Skip to content

Commit 033d56b

Browse files
committed
fix: update course visibility handling in authorization tests
1 parent bce83b8 commit 033d56b

1 file changed

Lines changed: 15 additions & 13 deletions

File tree

lms/djangoapps/course_api/tests/test_api.py

Lines changed: 15 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
from lms.djangoapps.courseware.exceptions import CourseAccessRedirect
2020
from openedx.core.djangoapps.authz.tests.mixins import CourseAuthoringAuthzTestMixin
2121
from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
22+
from xmodule.course_block import CATALOG_VISIBILITY_NONE
2223
from xmodule.modulestore.exceptions import ItemNotFoundError # pylint: disable=wrong-import-order
2324
from xmodule.modulestore.tests.django_utils import ( # pylint: disable=wrong-import-order
2425
ModuleStoreTestCase,
@@ -147,7 +148,8 @@ def setUpClass(cls):
147148
cls.course = cls.create_course()
148149
cls.hidden_course = cls.create_course(
149150
course='hidden',
150-
visible_to_staff_only=True
151+
visible_to_staff_only=True,
152+
catalog_visibility=CATALOG_VISIBILITY_NONE,
151153
)
152154

153155
def test_get_existing_course_as_authorized_user(self):
@@ -167,13 +169,13 @@ def test_get_existing_course_as_authorized_user(self):
167169
self.verify_course(course)
168170

169171
def test_get_existing_course_as_unauthorized_user(self):
170-
"""User without role should be denied."""
171-
with pytest.raises(CourseAccessRedirect):
172-
self._make_api_call(
173-
self.unauthorized_user,
174-
self.unauthorized_user,
175-
self.course.id
176-
)
172+
"""User without AuthZ role can still access when catalog visibility allows."""
173+
course = self._make_api_call(
174+
self.unauthorized_user,
175+
self.unauthorized_user,
176+
self.course.id
177+
)
178+
self.verify_course(course)
177179

178180
def test_get_nonexistent_course(self):
179181
"""Nonexistent course should raise 404."""
@@ -212,24 +214,24 @@ def test_hidden_course_for_staff_as_unauthorized_user(self):
212214
)
213215

214216
def test_user_gains_access_after_role_assignment(self):
215-
"""User initially denied, then allowed after role assignment."""
217+
"""User denied when catalog is hidden, then allowed after role assignment."""
216218
with pytest.raises(CourseAccessRedirect):
217219
self._make_api_call(
218220
self.unauthorized_user,
219221
self.unauthorized_user,
220-
self.course.id
222+
self.hidden_course.id
221223
)
222224
self.add_user_to_role_in_course(
223225
self.unauthorized_user,
224226
COURSE_EDITOR.external_key,
225-
self.course.id
227+
self.hidden_course.id
226228
)
227229
course = self._make_api_call(
228230
self.unauthorized_user,
229231
self.unauthorized_user,
230-
self.course.id
232+
self.hidden_course.id
231233
)
232-
self.verify_course(course)
234+
self.verify_course(course, course_id='course-v1:edX+hidden+2012_Fall')
233235

234236
def test_staff_access_without_authz_role(self):
235237
"""Staff bypasses AuthZ roles."""

0 commit comments

Comments
 (0)