feat: implement schedule and details permissions

[bra-i-am]

Description

Implements fine-grained authorization for the Schedule & Details page using the existing authz module. Three new permission constants are introduced:

• courses.view_schedule_and_details — gates access to the entire page
• courses.edit_schedule — controls whether date fields (start/end/enrollment dates) are editable
• courses.edit_details — controls whether all other fields (pacing, language, description, images, instructors, license, etc.) are editable

How it behaves:

• If the user lacks view_schedule_and_details, a PermissionDeniedAlert is rendered instead of the page.
• If the user lacks edit_schedule, all date inputs in the Schedule section are rendered as read-only.
• If the user lacks edit_details, all remaining inputs (pacing radios, language dropdown, WYSIWYG editors, image uploads, instructor fields, learning outcomes, license selector, requirements) are disabled.
• The Save button is disabled when the user has neither edit permission.

Impacted roles: Course Authors and Operators. Learners are unaffected.

Two generic components were extended to support a disabled prop: WysiwygEditor and CourseUploadImage.

Supporting information

• Resolves Task - RBAC Authz - Implement frontend check for Settings -> Schedule & details permissions #2935
• Follows the same pattern established for Grading Settings permissions (see src/authz/).
• No new Redux state was added; permissions are fetched via useCourseUserPermissions.

Testing instructions

1. Enable the enable_authz_course_authoring waffle flag for your test user/course.
2. Open the Schedule & Details page for a course.
3. View permission denied: Remove courses.view_schedule_and_details from the user's permissions → the page should show the permission denied alert instead of the form.
4. Edit schedule denied: Keep view permission, remove courses.edit_schedule → all date inputs (Start Date, End Date, Enrollment Start, Enrollment End) should be read-only; details fields remain editable.
5. Edit details denied: Keep view and edit_schedule permissions, remove courses.edit_details → pacing radios, language dropdown, description fields, image uploads, instructor fields, learning outcomes, license buttons, and requirements fields should all be disabled; date fields remain editable.
6. No edit permissions: Remove both edit permissions → Save button should never appear (no dirty state can be produced).
7. Waffle flag off: Disable enable_authz_course_authoring → page should render and behave exactly as before (no regression).

Other information

• This change does not depend on backend changes beyond what is already in place for the authz module.
• The upgradeDeadline field remains always read-only regardless of permissions (it is platform-managed and not user-editable).
• No new i18n messages were added.
• WysiwygEditor and CourseUploadImage are generic components — the new disabled prop is backward-compatible with a false default.

Best Practices Checklist

• Any new files are using TypeScript (.ts, .tsx).
• Avoid propTypes and defaultProps in any new or modified code.
• Tests should use the helpers in src/testUtils.tsx (specifically initializeMocks)
• Do not add new fields to the Redux state/store. Use React Context to share state among multiple components.
• Use React Query to load data from REST APIs. See any apiHooks.ts in this repo for examples.
• All new i18n messages in messages.ts files have a description for translators to use.
• Avoid using ../ in import paths. To import from parent folders, use @src, e.g. import { initializeMocks } from '@src/testUtils'; instead of from '../../../../testUtils'

[openedx-webhooks]

Thanks for the pull request, @bra-i-am!

This repository is currently maintained by @bradenmacdonald.

Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review.

🔘 Get product approval

If you haven't already, check this list to see if your contribution needs to go through the product review process.

• If it does, you'll need to submit a product proposal for your contribution, and have it reviewed by the Product Working Group.
  • This process (including the steps you'll need to take) is documented here.
• If it doesn't, simply proceed with the next step.

🔘 Provide context

To help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:

• Dependencies

  This PR must be merged before / after / at the same time as ...

• Blockers

  This PR is waiting for OEP-1234 to be accepted.

• Timeline information

  This PR must be merged by XX date because ...

• Partner information

  This is for a course on edx.org.

• Supporting documentation
• Relevant Open edX discussion forum threads

🔘 Get a green build

If one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green.

Details

---

Where can I find more information?

If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:

• Overview of Review Process for Community Contributions
• Pull Request Status Guide
• Making changes to your pull request

When can I expect my changes to be merged?

Our goal is to get community contributions seen and reviewed as efficiently as possible.

However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:

• The size and impact of the changes that it introduces
• The need for product review
• Maintenance status of the parent repository

💡 As a result it may take up to several weeks or months to complete a review and merge your PR.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.53%. Comparing base (da4e81b) to head (65ff3ff).

Additional details and impacted files

@@           Coverage Diff            @@
##           master    #2991    +/-   ##
========================================
  Coverage   95.52%   95.53%            
========================================
  Files        1392     1392            
  Lines       32911    32939    +28     
  Branches     7340     7601   +261     
========================================
+ Hits        31437    31467    +30     
+ Misses       1419     1404    -15     
- Partials       55       68    +13     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.