feat: AuthZ for course authoring compatibility layer (#38013)

Author: rodmgwgu

cms/djangoapps/contentstore/tests/test_course_listing.py

@@ -35,13 +35,16 @@
 from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
 from openedx.core.djangoapps.content.course_overviews.tests.factories import CourseOverviewFactory
 from openedx.core.djangoapps.waffle_utils.testutils import WAFFLE_TABLES
+from openedx.core.djangolib.testing.utils import AUTHZ_TABLES
 from xmodule.modulestore import ModuleStoreEnum  # lint-amnesty, pylint: disable=wrong-import-order
 from xmodule.modulestore.tests.django_utils import ModuleStoreTestCase  # lint-amnesty, pylint: disable=wrong-import-order
 from xmodule.modulestore.tests.factories import CourseFactory  # lint-amnesty, pylint: disable=wrong-import-order
 
 TOTAL_COURSES_COUNT = 10
 USER_COURSES_COUNT = 1
 
+QUERY_COUNT_TABLE_IGNORELIST = WAFFLE_TABLES + AUTHZ_TABLES
+
 
 @ddt.ddt
 class TestCourseListing(ModuleStoreTestCase):
@@ -303,10 +306,10 @@ def test_course_listing_performance(self):
         courses_list, __ = _accessible_courses_list_from_groups(self.request)
         self.assertEqual(len(courses_list), USER_COURSES_COUNT)
 
-        with self.assertNumQueries(1, table_ignorelist=WAFFLE_TABLES):
+        with self.assertNumQueries(2, table_ignorelist=QUERY_COUNT_TABLE_IGNORELIST):
             _accessible_courses_list_from_groups(self.request)
 
-        with self.assertNumQueries(2, table_ignorelist=WAFFLE_TABLES):
+        with self.assertNumQueries(2, table_ignorelist=QUERY_COUNT_TABLE_IGNORELIST):
             _accessible_courses_iter_for_tests(self.request)
 
     def test_course_listing_errored_deleted_courses(self):

cms/djangoapps/contentstore/views/library.py

@@ -73,24 +73,23 @@ def _user_can_create_library_for_org(user, org=None):
     elif user.is_staff:
         return True
     elif settings.FEATURES.get('ENABLE_CREATOR_GROUP', False):
-        org_filter_params = {}
-        if org:
-            org_filter_params['org'] = org
         is_course_creator = get_course_creator_status(user) == 'granted'
-        has_org_staff_role = OrgStaffRole().get_orgs_for_user(user).filter(**org_filter_params).exists()
-        has_course_staff_role = (
-            UserBasedRole(user=user, role=CourseStaffRole.ROLE)
-            .courses_with_role()
-            .filter(**org_filter_params)
-            .exists()
-        )
-        has_course_admin_role = (
-            UserBasedRole(user=user, role=CourseInstructorRole.ROLE)
-            .courses_with_role()
-            .filter(**org_filter_params)
-            .exists()
-        )
-        return is_course_creator or has_org_staff_role or has_course_staff_role or has_course_admin_role
+        if is_course_creator:
+            return True
+
+        has_org_staff_role = OrgStaffRole().has_org_for_user(user, org)
+        if has_org_staff_role:
+            return True
+
+        has_course_staff_role = UserBasedRole(user=user, role=CourseStaffRole.ROLE).has_courses_with_role(org)
+        if has_course_staff_role:
+            return True
+
+        has_course_admin_role = UserBasedRole(user=user, role=CourseInstructorRole.ROLE).has_courses_with_role(org)
+        if has_course_admin_role:
+            return True
+
+        return False
     else:
         # EDUCATOR-1924: DISABLE_LIBRARY_CREATION overrides DISABLE_COURSE_CREATION, if present.
         disable_library_creation = settings.FEATURES.get('DISABLE_LIBRARY_CREATION', None)

common/djangoapps/student/role_helpers.py

@@ -14,7 +14,7 @@
 )
 from openedx.core.lib.cache_utils import request_cached
 from common.djangoapps.student.roles import (
-    CourseAccessRole,
+    AuthzCompatCourseAccessRole,
     CourseBetaTesterRole,
     CourseInstructorRole,
     CourseStaffRole,
@@ -66,7 +66,7 @@ def get_role_cache(user: User) -> RoleCache:
 
 
 @request_cached()
-def get_course_roles(user: User) -> list[CourseAccessRole]:
+def get_course_roles(user: User) -> list[AuthzCompatCourseAccessRole]:
     """
     Returns a list of all course-level roles that this user has.