Skip to content

fix: authz compat layer was failing on libraries v2 keys#38131

Merged
wgu-taylor-payne merged 6 commits intoopenedx:masterfrom
WGU-Open-edX:rod/fix-compat
Mar 11, 2026
Merged

fix: authz compat layer was failing on libraries v2 keys#38131
wgu-taylor-payne merged 6 commits intoopenedx:masterfrom
WGU-Open-edX:rod/fix-compat

Conversation

@rodmgwgu
Copy link
Contributor

@rodmgwgu rodmgwgu commented Mar 9, 2026
edited
Loading

Description

Follow up on #38013

The code on the RBAC AuthZ compatibility layer for course authoring was querying for all roles assigned to a user, which also included library v2 permissions, which the CourseKey class was not expecting and causing an exception.

Added filtering so only courses-v1 role assignments are returned.

Supporting information

Bug reported by @BryanttV

Testing instructions

  1. Create a new non-admin user
  2. Create a new empty library
  3. As an admin, go to the library > Manage Library Team and add the non-admin user as a "Library Contributor"
  4. Before applying the fix, login as the non-admin user in studio and try to go to the library, the library contents won't load and you should see the following error in the CMS logs:
cms-1  | 2026-03-10 21:19:39,333 INFO 35 [tracking] [user 5] [ip 140.82.114.4] logger.py:41 - {"name": "/api/content_search/v2/studio/", "context": {"user_id": 5, "path": "/api/content_search/v2/studio/", "course_id": "", "org_id": "", "enterprise_uuid": ""}, "username": "contributor", "session": "052e9ad37a2b4d793827c130992a3ff9", "ip": "140.82.114.4", "agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36", "host": "studio.local.openedx.io:8001", "referer": "http://apps.local.openedx.io:2001/", "accept_language": "en-US,en;q=0.9", "event": "{\"GET\": {}, \"POST\": {}}", "time": "2026-03-10T21:19:39.333686+00:00", "event_type": "/api/content_search/v2/studio/", "event_source": "server", "page": null}
cms-1  | 2026-03-10 21:19:39,356 ERROR 35 [root] [user None] [ip None] signals.py:22 - Uncaught exception from None
cms-1  | Traceback (most recent call last):
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/roles.py", line 234, in __init__
cms-1  |     self._roles_by_course_id = BulkRoleCache.get_user_roles(user)
cms-1  |                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/roles.py", line 215, in get_user_roles
cms-1  |     return get_cache(cls.CACHE_NAMESPACE)[cls.CACHE_KEY][user.id]
cms-1  |            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
cms-1  | KeyError: 'roles_by_user'
cms-1  |
cms-1  | During handling of the above exception, another exception occurred:
cms-1  |
cms-1  | Traceback (most recent call last):
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/opaque_keys/__init__.py", line 238, in get_namespace_plugin
cms-1  |     return drivers[namespace].plugin
cms-1  |            ~~~~~~~^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/stevedore/extension.py", line 452, in __getitem__
cms-1  |     return self._extensions_by_name[name]
cms-1  |            ~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^
cms-1  | KeyError: 'lib'
cms-1  |
cms-1  | The above exception was the direct cause of the following exception:
cms-1  |
cms-1  | Traceback (most recent call last):
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/opaque_keys/__init__.py", line 190, in from_string
cms-1  |     key_class = cls.get_namespace_plugin(namespace)
cms-1  |                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/opaque_keys/__init__.py", line 243, in get_namespace_plugin
cms-1  |     raise InvalidKeyError(cls, f'{namespace}:*') from error
cms-1  | opaque_keys.InvalidKeyError: <class 'opaque_keys.edx.keys.CourseKey'>: lib:*
cms-1  |
cms-1  | During handling of the above exception, another exception occurred:
cms-1  |
cms-1  | Traceback (most recent call last):
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/django/core/handlers/exception.py", line 55, in inner
cms-1  |     response = get_response(request)
cms-1  |                ^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/django/core/handlers/base.py", line 197, in _get_response
cms-1  |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
cms-1  |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/opt/pyenv/versions/3.12.12/lib/python3.12/contextlib.py", line 81, in inner
cms-1  |     return func(*args, **kwds)
cms-1  |            ^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/django/views/decorators/csrf.py", line 65, in _view_wrapper
cms-1  |     return view_func(request, *args, **kwargs)
cms-1  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/django/views/generic/base.py", line 105, in view
cms-1  |     return self.dispatch(request, *args, **kwargs)
cms-1  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/rest_framework/views.py", line 515, in dispatch
cms-1  |     response = self.handle_exception(exc)
cms-1  |                ^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/rest_framework/views.py", line 475, in handle_exception
cms-1  |     self.raise_uncaught_exception(exc)
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/rest_framework/views.py", line 486, in raise_uncaught_exception
cms-1  |     raise exc
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/rest_framework/views.py", line 512, in dispatch
cms-1  |     response = handler(request, *args, **kwargs)
cms-1  |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/djangoapps/content/search/views.py", line 34, in get
cms-1  |     response_data = api.generate_user_token_for_studio_search(request)
cms-1  |                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/djangoapps/content/search/api.py", line 973, in generate_user_token_for_studio_search
cms-1  |     STUDIO_INDEX_NAME: _get_meili_access_filter(request),
cms-1  |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/djangoapps/content/search/api.py", line 957, in _get_meili_access_filter
cms-1  |     user_orgs = _get_user_orgs(request)[:MAX_ORGS_IN_FILTER]
cms-1  |                 ^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/djangoapps/content/search/api.py", line 940, in _get_user_orgs
cms-1  |     course_roles = get_course_roles(request.user)
cms-1  |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/lib/cache_utils.py", line 74, in decorator
cms-1  |     result = wrapped(*args, **kwargs)
cms-1  |              ^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/role_helpers.py", line 77, in get_course_roles
cms-1  |     role_cache = get_role_cache(user)
cms-1  |                  ^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/lib/cache_utils.py", line 74, in decorator
cms-1  |     result = wrapped(*args, **kwargs)
cms-1  |              ^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/role_helpers.py", line 64, in get_role_cache
cms-1  |     user._roles = RoleCache(user)
cms-1  |                   ^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/roles.py", line 239, in __init__
cms-1  |     compat_roles = get_authz_compat_course_access_roles_for_user(user)
cms-1  |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/roles.py", line 144, in get_authz_compat_course_access_roles_for_user
cms-1  |     parsed_key = CourseKey.from_string(course_key)
cms-1  |                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/opaque_keys/__init__.py", line 198, in from_string
cms-1  |     return cls.deprecated_fallback._from_deprecated_string(serialized)  # type: ignore
cms-1  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/opaque_keys/edx/locator.py", line 403, in _from_deprecated_string
cms-1  |     raise InvalidKeyError(cls, serialized)
cms-1  | opaque_keys.InvalidKeyError: <class 'opaque_keys.edx.locator.CourseLocator'>: lib:WGU:CSPROB
cms-1  | Internal Server Error: /api/content_search/v2/studio/
cms-1  | Traceback (most recent call last):
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/roles.py", line 234, in __init__
cms-1  |     self._roles_by_course_id = BulkRoleCache.get_user_roles(user)
cms-1  |                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/roles.py", line 215, in get_user_roles
cms-1  |     return get_cache(cls.CACHE_NAMESPACE)[cls.CACHE_KEY][user.id]
cms-1  |            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
cms-1  | KeyError: 'roles_by_user'
cms-1  |
cms-1  | During handling of the above exception, another exception occurred:
cms-1  |
cms-1  | Traceback (most recent call last):
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/opaque_keys/__init__.py", line 238, in get_namespace_plugin
cms-1  |     return drivers[namespace].plugin
cms-1  |            ~~~~~~~^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/stevedore/extension.py", line 452, in __getitem__
cms-1  |     return self._extensions_by_name[name]
cms-1  |            ~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^
cms-1  | KeyError: 'lib'
cms-1  |
cms-1  | The above exception was the direct cause of the following exception:
cms-1  |
cms-1  | Traceback (most recent call last):
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/opaque_keys/__init__.py", line 190, in from_string
cms-1  |     key_class = cls.get_namespace_plugin(namespace)
cms-1  |                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/opaque_keys/__init__.py", line 243, in get_namespace_plugin
cms-1  |     raise InvalidKeyError(cls, f'{namespace}:*') from error
cms-1  | opaque_keys.InvalidKeyError: <class 'opaque_keys.edx.keys.CourseKey'>: lib:*
cms-1  |
cms-1  | During handling of the above exception, another exception occurred:
cms-1  |
cms-1  | Traceback (most recent call last):
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/django/core/handlers/exception.py", line 55, in inner
cms-1  |     response = get_response(request)
cms-1  |                ^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/django/core/handlers/base.py", line 197, in _get_response
cms-1  |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
cms-1  |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/opt/pyenv/versions/3.12.12/lib/python3.12/contextlib.py", line 81, in inner
cms-1  |     return func(*args, **kwds)
cms-1  |            ^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/django/views/decorators/csrf.py", line 65, in _view_wrapper
cms-1  |     return view_func(request, *args, **kwargs)
cms-1  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/django/views/generic/base.py", line 105, in view
cms-1  |     return self.dispatch(request, *args, **kwargs)
cms-1  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/rest_framework/views.py", line 515, in dispatch
cms-1  |     response = self.handle_exception(exc)
cms-1  |                ^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/rest_framework/views.py", line 475, in handle_exception
cms-1  |     self.raise_uncaught_exception(exc)
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/rest_framework/views.py", line 486, in raise_uncaught_exception
cms-1  |     raise exc
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/rest_framework/views.py", line 512, in dispatch
cms-1  |     response = handler(request, *args, **kwargs)
cms-1  |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/djangoapps/content/search/views.py", line 34, in get
cms-1  |     response_data = api.generate_user_token_for_studio_search(request)
cms-1  |                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/djangoapps/content/search/api.py", line 973, in generate_user_token_for_studio_search
cms-1  |     STUDIO_INDEX_NAME: _get_meili_access_filter(request),
cms-1  |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/djangoapps/content/search/api.py", line 957, in _get_meili_access_filter
cms-1  |     user_orgs = _get_user_orgs(request)[:MAX_ORGS_IN_FILTER]
cms-1  |                 ^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/djangoapps/content/search/api.py", line 940, in _get_user_orgs
cms-1  |     course_roles = get_course_roles(request.user)
cms-1  |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/lib/cache_utils.py", line 74, in decorator
cms-1  |     result = wrapped(*args, **kwargs)
cms-1  |              ^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/role_helpers.py", line 77, in get_course_roles
cms-1  |     role_cache = get_role_cache(user)
cms-1  |                  ^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/lib/cache_utils.py", line 74, in decorator
cms-1  |     result = wrapped(*args, **kwargs)
cms-1  |              ^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/role_helpers.py", line 64, in get_role_cache
cms-1  |     user._roles = RoleCache(user)
cms-1  |                   ^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/roles.py", line 239, in __init__
cms-1  |     compat_roles = get_authz_compat_course_access_roles_for_user(user)
cms-1  |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/roles.py", line 144, in get_authz_compat_course_access_roles_for_user
cms-1  |     parsed_key = CourseKey.from_string(course_key)
cms-1  |                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/opaque_keys/__init__.py", line 198, in from_string
cms-1  |     return cls.deprecated_fallback._from_deprecated_string(serialized)  # type: ignore
cms-1  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/opaque_keys/edx/locator.py", line 403, in _from_deprecated_string
cms-1  |     raise InvalidKeyError(cls, serialized)
cms-1  | opaque_keys.InvalidKeyError: <class 'opaque_keys.edx.locator.CourseLocator'>: lib:WGU:CSPROB
cms-1  | 2026-03-10 21:19:39,399 ERROR 35 [django.request] [user None] [ip None] log.py:253 - Internal Server Error: /api/content_search/v2/studio/
cms-1  | Traceback (most recent call last):
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/roles.py", line 234, in __init__
cms-1  |     self._roles_by_course_id = BulkRoleCache.get_user_roles(user)
cms-1  |                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/roles.py", line 215, in get_user_roles
cms-1  |     return get_cache(cls.CACHE_NAMESPACE)[cls.CACHE_KEY][user.id]
cms-1  |            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
cms-1  | KeyError: 'roles_by_user'
cms-1  |
cms-1  | During handling of the above exception, another exception occurred:
cms-1  |
cms-1  | Traceback (most recent call last):
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/opaque_keys/__init__.py", line 238, in get_namespace_plugin
cms-1  |     return drivers[namespace].plugin
cms-1  |            ~~~~~~~^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/stevedore/extension.py", line 452, in __getitem__
cms-1  |     return self._extensions_by_name[name]
cms-1  |            ~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^
cms-1  | KeyError: 'lib'
cms-1  |
cms-1  | The above exception was the direct cause of the following exception:
cms-1  |
cms-1  | Traceback (most recent call last):
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/opaque_keys/__init__.py", line 190, in from_string
cms-1  |     key_class = cls.get_namespace_plugin(namespace)
cms-1  |                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/opaque_keys/__init__.py", line 243, in get_namespace_plugin
cms-1  |     raise InvalidKeyError(cls, f'{namespace}:*') from error
cms-1  | opaque_keys.InvalidKeyError: <class 'opaque_keys.edx.keys.CourseKey'>: lib:*
cms-1  |
cms-1  | During handling of the above exception, another exception occurred:
cms-1  |
cms-1  | Traceback (most recent call last):
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/django/core/handlers/exception.py", line 55, in inner
cms-1  |     response = get_response(request)
cms-1  |                ^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/django/core/handlers/base.py", line 197, in _get_response
cms-1  |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
cms-1  |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/opt/pyenv/versions/3.12.12/lib/python3.12/contextlib.py", line 81, in inner
cms-1  |     return func(*args, **kwds)
cms-1  |            ^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/django/views/decorators/csrf.py", line 65, in _view_wrapper
cms-1  |     return view_func(request, *args, **kwargs)
cms-1  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/django/views/generic/base.py", line 105, in view
cms-1  |     return self.dispatch(request, *args, **kwargs)
cms-1  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/rest_framework/views.py", line 515, in dispatch
cms-1  |     response = self.handle_exception(exc)
cms-1  |                ^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/rest_framework/views.py", line 475, in handle_exception
cms-1  |     self.raise_uncaught_exception(exc)
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/rest_framework/views.py", line 486, in raise_uncaught_exception
cms-1  |     raise exc
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/rest_framework/views.py", line 512, in dispatch
cms-1  |     response = handler(request, *args, **kwargs)
cms-1  |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/djangoapps/content/search/views.py", line 34, in get
cms-1  |     response_data = api.generate_user_token_for_studio_search(request)
cms-1  |                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/djangoapps/content/search/api.py", line 973, in generate_user_token_for_studio_search
cms-1  |     STUDIO_INDEX_NAME: _get_meili_access_filter(request),
cms-1  |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/djangoapps/content/search/api.py", line 957, in _get_meili_access_filter
cms-1  |     user_orgs = _get_user_orgs(request)[:MAX_ORGS_IN_FILTER]
cms-1  |                 ^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/djangoapps/content/search/api.py", line 940, in _get_user_orgs
cms-1  |     course_roles = get_course_roles(request.user)
cms-1  |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/lib/cache_utils.py", line 74, in decorator
cms-1  |     result = wrapped(*args, **kwargs)
cms-1  |              ^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/role_helpers.py", line 77, in get_course_roles
cms-1  |     role_cache = get_role_cache(user)
cms-1  |                  ^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/openedx/core/lib/cache_utils.py", line 74, in decorator
cms-1  |     result = wrapped(*args, **kwargs)
cms-1  |              ^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/role_helpers.py", line 64, in get_role_cache
cms-1  |     user._roles = RoleCache(user)
cms-1  |                   ^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/roles.py", line 239, in __init__
cms-1  |     compat_roles = get_authz_compat_course_access_roles_for_user(user)
cms-1  |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/edx-platform/common/djangoapps/student/roles.py", line 144, in get_authz_compat_course_access_roles_for_user
cms-1  |     parsed_key = CourseKey.from_string(course_key)
cms-1  |                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/opaque_keys/__init__.py", line 198, in from_string
cms-1  |     return cls.deprecated_fallback._from_deprecated_string(serialized)  # type: ignore
cms-1  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
cms-1  |   File "/openedx/venv/lib/python3.12/site-packages/opaque_keys/edx/locator.py", line 403, in _from_deprecated_string
cms-1  |     raise InvalidKeyError(cls, serialized)
cms-1  | opaque_keys.InvalidKeyError: <class 'opaque_keys.edx.locator.CourseLocator'>: lib:WGU:CSPROB
cms-1  | [10/Mar/2026 21:19:39] "GET /api/contentstore/v1/course_waffle_flags/lib:WGU:CSPROB HTTP/1.1" 404 60130
cms-1  | [10/Mar/2026 21:19:39] "GET /api/content_search/v2/studio/ HTTP/1.1" 500 347472
  1. Apply the fix, login as the non-admin user in studio and go to the library, the library will load normally and the CMS logs will look like:
cms-1  | 2026-03-10 21:22:44,472 INFO 149 [tracking] [user 5] [ip 140.82.114.4] logger.py:41 - {"name": "/api/content_search/v2/studio/", "context": {"user_id": 5, "path": "/api/content_search/v2/studio/", "course_id": "", "org_id": "", "enterprise_uuid": ""}, "username": "contributor", "session": "052e9ad37a2b4d793827c130992a3ff9", "ip": "140.82.114.4", "agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36", "host": "studio.local.openedx.io:8001", "referer": "http://apps.local.openedx.io:2001/", "accept_language": "en-US,en;q=0.9", "event": "{\"GET\": {}, \"POST\": {}}", "time": "2026-03-10T21:22:44.472666+00:00", "event_type": "/api/content_search/v2/studio/", "event_source": "server", "page": null}
cms-1  | 2026-03-10 21:22:44,476 INFO 149 [tracking] [user 5] [ip 140.82.114.4] logger.py:41 - {"name": "/api/contentstore/v1/home", "context": {"user_id": 5, "path": "/api/contentstore/v1/home", "course_id": "", "org_id": "", "enterprise_uuid": ""}, "username": "contributor", "session": "052e9ad37a2b4d793827c130992a3ff9", "ip": "140.82.114.4", "agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36", "host": "studio.local.openedx.io:8001", "referer": "http://apps.local.openedx.io:2001/", "accept_language": "en-US,en;q=0.9", "event": "{\"GET\": {}, \"POST\": {}}", "time": "2026-03-10T21:22:44.476090+00:00", "event_type": "/api/contentstore/v1/home", "event_source": "server", "page": null}
cms-1  | 2026-03-10 21:22:44,493 INFO 149 [tracking] [user 5] [ip 140.82.114.4] logger.py:41 - {"name": "/api/libraries/v2/lib:WGU:CSPROB/", "context": {"user_id": 5, "path": "/api/libraries/v2/lib:WGU:CSPROB/", "course_id": "", "org_id": "", "enterprise_uuid": ""}, "username": "contributor", "session": "052e9ad37a2b4d793827c130992a3ff9", "ip": "140.82.114.4", "agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36", "host": "studio.local.openedx.io:8001", "referer": "http://apps.local.openedx.io:2001/", "accept_language": "en-US,en;q=0.9", "event": "{\"GET\": {}, \"POST\": {}}", "time": "2026-03-10T21:22:44.493144+00:00", "event_type": "/api/libraries/v2/lib:WGU:CSPROB/", "event_source": "server", "page": null}
cms-1  | [10/Mar/2026 21:22:44] "GET /api/content_search/v2/studio/ HTTP/1.1" 200 382
cms-1  | [10/Mar/2026 21:22:44] "GET /api/contentstore/v1/home HTTP/1.1" 200 905
cms-1  | [10/Mar/2026 21:22:44] "GET /api/libraries/v2/lib:WGU:CSPROB/ HTTP/1.1" 200 453

Deadline

Verawood release

@openedx-webhooks openedx-webhooks added open-source-contribution PR author is not from Axim or 2U core contributor PR author is a Core Contributor (who may or may not have write access to this repo). labels Mar 9, 2026
@openedx-webhooks
Copy link

openedx-webhooks commented Mar 9, 2026
edited
Loading

Thanks for the pull request, @rodmgwgu!

This repository is currently maintained by @openedx/wg-maintenance-openedx-platform.

Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review.

🔘 Get product approval

If you haven't already, check this list to see if your contribution needs to go through the product review process.

  • If it does, you'll need to submit a product proposal for your contribution, and have it reviewed by the Product Working Group.
    • This process (including the steps you'll need to take) is documented here.
  • If it doesn't, simply proceed with the next step.
🔘 Provide context

To help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:

  • Dependencies

    This PR must be merged before / after / at the same time as ...

  • Blockers

    This PR is waiting for OEP-1234 to be accepted.

  • Timeline information

    This PR must be merged by XX date because ...

  • Partner information

    This is for a course on edx.org.

  • Supporting documentation
  • Relevant Open edX discussion forum threads
🔘 Get a green build

If one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green.

Details
Where can I find more information?

If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:

When can I expect my changes to be merged?

Our goal is to get community contributions seen and reviewed as efficiently as possible.

However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:

  • The size and impact of the changes that it introduces
  • The need for product review
  • Maintenance status of the parent repository

💡 As a result it may take up to several weeks or months to complete a review and merge your PR.

@github-project-automation github-project-automation bot moved this to Needs Triage in Contributions Mar 9, 2026
@rodmgwgu rodmgwgu mentioned this pull request Mar 10, 2026
Merged
@rodmgwgu rodmgwgu marked this pull request as ready for review March 10, 2026 21:29
@rodmgwgu
Copy link
Contributor Author

rodmgwgu commented Mar 10, 2026

@BryanttV @farhan I was able to replicate the issue in my local and confirm that this fixes it.

wgu-taylor-payne
wgu-taylor-payne reviewed Mar 10, 2026
View reviewed changes
common/djangoapps/student/roles.py
filtered_assignments = [assignment for assignment in assignments if assignment.scope.NAMESPACE == 'course-v1']
return filtered_assignments

def get_org_from_key(key: str) -> str:
Copy link
Contributor

@wgu-taylor-payne wgu-taylor-payne Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we filter by the course-v1 namespace before calling this function in each case, is it worth keeping?

Copy link
Contributor Author

@rodmgwgu rodmgwgu Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've removed the Libraries V2 key parsing as it's not needed, but I've kept the function as I think it improves legibility on the implementation, what do you think?

common/djangoapps/student/roles.py Outdated
"""
assignments = authz_api.get_user_role_assignments(user_external_key=user.username)
# filter courses only
filtered_assignments = [assignment for assignment in assignments if assignment.scope.NAMESPACE == 'course-v1']
Copy link
Contributor

@wgu-taylor-payne wgu-taylor-payne Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I would lean towards checking the class instead. What do you think?

Suggested change
filtered_assignments = [assignment for assignment in assignments if assignment.scope.NAMESPACE == 'course-v1']
filtered_assignments = [assignment for assignment in assignments if isinstance(assignment.scope, CourseOverviewData)]

@farhan
Copy link
Contributor

farhan commented Mar 11, 2026

@BryanttV @farhan I was able to replicate the issue in my local and confirm that this fixes it.

Thanks for the early fix.
I have tested it locally, and the fix is working fine.

bmtcril
bmtcril reviewed Mar 11, 2026
View reviewed changes
Copy link
Contributor

@bmtcril bmtcril left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with Taylor's suggestions, and it would also be good to put in a test to make sure this does't pop up again in some later refactor. Seems like an easy mistake to make.

bmtcril
bmtcril reviewed Mar 11, 2026
View reviewed changes
Copy link
Contributor

@bmtcril bmtcril left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with Taylor's suggestions, and it would also be good to put in a test to make sure this does't pop up again in some later refactor. Seems like an easy mistake to make.

bmtcril
bmtcril approved these changes Mar 11, 2026
View reviewed changes
Copy link
Contributor

@bmtcril bmtcril left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@rodmgwgu rodmgwgu marked this pull request as draft March 11, 2026 16:23
@rodmgwgu
Copy link
Contributor Author

rodmgwgu commented Mar 11, 2026

I'm working on adding the test, will move back to ready for review once that is done

@rodmgwgu rodmgwgu marked this pull request as ready for review March 11, 2026 18:58
@rodmgwgu
Copy link
Contributor Author

rodmgwgu commented Mar 11, 2026

Test added, the PR is now ready for review, thanks!

BryanttV
BryanttV approved these changes Mar 11, 2026
View reviewed changes
Copy link
Contributor

@BryanttV BryanttV left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing this! LGTM

@wgu-taylor-payne wgu-taylor-payne merged commit 0b43e07 into openedx:master Mar 11, 2026
65 checks passed
@github-project-automation github-project-automation bot moved this from Needs Triage to Done in Contributions Mar 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wgu-taylor-payne wgu-taylor-payne wgu-taylor-payne approved these changes

@dwong2708 dwong2708 Awaiting requested review from dwong2708

@farhan farhan Awaiting requested review from farhan

@bmtcril bmtcril Awaiting requested review from bmtcril

+1 more reviewer

@BryanttV BryanttV BryanttV approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

core contributor PR author is a Core Contributor (who may or may not have write access to this repo). open-source-contribution PR author is not from Axim or 2U

Projects

Contributions
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@rodmgwgu @openedx-webhooks @farhan @BryanttV @bmtcril @wgu-taylor-payne