feat: add delete method and refactor the code

openedx/core/djangoapps/enrollments/tests/test_views.py

@@ -1851,6 +1851,7 @@ def setUp(self):
         self.staff_token = api_settings.JWT_ENCODE_HANDLER(staff_payload)
         student_payload = api_settings.JWT_PAYLOAD_HANDLER(self.student1)
         self.student_token = api_settings.JWT_ENCODE_HANDLER(student_payload)
+        self.client.credentials(HTTP_AUTHORIZATION='JWT ' + self.staff_token)
         return super().setUp()
 
     @ddt.data(
@@ -1862,47 +1863,60 @@ def setUp(self):
     def test_post_enrollment_allowed(self, data, expected_result):
         """
         Expected results:
-        - If the request has the email and course_id, HTTP_201_CREATED.
-        - Else, HTTP_400_BAD_REQUEST.
+        - 201: If the request has email and course_id.
+        - 400: If the request has not.
         """
-        self.client.credentials(HTTP_AUTHORIZATION='JWT ' + self.staff_token)
         response = self.client.post(self.url, data)
         assert response.status_code == expected_result
 
     def test_post_enrollment_allowed_without_staff(self):
         """
         Expected result:
-        - Get when I am not staff, HTTP_403_FORBIDDEN.
+        - 403: Get when I am not staff.
         """
         self.client.credentials(HTTP_AUTHORIZATION='JWT ' + self.student_token)
         response = self.client.post(self.url, self.data)
         assert response.status_code == status.HTTP_403_FORBIDDEN
 
-    @ddt.data(None, {"email": "new-student@example.com"})
-    def test_get_enrollment_allowed_empty(self, query_params):
+    def test_get_enrollment_allowed_empty(self):
         """
         Expected result:
-        - Get when I am staff, HTTP_200_OK.
+        - Get the enrollment allowed from the request.user.
         """
-        self.client.credentials(HTTP_AUTHORIZATION='JWT ' + self.staff_token)
-        response = self.client.get(self.url, query_params)
+        response = self.client.get(self.url)
         assert response.status_code == status.HTTP_200_OK
 
     def test_get_enrollment_allowed(self):
         """
         Expected result:
-        Get the course enrollment allows.
+        - Get the course enrollment allows.
         """
-        self.client.credentials(HTTP_AUTHORIZATION='JWT ' + self.staff_token)
         response = self.client.post(path=self.url, data=self.data)
         response = self.client.get(self.url, {"email": "new-student@example.com"})
         self.assertContains(response, 'new-student@example.com', status_code=status.HTTP_200_OK)
 
     def test_get_enrollment_allowed_without_staff(self):
         """
         Expected result:
-        - Get when I am not staff, HTTP_403_FORBIDDEN.
+        - 403: Get when I am not staff.
         """
         self.client.credentials(HTTP_AUTHORIZATION='JWT ' + self.student_token)
         response = self.client.get(self.url, {"email": "new-student@example.com"})
         assert response.status_code == status.HTTP_403_FORBIDDEN
+
+    @ddt.data(
+        [{'email': 'new-student@example.com', 'course_id': 'course-v1:edX+DemoX+Demo_Course'}, status.HTTP_204_NO_CONTENT],
+        [{'email': 'other-student@example.com', 'course_id': 'course-v1:edX+DemoX+Demo_Course'}, status.HTTP_404_NOT_FOUND],
+        [{'course_id': 'course-v1:edX+DemoX+Demo_Course'}, status.HTTP_400_BAD_REQUEST],
+    )
+    @ddt.unpack
+    def test_delete_enrollment_allowed(self, delete_data, expected_result):
+        """
+        Expected results:
+        - 204: Enrollment allowed deleted.
+        - 404: Not found, the course enrollment allowed doesn't exists.
+        - 400: Bad request, missing data.
+        """
+        self.client.post(self.url, self.data)
+        response = self.client.delete(self.url, delete_data)
+        assert response.status_code == expected_result

openedx/core/djangoapps/enrollments/views.py

@@ -50,11 +50,7 @@
 from openedx.core.djangoapps.user_api.models import UserRetirementStatus
 from openedx.core.djangoapps.user_api.preferences.api import update_email_opt_in
 from openedx.core.lib.api.authentication import BearerAuthenticationAllowInactiveUser
-from openedx.core.lib.api.permissions import (
-    ApiKeyHeaderPermission,
-    ApiKeyHeaderPermissionIsAuthenticated,
-    IsStaffOrOwner
-)
+from openedx.core.lib.api.permissions import ApiKeyHeaderPermission, ApiKeyHeaderPermissionIsAuthenticated
 from openedx.core.lib.api.view_utils import DeveloperErrorViewMixin
 from openedx.core.lib.exceptions import CourseNotFoundError
 from openedx.core.lib.log_utils import audit_log
@@ -1004,21 +1000,21 @@ class EnrollmentAllowedView(APIView):
     authentication_classes = (
         JwtAuthentication,
     )
-    permission_classes = (IsStaffOrOwner,)
+    permission_classes = (permissions.IsAdminUser,)
     throttle_classes = (EnrollmentUserThrottle,)
     serializer_class = CourseEnrollmentAllowedSerializer
 
     def get(self, request):
         """
-        Returns the enrollment alloweds for a given user email.
+        Returns the enrollments allowed for a given user email.
 
         **Example Requests**
 
         GET /api/enrollment/v1/enrollment_allowed?email=user@example.com
 
         **Parameters**
 
-        - `email` (optional, string, _query_params_)
+        - `email` (optional, string, _query_params_) - defaults to the calling user if not provided.
 
         **Responses**
         - 200: Success.
@@ -1028,12 +1024,12 @@ def get(self, request):
         if not user_email:
             user_email = request.user.email
 
-        enrollments = CourseEnrollmentAllowed.objects.filter(email=user_email) or []
-        serialized_enrollments = [CourseEnrollmentAllowedSerializer(enrollment).data for enrollment in enrollments]
+        enrollments_allowed = CourseEnrollmentAllowed.objects.filter(email=user_email) or []
+        serialized_enrollments_allowed = [CourseEnrollmentAllowedSerializer(enrollment).data for enrollment in enrollments_allowed]
 
         return Response(
             status=status.HTTP_200_OK,
-            data=serialized_enrollments
+            data=serialized_enrollments_allowed
         )
 
     def post(self, request):
@@ -1055,7 +1051,7 @@ def post(self, request):
 
         **Parameters**
 
-        - `email` (**required**, string, _body_) - defaults to the calling user if not provided.
+        - `email` (**required**, string, _body_)
 
         - `course_id` (**required**, string, _body_)
 
@@ -1067,27 +1063,13 @@ def post(self, request):
         - 403: Forbidden, you need to be staff.
         - 409: Conflict, enrollment allowed already exists.
         """
-        email = request.data.get('email')
-        course_id = request.data.get('course_id')
+        is_bad_request_response, email, course_id = self.check_required_data(request)
         auto_enroll = request.data.get('auto_enroll', False)
-
-        if not email:
-            return Response(
-                status=status.HTTP_400_BAD_REQUEST,
-                data={
-                    "message": "Please provide a value for 'email' in the request data."
-                }
-            )
-        elif not course_id:
-            return Response(
-                status=status.HTTP_400_BAD_REQUEST,
-                data={
-                    "message": "Please provide a value for 'course_id' in the request data."
-                }
-            )
+        if is_bad_request_response:
+            return is_bad_request_response
 
         try:
-            enrollment = CourseEnrollmentAllowed.objects.create(
+            enrollment_allowed = CourseEnrollmentAllowed.objects.create(
                 email=email,
                 course_id=course_id,
                 auto_enroll=auto_enroll
@@ -1100,8 +1082,69 @@ def post(self, request):
                 }
             )
 
-        serializer = CourseEnrollmentAllowedSerializer(enrollment)
+        serializer = CourseEnrollmentAllowedSerializer(enrollment_allowed)
         return Response(
             status=status.HTTP_201_CREATED,
             data=serializer.data
         )
+
+    def delete(self, request):
+        """
+        Deletes an enrollment allowed for a given user email and course id.
+
+        **Example Request**
+
+        DELETE /api/enrollment/v1/enrollment_allowed
+
+        Example request data:
+        ```
+        {
+            "email": "user@example.com",
+            "course_id": "course-v1:edX+DemoX+Demo_Course"
+        }
+        ```
+
+        **Parameters**
+
+        - `email` (**required**, string, _body_)
+
+        - `course_id` (**required**, string, _body_)
+
+        **Responses**
+        - 204: Enrollment allowed deleted.
+        - 400: Bad request, missing data.
+        - 403: Forbidden, you need to be staff.
+        - 404: Not found, the course enrollment allowed doesn't exists.
+        """
+        is_bad_request_response, email, course_id = self.check_required_data(request)
+        if is_bad_request_response:
+            return is_bad_request_response
+
+        try:
+            CourseEnrollmentAllowed.objects.get(
+                email=email,
+                course_id=course_id
+            ).delete()
+            return Response(
+                status=status.HTTP_204_NO_CONTENT,
+            )
+        except ObjectDoesNotExist:
+            return Response(
+                status=status.HTTP_404_NOT_FOUND,
+                data={
+                    'message': f"An enrollment allowed with email {email} and course {course_id} doesn't exists."
+                }
+            )
+
+    def check_required_data(self, request):
+        email = request.data.get('email')
+        course_id = request.data.get('course_id')
+        if not email or not course_id:
+            is_bad_request = Response(
+                status=status.HTTP_400_BAD_REQUEST,
+                data={
+                    "message": "Please provide a value for 'email' and 'course_id' in the request data."
+                })
+        else:
+            is_bad_request = None
+        return (is_bad_request, email, course_id)