Skip to content

Commit 12a46e6

Browse files
authored
feat: AuthZ for course authoring compatibility layer (#38013)
1 parent 0c5e96d commit 12a46e6

File tree

26 files changed

+628
-174
lines changed

26 files changed

+628
-174
lines changed

cms/djangoapps/contentstore/tests/test_course_listing.py

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,13 +35,16 @@
3535
from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
3636
from openedx.core.djangoapps.content.course_overviews.tests.factories import CourseOverviewFactory
3737
from openedx.core.djangoapps.waffle_utils.testutils import WAFFLE_TABLES
38+
from openedx.core.djangolib.testing.utils import AUTHZ_TABLES
3839
from xmodule.modulestore import ModuleStoreEnum # lint-amnesty, pylint: disable=wrong-import-order
3940
from xmodule.modulestore.tests.django_utils import ModuleStoreTestCase # lint-amnesty, pylint: disable=wrong-import-order
4041
from xmodule.modulestore.tests.factories import CourseFactory # lint-amnesty, pylint: disable=wrong-import-order
4142

4243
TOTAL_COURSES_COUNT = 10
4344
USER_COURSES_COUNT = 1
4445

46+
QUERY_COUNT_TABLE_IGNORELIST = WAFFLE_TABLES + AUTHZ_TABLES
47+
4548

4649
@ddt.ddt
4750
class TestCourseListing(ModuleStoreTestCase):
@@ -303,10 +306,10 @@ def test_course_listing_performance(self):
303306
courses_list, __ = _accessible_courses_list_from_groups(self.request)
304307
self.assertEqual(len(courses_list), USER_COURSES_COUNT)
305308

306-
with self.assertNumQueries(1, table_ignorelist=WAFFLE_TABLES):
309+
with self.assertNumQueries(2, table_ignorelist=QUERY_COUNT_TABLE_IGNORELIST):
307310
_accessible_courses_list_from_groups(self.request)
308311

309-
with self.assertNumQueries(2, table_ignorelist=WAFFLE_TABLES):
312+
with self.assertNumQueries(2, table_ignorelist=QUERY_COUNT_TABLE_IGNORELIST):
310313
_accessible_courses_iter_for_tests(self.request)
311314

312315
def test_course_listing_errored_deleted_courses(self):

cms/djangoapps/contentstore/views/library.py

Lines changed: 16 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -73,24 +73,23 @@ def _user_can_create_library_for_org(user, org=None):
7373
elif user.is_staff:
7474
return True
7575
elif settings.FEATURES.get('ENABLE_CREATOR_GROUP', False):
76-
org_filter_params = {}
77-
if org:
78-
org_filter_params['org'] = org
7976
is_course_creator = get_course_creator_status(user) == 'granted'
80-
has_org_staff_role = OrgStaffRole().get_orgs_for_user(user).filter(**org_filter_params).exists()
81-
has_course_staff_role = (
82-
UserBasedRole(user=user, role=CourseStaffRole.ROLE)
83-
.courses_with_role()
84-
.filter(**org_filter_params)
85-
.exists()
86-
)
87-
has_course_admin_role = (
88-
UserBasedRole(user=user, role=CourseInstructorRole.ROLE)
89-
.courses_with_role()
90-
.filter(**org_filter_params)
91-
.exists()
92-
)
93-
return is_course_creator or has_org_staff_role or has_course_staff_role or has_course_admin_role
77+
if is_course_creator:
78+
return True
79+
80+
has_org_staff_role = OrgStaffRole().has_org_for_user(user, org)
81+
if has_org_staff_role:
82+
return True
83+
84+
has_course_staff_role = UserBasedRole(user=user, role=CourseStaffRole.ROLE).has_courses_with_role(org)
85+
if has_course_staff_role:
86+
return True
87+
88+
has_course_admin_role = UserBasedRole(user=user, role=CourseInstructorRole.ROLE).has_courses_with_role(org)
89+
if has_course_admin_role:
90+
return True
91+
92+
return False
9493
else:
9594
# EDUCATOR-1924: DISABLE_LIBRARY_CREATION overrides DISABLE_COURSE_CREATION, if present.
9695
disable_library_creation = settings.FEATURES.get('DISABLE_LIBRARY_CREATION', None)

common/djangoapps/student/role_helpers.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
)
1515
from openedx.core.lib.cache_utils import request_cached
1616
from common.djangoapps.student.roles import (
17-
CourseAccessRole,
17+
AuthzCompatCourseAccessRole,
1818
CourseBetaTesterRole,
1919
CourseInstructorRole,
2020
CourseStaffRole,
@@ -66,7 +66,7 @@ def get_role_cache(user: User) -> RoleCache:
6666

6767

6868
@request_cached()
69-
def get_course_roles(user: User) -> list[CourseAccessRole]:
69+
def get_course_roles(user: User) -> list[AuthzCompatCourseAccessRole]:
7070
"""
7171
Returns a list of all course-level roles that this user has.
7272

0 commit comments

Comments
 (0)