Did a quick security scan through views.

* we appear to be fairly consistent in using is_staff and has_staff_access_to_course
* cleaned up some docstrings and little code things as I went
* fixed small bug in change_enrollment view (check for non-anon user)