fix authentication check in auth

ced3f67a · Adam Palay · 9d2b85d3 · ced3f67a · ced3f67a
Commit ced3f67a authored 10 years ago by Adam Palay
--- a/common/djangoapps/student/auth.py
+++ b/common/djangoapps/student/auth.py
@@ -72,7 +72,7 @@ def _check_caller_authority(caller, role):
    :param caller: a user
    :param role: an AccessRole
    """
-    if not (caller.is_authenticated and caller.is_active):
+    if not (caller.is_authenticated() and caller.is_active):
        raise PermissionDenied
    # superuser
    if GlobalStaff().has_user(caller):

--- a/common/djangoapps/student/tests/test_authz.py
+++ b/common/djangoapps/student/tests/test_authz.py
@@ -76,8 +76,10 @@ class CreatorGroupTest(TestCase):
        """
        Tests that adding to creator group fails if user is not authenticated
        """
-        with mock.patch.dict('django.conf.settings.FEATURES',
-                             {'DISABLE_COURSE_CREATION': False, "ENABLE_CREATOR_GROUP": True}):
+        with mock.patch.dict(
+            'django.conf.settings.FEATURES',
+            {'DISABLE_COURSE_CREATION': False, "ENABLE_CREATOR_GROUP": True}
+        ):
            anonymous_user = AnonymousUser()
            role = CourseCreatorRole()
            add_users(self.admin, role, anonymous_user)
@@ -87,8 +89,10 @@ class CreatorGroupTest(TestCase):
        """
        Tests that adding to creator group fails if user is not active
        """
-        with mock.patch.dict('django.conf.settings.FEATURES',
-                             {'DISABLE_COURSE_CREATION': False, "ENABLE_CREATOR_GROUP": True}):
+        with mock.patch.dict(
+            'django.conf.settings.FEATURES',
+            {'DISABLE_COURSE_CREATION': False, "ENABLE_CREATOR_GROUP": True}
+        ):
            self.user.is_active = False
            add_users(self.admin, CourseCreatorRole(), self.user)
            self.assertFalse(has_access(self.user, CourseCreatorRole()))
@@ -108,7 +112,7 @@ class CreatorGroupTest(TestCase):

    def test_add_user_to_group_requires_authenticated(self):
        with self.assertRaises(PermissionDenied):
-            self.admin.is_authenticated = False
+            self.admin.is_authenticated = mock.Mock(return_value=False)
            add_users(self.admin, CourseCreatorRole(), self.user)

    def test_remove_user_from_group_requires_staff_access(self):
@@ -123,7 +127,7 @@ class CreatorGroupTest(TestCase):

    def test_remove_user_from_group_requires_authenticated(self):
        with self.assertRaises(PermissionDenied):
-            self.admin.is_authenticated = False
+            self.admin.is_authenticated = mock.Mock(return_value=False)
            remove_users(self.admin, CourseCreatorRole(), self.user)