@@ -460,36 +460,21 @@ def _about_page_catalog_visibility_error() -> AccessResponse | CatalogVisibility
460460 """
461461 return _has_catalog_visibility (courselike , CATALOG_VISIBILITY_CATALOG_AND_ABOUT )
462462
463- def legacy_can_see_about_page () -> AccessResponse | CatalogVisibilityError :
463+ @function_trace ("can_see_about_page" )
464+ def can_see_about_page () -> AccessResponse | CatalogVisibilityError :
464465 """
465- Legacy about-page access when AuthZ course authoring is disabled .
466+ Entry point for about-page visibility checks .
466467
467468 Grants access when any of the following is true:
468469 - the course catalog_visibility allows the about page, or
469- - the user has course staff access (including limited staff via role inheritance).
470+ - the user has course staff access (including limited staff via role inheritance), or
471+ - the user is authenticated, AuthZ course authoring is enabled for the course,
472+ and the user has COURSES_VIEW_COURSE (including legacy Studio read access
473+ as a fallback during RBAC migration).
470474
471475 Learners, beta testers, and other course-team roles without staff access rely on
472476 catalog visibility only; they are not checked explicitly here.
473477
474- Returns CatalogVisibilityError when all checks fail.
475- """
476- catalog_visibility_access = _about_page_catalog_visibility_access ()
477- if catalog_visibility_access :
478- return catalog_visibility_access
479-
480- if _has_staff_access_to_block (user , courselike , courselike .id ):
481- return ACCESS_GRANTED
482-
483- return _about_page_catalog_visibility_error ()
484-
485- def authz_can_see_about_page () -> AccessResponse | CatalogVisibilityError :
486- """
487- About-page access when AuthZ course authoring is enabled for the course.
488-
489- Applies the same course-level and staff checks as legacy_can_see_about_page,
490- and additionally grants access to users with COURSES_VIEW_COURSE (including
491- legacy Studio read access as a fallback during RBAC migration).
492-
493478 AuthZ must not replace catalog visibility or staff bypass; those checks run
494479 first so enrolled learners and beta testers are not blocked by authoring
495480 permissions they do not hold.
@@ -503,31 +488,18 @@ def authz_can_see_about_page() -> AccessResponse | CatalogVisibilityError:
503488 if _has_staff_access_to_block (user , courselike , courselike .id ):
504489 return ACCESS_GRANTED
505490
506- if user_has_course_permission (
507- user ,
508- COURSES_VIEW_COURSE .identifier ,
509- courselike .id ,
510- LegacyAuthoringPermission .READ ,
491+ if (
492+ user
493+ and not user .is_anonymous
494+ and core_toggles .enable_authz_course_authoring (courselike .id )
495+ and user_has_course_permission (
496+ user , COURSES_VIEW_COURSE .identifier , courselike .id , LegacyAuthoringPermission .READ
497+ )
511498 ):
512499 return ACCESS_GRANTED
513500
514501 return _about_page_catalog_visibility_error ()
515502
516- @function_trace ("can_see_about_page" )
517- def can_see_about_page () -> AccessResponse | CatalogVisibilityError :
518- """
519- Entry point for about-page visibility checks.
520-
521- Routes authenticated users on courses with AuthZ course authoring enabled to
522- authz_can_see_about_page; all other callers use legacy_can_see_about_page.
523-
524- Both paths grant access via catalog_visibility and course staff bypass. The AuthZ
525- path additionally allows users with COURSES_VIEW_COURSE.
526- """
527- if user and not user .is_anonymous and core_toggles .enable_authz_course_authoring (courselike .id ):
528- return authz_can_see_about_page ()
529- return legacy_can_see_about_page ()
530-
531503 checkers = {
532504 'load' : can_load ,
533505 'load_mobile' : lambda : can_load () and _can_load_course_on_mobile (user , courselike ),
0 commit comments