fixup! feat: add PoC permission and role

Author: dwong2708

openedx_authz/api/data.py

@@ -9,8 +9,11 @@
 
 from attrs import define
 from opaque_keys import InvalidKeyError
+from opaque_keys.edx.keys import CourseKey
 from opaque_keys.edx.locator import LibraryLocatorV2
 
+from openedx_authz.tests.stubs.models import CourseOverview
+
 try:
     from openedx.core.djangoapps.content_libraries.models import ContentLibrary
 except ImportError:
@@ -462,6 +465,108 @@ def __repr__(self):
         return self.namespaced_key
 
 
+@define
+class CourseOverviewData(ScopeData):
+    """A course scope for authorization in the Open edX platform.
+
+    Courses uses the CourseKey format for identification.
+
+    Attributes:
+        NAMESPACE: 'course' for course scopes.
+        external_key: The course identifier (e.g., 'course-v1:TestOrg+TestCourse+2024_T1').
+            Must be a valid CourseKey format.
+        namespaced_key: The course identifier with namespace (e.g., 'course^course-v1:TestOrg+TestCourse+2024_T1').
+        course_id: Property alias for external_key.
+
+    Examples:
+        >>> course = CourseOverviewData(external_key='course-v1:TestOrg+TestCourse+2024_T1')
+        >>> course.namespaced_key
+        'course^course-v1:TestOrg+TestCourse+2024_T1'
+        >>> course.course_id
+        'course-v1:TestOrg+TestCourse+2024_T1'
+
+    """
+
+    NAMESPACE: ClassVar[str] = "course"
+
+    @property
+    def course_id(self) -> str:
+        """The course identifier as used in Open edX (e.g., 'course-v1:TestOrg+TestCourse+2024_T1').
+
+        This is an alias for external_key that represents the course ID without the namespace prefix.
+
+        Returns:
+            str: The course identifier without namespace.
+        """
+        return self.external_key
+
+    @property
+    def course_key(self) -> CourseKey:
+        """The CourseKey object for the course.
+
+        Returns:
+            CourseKey: The course key object.
+        """
+        return CourseKey.from_string(self.course_id)
+
+    @classmethod
+    def validate_external_key(cls, external_key: str) -> bool:
+        """Validate the external_key format for CourseOverviewData.
+
+        Args:
+            external_key: The external key to validate.
+
+        Returns:
+            bool: True if valid, False otherwise.
+        """
+        try:
+            CourseKey.from_string(external_key)
+            return True
+        except InvalidKeyError:
+            return False
+
+    def get_object(self) -> CourseOverview | None:
+        """Retrieve the CourseOverview instance associated with this scope.
+
+        This method converts the course_id to a CourseKey and queries the
+        database to fetch the corresponding CourseOverview object.
+
+        Returns:
+            CourseOverview | None: The CourseOverview instance if found in the database,
+                or None if the course does not exist or has an invalid key format.
+
+        Examples:
+            >>> course_scope = CourseOverviewData(external_key='course-v1:TestOrg+TestCourse+2024_T1')
+            >>> course_obj = course_scope.get_object() # CourseOverview object
+        """
+        try:
+            course_obj = CourseOverview.get_from_id(self.course_key)
+            # Validate canonical key: get_by_key is case-insensitive, but we require exact match
+            # This ensures authorization uses canonical course IDs consistently
+            if course_obj.id != self.course_key:
+                raise CourseOverview.DoesNotExist
+        except (InvalidKeyError, CourseOverview.DoesNotExist):
+            return None
+
+        return course_obj
+
+    def exists(self) -> bool:
+        """Check if the course overview exists.
+
+        Returns:
+            bool: True if the course overview exists, False otherwise.
+        """
+        return self.get_object() is not None
+
+    def __str__(self):
+        """Human readable string representation of the course overview."""
+        return self.course_id
+
+    def __repr__(self):
+        """Developer friendly string representation of the course overview."""
+        return self.namespaced_key
+
+
 class SubjectMeta(type):
     """Metaclass for SubjectData to handle dynamic subclass instantiation based on namespace."""
 

openedx_authz/migrations/0007_coursescope.py

@@ -0,0 +1,45 @@
+# Generated by Django 4.2.24 on 2026-02-06 17:19
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("stubs", "__first__"),
+        ("openedx_authz", "0006_migrate_legacy_permissions"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="CourseScope",
+            fields=[
+                (
+                    "scope_ptr",
+                    models.OneToOneField(
+                        auto_created=True,
+                        on_delete=django.db.models.deletion.CASCADE,
+                        parent_link=True,
+                        primary_key=True,
+                        serialize=False,
+                        to="openedx_authz.scope",
+                    ),
+                ),
+                (
+                    "course_overview",
+                    models.ForeignKey(
+                        blank=True,
+                        null=True,
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="authz_scopes",
+                        to=settings.OPENEDX_AUTHZ_COURSE_OVERVIEW_MODEL,
+                    ),
+                ),
+            ],
+            options={
+                "abstract": False,
+            },
+            bases=("openedx_authz.scope",),
+        ),
+    ]

openedx_authz/tests/api/test_roles.py

@@ -61,19 +61,6 @@ def _mock_get_or_create_subject(subject_data):
     return subject
 
 
-# Apply patches at module level using the new manager method
-_scope_patcher = patch(
-    "openedx_authz.models.ScopeManager.get_or_create_for_external_key",
-    side_effect=_mock_get_or_create_scope,
-)
-_subject_patcher = patch(
-    "openedx_authz.models.SubjectManager.get_or_create_for_external_key",
-    side_effect=_mock_get_or_create_subject,
-)
-_scope_patcher.start()
-_subject_patcher.start()
-
-
 class BaseRolesTestCase(TestCase):
     """Base test case with helper methods for roles testing.
 
@@ -134,6 +121,26 @@ def setUpClass(cls):
         to add their specific role assignments by calling _assign_roles_to_users.
         """
         super().setUpClass()
+
+        # Apply patches here so they only affect this test
+        # and don't interfere with other tests using the real
+        # get_or_create_for_external_key implementation.
+        cls._scope_patcher = patch(
+            "openedx_authz.models.ScopeManager.get_or_create_for_external_key",
+            side_effect=_mock_get_or_create_scope,
+        )
+        cls._subject_patcher = patch(
+            "openedx_authz.models.SubjectManager.get_or_create_for_external_key",
+            side_effect=_mock_get_or_create_subject,
+        )
+
+        cls._scope_patcher.start()
+        cls._subject_patcher.start()
+
+        AuthzEnforcer.get_enforcer().stop_auto_load_policy()
+        AuthzEnforcer.get_enforcer().enable_auto_save(True)
+        cls._seed_database_with_policies()
+
         AuthzEnforcer.get_enforcer().stop_auto_load_policy()
         # Enable auto-save to ensure policies are saved to the database
         # This is necessary because the tests are not using auto-load policy
@@ -150,6 +157,15 @@ def tearDown(self):
         super().tearDown()
         AuthzEnforcer.get_enforcer().clear_policy()  # Clear policies after each test to ensure isolation
 
+    @classmethod
+    def tearDownClass(cls):
+        # Stop patches cleanly
+        # This ensures that if any test fails, the patches will still be stopped properly,
+        # preventing side effects on other tests.
+        cls._scope_patcher.stop()
+        cls._subject_patcher.stop()
+        super().tearDownClass()
+
 
 class RolesTestSetupMixin(BaseRolesTestCase):
     """Test case with comprehensive role assignments for general roles testing."""

openedx_authz/tests/stubs/models.py

@@ -8,6 +8,7 @@
 from django.contrib.auth.models import Group
 from django.db import models
 from opaque_keys.edx.django.models import CourseKeyField, UsageKeyField
+from opaque_keys.edx.keys import CourseKey
 from opaque_keys.edx.locator import LibraryLocatorV2
 
 
@@ -94,103 +95,33 @@ class CourseOverview(models.Model):
     """
     Model for storing and caching basic information about a course.
 
-    This model contains basic course metadata such as an ID, display name,
-    image URL, and any other information that would be necessary to display
-    a course as part of:
-        user dashboard (enrolled courses)
-        course catalog (courses to enroll in)
-        course about (meta data about the course)
+    This model contains basic course metadata such as an ID, display name, and organization.
+    It is used to link CourseScope instances to actual courses in the system.
 
     .. no_pii:
     """
 
-    class Meta:
-        app_label = "course_overviews"
-
-    # IMPORTANT: Bump this whenever you modify this model and/or add a migration.
-    VERSION = 19
-
-    # Cache entry versioning.
-    version = models.IntegerField()
-
     # Course identification
     id = CourseKeyField(db_index=True, primary_key=True, max_length=255)
     _location = UsageKeyField(max_length=255)
     org = models.TextField(max_length=255, default="outdated_entry")
     display_name = models.TextField(null=True)
-    display_number_with_default = models.TextField()
-    display_org_with_default = models.TextField()
-
-    start = models.DateTimeField(null=True)
-    end = models.DateTimeField(null=True)
-
-    # These are deprecated and unused, but cannot be dropped via simple migration due to the size of the downstream
-    # history table. See DENG-19 for details.
-    # Please use start and end above for these values.
-    start_date = models.DateTimeField(null=True)
-    end_date = models.DateTimeField(null=True)
-
-    advertised_start = models.TextField(null=True)
-    announcement = models.DateTimeField(null=True)
-
-    # URLs
-    # Not allowing null per django convention; not sure why many TextFields in this model do allow null
-    banner_image_url = models.TextField()
-    course_image_url = models.TextField()
-    social_sharing_url = models.TextField(null=True)
-    end_of_course_survey_url = models.TextField(null=True)
-
-    # Certification data
-    certificates_display_behavior = models.TextField(null=True)
-    certificates_show_before_end = models.BooleanField(default=False)
-    cert_html_view_enabled = models.BooleanField(default=False)
-    has_any_active_web_certificate = models.BooleanField(default=False)
-    cert_name_short = models.TextField()
-    cert_name_long = models.TextField()
-    certificate_available_date = models.DateTimeField(default=None, null=True)
-
-    # Grading
-    lowest_passing_grade = models.DecimalField(max_digits=5, decimal_places=2, null=True)
-
-    # Access parameters
-    days_early_for_beta = models.FloatField(null=True)
-    mobile_available = models.BooleanField(default=False)
-    visible_to_staff_only = models.BooleanField(default=False)
-    _pre_requisite_courses_json = models.TextField()  # JSON representation of list of CourseKey strings
-
-    # Enrollment details
-    enrollment_start = models.DateTimeField(null=True)
-    enrollment_end = models.DateTimeField(null=True)
-    enrollment_domain = models.TextField(null=True)
-    invitation_only = models.BooleanField(default=False)
-    max_student_enrollments_allowed = models.IntegerField(null=True)
-
-    # Catalog information
-    catalog_visibility = models.TextField(null=True)
-    short_description = models.TextField(null=True)
-    course_video_url = models.TextField(null=True)
-    effort = models.TextField(null=True)
-    self_paced = models.BooleanField(default=False)
-    marketing_url = models.TextField(null=True)
-    eligible_for_financial_aid = models.BooleanField(default=True)
-
-    # Course highlight info, used to guide course update emails
-    has_highlights = models.BooleanField(null=True, default=None)  # if None, you have to look up the answer yourself
-
-    # Proctoring
-    enable_proctored_exams = models.BooleanField(default=False)
-    proctoring_provider = models.TextField(null=True)
-    proctoring_escalation_email = models.TextField(null=True)
-    allow_proctoring_opt_out = models.BooleanField(default=False)
-
-    # Entrance Exam information
-    entrance_exam_enabled = models.BooleanField(default=False)
-    entrance_exam_id = models.CharField(max_length=255, blank=True)
-    entrance_exam_minimum_score_pct = models.FloatField(default=0.65)
-
-    # Open Response Assessment configuration
-    force_on_flexible_peer_openassessments = models.BooleanField(default=False)
-
-    external_id = models.CharField(max_length=128, null=True, blank=True)
-
-    language = models.TextField(null=True)
+
+    @classmethod
+    def get_from_id(cls, course_key):
+        """Get a CourseOverview by its course key.
+
+        Args:
+            course_key: The course key to look up.
+
+        Returns:
+            CourseOverview: The course overview instance.
+        """
+        if course_key is None:
+            raise ValueError("course_key must not be None")
+        try:
+            key = str(CourseKey.from_string(str(course_key)))
+        except Exception:  # pylint: disable=broad-exception-caught
+            key = str(course_key)
+        obj, _ = cls.objects.get_or_create(id=key)
+        return obj