fix: Cannot rerun courses - authz role assignment expects rerun to already exist#38840
fix: Cannot rerun courses - authz role assignment expects rerun to already exist#38840rodmgwgu wants to merge 1 commit into
Conversation
|
Thanks for the pull request, @rodmgwgu! This repository is currently maintained by Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review. 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. DetailsWhere can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources: When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
Fixes: #38826
Description
Fixes course rerun failure when the
authz.enable_course_authoringflag is enabled.When the flag is active, the
add_instructorcall inrerun_coursefails because the openedx-authz module requires aCourseOverviewinstance to exist in order to create aScope. At the point whereadd_instructoris called, the destination course hasn't been cloned yet, so noCourseOverviewexists.The original purpose of calling
add_instructorbefore the Celery task was to grant the user immediate Studio access so they could monitor the rerun progress viaCourseRerunState.This PR addresses the issue with the following approach:
When
authz.enable_course_authoringis enabled: Skip the pre-taskadd_instructorcall entirely (since it would fail and legacy roles shouldn't exist when authz is enabled). Instead, grant visibility of the in-process rerun status by checkingCourseRerunState.created_user— the user who initiated the rerun can always see its status. The proper authz-compatible permissions are established inside the Celery task afterclone_coursecompletes (at which pointCourseOverviewcan be generated).When
authz.enable_course_authoringis disabled: The existing behavior is preserved —add_instructoris called pre-task using the legacy path (CourseAccessRole.objects.get_or_create), which is idempotent.The
add_instructorcall added inside the rerun task runs afterclone_course, where the course exists in the modulestore andCourseOverviewcan be resolved. This works correctly for both flag states sinceadd_usersroutes to the appropriate implementation based on the flag.Impacted roles: Course Admin, Superuser.
Supporting information
Related issue: #38826
Relevant Traceback:
Files changed:
cms/djangoapps/contentstore/views/course.py— Conditionaladd_instructorskip +created_uservisibility checkcms/djangoapps/contentstore/tasks.py—add_instructorcall afterclone_courseTesting instructions
authz.enable_course_authoringflag globally.CourseOverview.DoesNotExisterror.authz.enable_course_authoringand repeat steps 2–5 to confirm the legacy path still works correctly.Deadline
Verawood release
Other information
_legacy_add_userspath usesget_or_create, so callingadd_instructorboth pre-task and in-task (when the flag is disabled) does not produce duplicateCourseAccessRolerecords.created_usercheck inget_in_process_course_actionsis a minimal, safe addition —CourseRerunStatealready stores the initiating user, and this simply allows them to see their own rerun's status without requiring course-level permissions that can't yet exist.