Extract authoring-user-field enforcement into a shared helper

Move the repeated "require an author FK, allow null only during
deserialization, and drop references to a cross-dataset superuser" logic
out of the course models and into
AbstractFacilityDataModel.enforce_authoring_user_field, routing
CourseSession, CourseSessionAssignment and UnitTestAssignment through it.

No behaviour change: enforcement still happens on every non-deserialization
save, matching the semantics established in #14130.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: rtibbles

kolibri/core/auth/models.py

@@ -397,6 +397,42 @@ def pre_save(self, **kwargs):
         except KolibriValidationError as e:
             raise IntegrityError(str(e))
 
+    def enforce_authoring_user_field(self, field_name, **save_kwargs):
+        """
+        Enforce and sanitize an "authoring" foreign key to a ``FacilityUser`` -- e.g.
+        ``creator``, ``created_by``, ``assigned_by`` or ``activated_by``.
+
+        The field is required on any save, so we always capture who authored the record.
+        The exception is deserialization, where the value comes from the originating
+        device and may legitimately be null (e.g. on a learner-only device where the
+        author's ``FacilityUser`` has not synced); Morango signals deserialization by
+        passing ``update_dirty_bit_to=False`` to ``save`` (and hence ``pre_save``).
+
+        When the field points at a superuser belonging to a different dataset -- e.g. a
+        device's own super admin authoring content in a facility that was synced onto the
+        device -- the reference is dropped (nulled) so the record can sync without a
+        dangling cross-dataset foreign key. Any other cross-dataset user is rejected.
+
+        The related foreign key must be declared ``blank=True, null=True`` so that
+        ``clean_fields`` (run by Morango during deserialization) accepts the nulled value.
+        """
+        user = getattr(self, field_name)
+        is_deserialization = save_kwargs.get("update_dirty_bit_to") is False
+        if not is_deserialization and user is None:
+            raise IntegrityError(
+                "{model}.{field} may not be null".format(
+                    model=type(self).__name__, field=field_name
+                )
+            )
+        if user and user.dataset_id != self.dataset_id:
+            if not user.is_superuser:
+                raise IntegrityError(
+                    "{model}.{field} must belong to the same dataset".format(
+                        model=type(self).__name__, field=field_name
+                    )
+                )
+            setattr(self, field_name, None)
+
     def save(self, *args, **kwargs):
         self.pre_save(**kwargs)
         super().save(*args, **kwargs)

kolibri/core/courses/models.py

@@ -321,20 +321,7 @@ def get_course_content_download_priority(self, contentnode_id):
 
     def pre_save(self, **kwargs):
         super().pre_save(**kwargs)
-
-        is_deserialization = kwargs.get("update_dirty_bit_to") is False
-
-        if not is_deserialization and self.created_by is None:
-            raise IntegrityError(
-                "CourseSession must be saved with a non None created_by field"
-            )
-
-        if self.created_by and self.created_by.dataset_id != self.dataset_id:
-            if not self.created_by.is_superuser:
-                raise IntegrityError(
-                    "CourseSession must have creator in the same dataset"
-                )
-            self.created_by = None
+        self.enforce_authoring_user_field("created_by", **kwargs)
 
     def infer_dataset(self, *args, **kwargs):
         return self.cached_related_dataset_lookup("collection")
@@ -427,22 +414,7 @@ def pre_save(self, **kwargs):
                 "CourseSession assignment foreign models must be in same dataset"
             )
 
-        is_deserialization = kwargs.get("update_dirty_bit_to") is False
-
-        if not is_deserialization and self.assigned_by is None:
-            raise IntegrityError(
-                "CourseSession assignment must be saved with a non None assigned_by field"
-            )
-
-        # validate that datasets match so this would be syncable
-        if self.assigned_by and self.assigned_by.dataset_id != self.dataset_id:
-            # the only time assigned_by can be null is if it's a superuser
-            # and if we set it to none HERE
-            if not self.assigned_by.is_superuser:
-                raise IntegrityError(
-                    "CourseSession assignment must have assigner in the same dataset"
-                )
-            self.assigned_by = None
+        self.enforce_authoring_user_field("assigned_by", **kwargs)
 
     def infer_dataset(self, *args, **kwargs):
         # infer from course_session so assignments align with course_sessions
@@ -614,20 +586,7 @@ def pre_save(self, **kwargs):
                     "UnitTestAssignment collection must be the same as or a child of the CourseSession's collection"
                 )
 
-        is_deserialization = kwargs.get("update_dirty_bit_to") is False
-
-        if not is_deserialization and self.activated_by is None:
-            raise IntegrityError(
-                "UnitTestAssignment must be saved with an non None activated_by field"
-            )
-
-        if self.activated_by and self.activated_by.dataset_id != self.dataset_id:
-            # Only allow null for superusers
-            if not self.activated_by.is_superuser:
-                raise IntegrityError(
-                    "UnitTestAssignment activated_by must be in the same dataset"
-                )
-            self.activated_by = None
+        self.enforce_authoring_user_field("activated_by", **kwargs)
 
     @classmethod
     def deserialize(cls, dict_model, sync_filter=None):