refactor: streamline authz see_about_page access tests by removing redundant cases

BryanttV · BryanttV · commit b7d8b9aeb457 · 2026-06-19T12:18:09.000-05:00
diff --git a/lms/djangoapps/courseware/tests/test_access.py b/lms/djangoapps/courseware/tests/test_access.py
@@ -22,12 +22,11 @@
 from enterprise.api.v1.serializers import EnterpriseCustomerSerializer
 from milestones.tests.utils import MilestonesTestCaseMixin
 from opaque_keys.edx.locator import CourseLocator
-from openedx_authz.constants.roles import COURSE_EDITOR
 
 import lms.djangoapps.courseware.access as access
 import lms.djangoapps.courseware.access_response as access_response
 from common.djangoapps.student.models import CourseEnrollment
-from common.djangoapps.student.roles import CourseCcxCoachRole, CourseLimitedStaffRole, CourseStaffRole
+from common.djangoapps.student.roles import CourseCcxCoachRole, CourseStaffRole
 from common.djangoapps.student.tests.factories import (
     AdminFactory,
     AnonymousUserFactory,
@@ -44,7 +43,6 @@
 from lms.djangoapps.courseware.masquerade import CourseMasquerade
 from lms.djangoapps.courseware.tests.helpers import LoginEnrollmentTestCase, masquerade_as_group_member
 from lms.djangoapps.courseware.toggles import course_is_invitation_only
-from openedx.core import toggles as core_toggles
 from openedx.core.djangoapps.authz.tests.mixins import CourseAuthoringAuthzTestMixin
 from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
 from openedx.core.djangoapps.content.course_overviews.tests.factories import CourseOverviewFactory
@@ -1026,7 +1024,11 @@ def test_course_catalog_access_num_queries_enterprise(self, user_attr_name, cour
 
 class AuthzSeeAboutPageAccessTestCase(CourseAuthoringAuthzTestMixin, SharedModuleStoreTestCase):
     """
-    see_about_page access when AuthZ course authoring is enabled for the course.
+    AuthZ-specific see_about_page edge cases not covered elsewhere.
+
+    Catalog visibility grants, staff bypass, AuthZ role grants, and learner
+    denials are tested in test__catalog_visibility*, TestGetCourseDetailAuthz,
+    and AuthzAboutPageTestCase.
     """
 
     @classmethod
@@ -1049,16 +1051,6 @@ def _see_about_page_response(self, user, course):
         course_overview = CourseOverview.get_from_id(course.id)
         return access.has_access(user, "see_about_page", course_overview, course_key=course.id)
 
-    def test_learner_granted_via_catalog_visibility_both(self):
-        """Learners without AuthZ roles can view the about page when catalog allows it."""
-        response = self._see_about_page_response(self.unauthorized_user, self.course_public)
-        assert response
-
-    def test_learner_granted_via_catalog_visibility_about_only(self):
-        """Learners without AuthZ roles can view about-only courses."""
-        response = self._see_about_page_response(self.unauthorized_user, self.course_about_only)
-        assert response
-
     def test_enrolled_learner_denied_when_catalog_hidden(self):
         """Enrollment alone does not grant about-page access when catalog is hidden."""
         CourseEnrollmentFactory(user=self.unauthorized_user, course_id=self.course_hidden.id)
@@ -1076,55 +1068,23 @@ def test_beta_tester_granted_via_catalog_about(self):
 
         assert response
 
-    def test_course_staff_bypass_when_catalog_hidden(self):
-        """Course staff can preview the about page when catalog visibility is none."""
-        course_staff = StaffFactory.create(course_key=self.course_hidden.id)
-
-        response = self._see_about_page_response(course_staff, self.course_hidden)
-
-        assert response
-
-    def test_limited_staff_bypass_when_catalog_hidden(self):
-        """Limited staff inherit staff bypass for about-page access."""
-        limited_staff = UserFactory.create()
-        CourseLimitedStaffRole(self.course_hidden.id).add_users(limited_staff)
-
-        response = self._see_about_page_response(limited_staff, self.course_hidden)
-
-        assert response
-
-    def test_authz_role_grants_access_when_catalog_hidden(self):
-        """Users with COURSES_VIEW_COURSE can access hidden about pages."""
-        self.add_user_to_role_in_course(self.unauthorized_user, COURSE_EDITOR.external_key, self.course_hidden.id)
-
-        response = self._see_about_page_response(self.unauthorized_user, self.course_hidden)
-
-        assert response
-
     def test_anonymous_user_uses_legacy_path(self):
-        """Anonymous users are routed to the legacy path and follow catalog visibility."""
-        anonymous_user = AnonymousUserFactory.create()
-
-        response = self._see_about_page_response(anonymous_user, self.course_public)
-
-        assert response
-
-    def test_denied_returns_catalog_visibility_error(self):
-        """AuthZ path returns CatalogVisibilityError when all checks fail."""
-        response = self._see_about_page_response(self.unauthorized_user, self.course_hidden)
-
-        assert not response
-        assert isinstance(response, access_response.CatalogVisibilityError)
-        assert response.error_code == "not_visible_in_catalog"
+        """
+        Anonymous users skip the AuthZ path even when course authoring AuthZ is enabled.
 
-    def test_legacy_path_when_authz_disabled(self):
-        """When AuthZ is off, catalog visibility rules still apply."""
-        with patch.object(core_toggles.AUTHZ_COURSE_AUTHORING_FLAG, "is_enabled", return_value=False):
-            response = self._see_about_page_response(self.unauthorized_user, self.course_public)
+        user_has_course_permission is only reached on the AuthZ path, so it must not
+        be called for anonymous users on a catalog-hidden course.
+        """
+        anonymous_user = AnonymousUserFactory.create()
 
-            assert response
+        with patch(
+            "lms.djangoapps.courseware.access.user_has_course_permission",
+        ) as mock_authz_permission:
+            hidden_response = self._see_about_page_response(anonymous_user, self.course_hidden)
 
-            hidden_response = self._see_about_page_response(self.unauthorized_user, self.course_hidden)
+        mock_authz_permission.assert_not_called()
+        assert not hidden_response
+        assert isinstance(hidden_response, access_response.CatalogVisibilityError)
 
-            assert not hidden_response
-            assert isinstance(hidden_response, access_response.CatalogVisibilityError)
+        public_response = self._see_about_page_response(anonymous_user, self.course_public)
+        assert public_response
