@@ -1344,19 +1344,24 @@ def test_org_id_filter_includes_glob_and_excludes_other_orgs(self):
13441344
13451345 Expected result:
13461346 The user with a glob scope in self.org is in successes; the user with a course-level
1347- assignment in a different org is not.
1347+ assignment in a different org and the user with a library assignment in self.org are not.
13481348 """
13491349 glob_scope = f"course-v1:{ self .org }
13501350 other_org_course_scope = f"course-v1:{ OBJECT_PREFIX }
1351+ lib_scope = f"lib:{ self .org }
13511352
13521353 user_glob = User .objects .create_user (
13531354 username = f"{ OBJECT_PREFIX } ,
email = f"{ OBJECT_PREFIX } [email protected] " 13541355 )
13551356 user_other_org = User .objects .create_user (
13561357 username = f"{ OBJECT_PREFIX } ,
email = f"{ OBJECT_PREFIX } [email protected] " 13571358 )
1359+ user_lib = User .objects .create_user (
1360+ username = f"{ OBJECT_PREFIX } ,
email = f"{ OBJECT_PREFIX } [email protected] " 1361+ )
13581362 assign_role_to_user_in_scope (user_glob .username , COURSE_STAFF .external_key , glob_scope )
13591363 assign_role_to_user_in_scope (user_other_org .username , COURSE_STAFF .external_key , other_org_course_scope )
1364+ assign_role_to_user_in_scope (user_lib .username , LIBRARY_ADMIN .external_key , lib_scope )
13601365 AuthzEnforcer .get_enforcer ().load_policy ()
13611366
13621367 errors , successes = migrate_authz_to_legacy_course_roles (
@@ -1368,27 +1373,34 @@ def test_org_id_filter_includes_glob_and_excludes_other_orgs(self):
13681373 self .assertIn (user_glob .username , migrated_users )
13691374 # assignment from the other org is excluded
13701375 self .assertNotIn (user_other_org .username , migrated_users )
1376+ # library assignment in self.org is excluded — library scopes are not course scopes
1377+ self .assertNotIn (user_lib .username , migrated_users )
13711378 self .assertEqual (len (errors ), 0 )
13721379
13731380 @patch ("openedx_authz.api.data.CourseOverview" , CourseOverview )
13741381 def test_course_id_list_filter_excludes_glob_and_other_courses (self ):
13751382 """Rolling back with course_id_list excludes org-level glob scopes and assignments from other courses.
13761383
13771384 Expected result:
1378- The user with a glob scope and the user with a course-level assignment not in the list
1379- are both absent from successes.
1385+ The user with a glob scope, the user with a course-level assignment not in the list,
1386+ and the user with a library assignment are all absent from successes.
13801387 """
13811388 glob_scope = f"course-v1:{ self .org }
13821389 other_course_scope = f"course-v1:{ self .org }
1390+ lib_scope = f"lib:{ self .org }
13831391
13841392 user_glob = User .objects .create_user (
13851393 username = f"{ OBJECT_PREFIX } ,
email = f"{ OBJECT_PREFIX } [email protected] " 13861394 )
13871395 user_other_course = User .objects .create_user (
13881396 username = f"{ OBJECT_PREFIX } ,
email = f"{ OBJECT_PREFIX } [email protected] " 13891397 )
1398+ user_lib = User .objects .create_user (
1399+ username = f"{ OBJECT_PREFIX } ,
email = f"{ OBJECT_PREFIX } [email protected] " 1400+ )
13901401 assign_role_to_user_in_scope (user_glob .username , COURSE_STAFF .external_key , glob_scope )
13911402 assign_role_to_user_in_scope (user_other_course .username , COURSE_STAFF .external_key , other_course_scope )
1403+ assign_role_to_user_in_scope (user_lib .username , LIBRARY_ADMIN .external_key , lib_scope )
13921404 AuthzEnforcer .get_enforcer ().load_policy ()
13931405
13941406 errors , successes = migrate_authz_to_legacy_course_roles (
@@ -1401,4 +1413,6 @@ def test_course_id_list_filter_excludes_glob_and_other_courses(self):
14011413 self .assertNotIn (user_glob .username , migrated_users )
14021414 # course not in the list is excluded
14031415 self .assertNotIn (user_other_course .username , migrated_users )
1416+ # library assignment in self.org is excluded — library scopes are not course scopes
1417+ self .assertNotIn (user_lib .username , migrated_users )
14041418 self .assertEqual (len (errors ), 0 )
0 commit comments