squash!: generalize course and library scope queryset preparation

Author: rodmgwgu

openedx_authz/rest_api/v1/views.py

@@ -768,6 +768,44 @@ def _get_libraries_queryset(
             ScopesQuerySetFields.SCOPE_TYPE,
         )
 
+    @staticmethod
+    def _get_allowed_scope_queryset(
+        *,
+        username: str,
+        scope_cls: type,
+        glob_cls: type,
+        get_permission: callable,
+        queryset_builder: callable,
+        extract_ids: callable,
+        search: str = "",
+        org: str = "",
+    ) -> QuerySet:
+        """Resolve allowed scopes from Casbin and return a filtered queryset.
+
+        This helper encapsulates the shared pattern of:
+        1. Fetching allowed scopes for a user and permission.
+        2. Partitioning them into specific IDs vs org-level globs.
+        3. Delegating to the appropriate queryset builder.
+
+        Args:
+            username: The username to check permissions for.
+            scope_cls: The concrete scope data class (e.g., CourseOverviewData).
+            glob_cls: The org-level glob class (e.g., OrgCourseOverviewGlobData).
+            get_permission: Callable that returns the permission for a scope class.
+            queryset_builder: Callable that builds the filtered queryset (e.g., _get_courses_queryset).
+            extract_ids: Callable that extracts specific IDs from non-glob scopes.
+            search: Optional search term to filter by display name.
+            org: Optional org short_name to filter by.
+
+        Returns:
+            QuerySet: The filtered queryset projected to the unified scope shape.
+        """
+        allowed_scopes = get_scopes_for_user_and_permission(username, get_permission(scope_cls).identifier)
+        specific_scopes = [s for s in allowed_scopes if not isinstance(s, glob_cls)]
+        allowed_ids = extract_ids(specific_scopes)
+        allowed_orgs = {s.org for s in allowed_scopes if isinstance(s, glob_cls)}
+        return queryset_builder(allowed_ids, allowed_orgs, search=search, org=org)
+
     def _build_queryset(self, courses_qs: QuerySet | None, libraries_qs: QuerySet | None) -> QuerySet:
         """Union the provided querysets and sort deterministically.
 
@@ -811,38 +849,31 @@ def get_queryset(self) -> QuerySet:
         def get_permission(scope_cls):
             return scope_cls.get_admin_manage_permission() if management_only else scope_cls.get_admin_view_permission()
 
-        # Resolve allowed scopes from Casbin in a single call per scope type.
+        # Resolve allowed scopes from Casbin and build filtered querysets.
         courses_qs = None
         if scope_type != ScopesTypeField.LIBRARY:
-            allowed_course_scopes = get_scopes_for_user_and_permission(
-                user.username, get_permission(CourseOverviewData).identifier
-            )
-            allowed_course_ids = {
-                s.external_key for s in allowed_course_scopes if not isinstance(s, OrgCourseOverviewGlobData)
-            }
-            allowed_course_orgs = {s.org for s in allowed_course_scopes if isinstance(s, OrgCourseOverviewGlobData)}
-            courses_qs = self._get_courses_queryset(
-                allowed_course_ids,
-                allowed_course_orgs,
+            courses_qs = self._get_allowed_scope_queryset(
+                username=user.username,
+                scope_cls=CourseOverviewData,
+                glob_cls=OrgCourseOverviewGlobData,
+                get_permission=get_permission,
+                queryset_builder=self._get_courses_queryset,
+                extract_ids=lambda scopes: {s.external_key for s in scopes},
                 search=search,
                 org=org,
             )
 
         libraries_qs = None
         if scope_type != ScopesTypeField.COURSE:
-            allowed_library_scopes = get_scopes_for_user_and_permission(
-                user.username, get_permission(ContentLibraryData).identifier
-            )
-            allowed_library_pairs = {
-                # Library external keys have the format lib:<org>:<slug>
-                (s.external_key.split(":")[1], s.external_key.split(":")[2])
-                for s in allowed_library_scopes
-                if not isinstance(s, OrgContentLibraryGlobData)
-            }
-            allowed_library_orgs = {s.org for s in allowed_library_scopes if isinstance(s, OrgContentLibraryGlobData)}
-            libraries_qs = self._get_libraries_queryset(
-                allowed_library_pairs,
-                allowed_library_orgs,
+            libraries_qs = self._get_allowed_scope_queryset(
+                username=user.username,
+                scope_cls=ContentLibraryData,
+                glob_cls=OrgContentLibraryGlobData,
+                get_permission=get_permission,
+                queryset_builder=self._get_libraries_queryset,
+                extract_ids=lambda scopes: {
+                    (s.external_key.split(":")[1], s.external_key.split(":")[2]) for s in scopes
+                },
                 search=search,
                 org=org,
             )