refactor: move scope-type filtering to RoleAssignmentAuditQuerySet

mariajgrimaldi · mariajgrimaldi · commit 96923bec30cb · 2026-04-15T17:37:11.000+02:00
Add a `for_scope_namespace` queryset method so scope-type filtering
is available both in the admin and in API-level querysets, without
duplicating the namespace-prefix logic.

The admin `ScopeTypeFilter` now delegates to this method instead of
building the `scope__startswith` lookup directly.
diff --git a/openedx_authz/admin.py b/openedx_authz/admin.py
@@ -5,7 +5,6 @@
 from django.contrib import admin
 
 from openedx_authz.api.data import ContentLibraryData, CourseOverviewData
-from openedx_authz.constants import AUTHZ_POLICY_ATTRIBUTES_SEPARATOR
 from openedx_authz.models import ExtendedCasbinRule
 from openedx_authz.models.core import RoleAssignmentAudit
 
@@ -75,9 +74,7 @@ def lookups(self, request, model_admin):
     def queryset(self, request, queryset):
         """Filter the queryset by scope namespace prefix."""
         if self.value():
-            return queryset.filter(
-                scope__startswith=f"{self.value()}{AUTHZ_POLICY_ATTRIBUTES_SEPARATOR}"
-            )
+            return queryset.for_scope_namespace(self.value())
         return queryset
 
 
diff --git a/openedx_authz/models/core.py b/openedx_authz/models/core.py
@@ -237,6 +237,23 @@ def create_based_on_policy(
         return extended_rule
 
 
+class RoleAssignmentAuditQuerySet(models.QuerySet):
+    """QuerySet for RoleAssignmentAudit with scope-based filtering."""
+
+    def for_scope_namespace(self, namespace: str) -> "RoleAssignmentAuditQuerySet":
+        """Return records whose scope starts with the given namespace prefix.
+
+        Args:
+            namespace: The namespace to filter by (e.g. ``'lib'``, ``'course-v1'``).
+                Use the NAMESPACE class attribute from the corresponding ScopeData
+                subclass (e.g. ``ContentLibraryData.NAMESPACE``).
+
+        Returns:
+            Queryset filtered to records matching the scope type.
+        """
+        return self.filter(scope__startswith=f"{namespace}{AUTHZ_POLICY_ATTRIBUTES_SEPARATOR}")
+
+
 class RoleAssignmentAudit(models.Model):
     """Model to audit role assignments and unassignments.
 
@@ -247,6 +264,8 @@ class RoleAssignmentAudit(models.Model):
     role assignments over time.
     """
 
+    objects = RoleAssignmentAuditQuerySet.as_manager()
+
     class Operations(NamedTuple):
         created: str = "created"
         deleted: str = "deleted"
