customer if not consent_necessary_for_course(request.user, course_id): raise Http404 else: # For deferred enrollment, expect to receive the EnterpriseCustomer from the GET parameters, # which is used for display purposes. enterprise_uuid = request.GET.get('enterprise_id') if not enterprise_uuid: raise Http404 customer = get_object_or_404(EnterpriseCustomer, uuid=enterprise_uuid) platform_name = configuration_helpers.get_value( "PLATFORM_NAME", settings.PLATFORM_NAME) course_name = course_details['name'] data = { 'platform_name': platform_name, 'data_sharing_consent': 'required', "messages": { "warning": self.get_course_warning(customer.name, course_name), "note": self.get_course_note(customer.name, course_name), }, 'course_id': course_id, 'course_name': course_name, 'redirect_url': next_url, 'enterprise_customer_name': customer.name, 'course_specific': True, 'enrollment_deferred': enrollment_deferred is not None, } return render_to_response('grant_data_sharing_permissions.html', data, request=request)