test: add more test cases

BryanttV · BryanttV · commit 3e7b441e30b3 · 2026-03-19T19:05:12.000-05:00
diff --git a/openedx_authz/settings/common.py b/openedx_authz/settings/common.py
@@ -50,6 +50,10 @@ def plugin_settings(settings):
     if not hasattr(settings, "OPENEDX_AUTHZ_COURSE_OVERVIEW_MODEL"):
         settings.OPENEDX_AUTHZ_COURSE_OVERVIEW_MODEL = "course_overviews.CourseOverview"
 
+    # Set default Organization model for swappable dependency
+    if not hasattr(settings, "OPENEDX_AUTHZ_ORGANIZATION_MODEL"):
+        settings.OPENEDX_AUTHZ_ORGANIZATION_MODEL = "organizations.Organization"
+
     # Set default CASBIN_LOG_LEVEL if not already set.
     # This setting defines the logging level for the Casbin enforcer.
     if not hasattr(settings, "CASBIN_LOG_LEVEL"):
diff --git a/openedx_authz/tests/api/test_data.py b/openedx_authz/tests/api/test_data.py
@@ -3,7 +3,7 @@
 from unittest.mock import Mock, patch
 
 from ddt import data, ddt, unpack
-from django.test import TestCase, override_settings
+from django.test import TestCase
 from opaque_keys.edx.locator import LibraryLocatorV2
 
 from openedx_authz.api.data import (
@@ -717,7 +717,6 @@ def test_exists_returns_false_when_library_does_not_exist(self, mock_content_lib
 
 
 @ddt
-@override_settings(OPENEDX_AUTHZ_CONTENT_LIBRARY_MODEL="content_libraries.ContentLibrary")
 class TestOrgContentLibraryGlobData(TestCase):
     """Tests for the OrgContentLibraryGlobData scope."""
 
@@ -737,6 +736,7 @@ class TestOrgContentLibraryGlobData(TestCase):
         ("lib:Org+WithPlus:*", False),
         ("lib:(Org):*", False),
         ("lib:Org", False),
+        ("lib:Org*", False),
         ("other:DemoX:*", False),
         ("lib:DemoX:*:*", False),
     )
@@ -752,14 +752,17 @@ def test_validate_external_key(self, external_key, expected_valid):
         ("lib:Org:With:Colon:*", "Org:With:Colon"),
         ("lib:DemoX", None),
         ("lib:DemoX:+*", None),
+        ("lib:DemoX*", None),
+        ("lib:DemoX:**", None),
+        ("lib:DemoX:suffix", None),
     )
     @unpack
     def test_get_org(self, external_key, expected_org):
         """Test organization extraction from library glob pattern."""
         self.assertEqual(OrgContentLibraryGlobData.get_org(external_key), expected_org)
 
-    def test_exists_true_when_org_has_libraries_in_db(self):
-        """exists() returns True when at least one library with the org exists in the DB."""
+    def test_exists_true_when_org_exists(self):
+        """exists() returns True when the org exists."""
         org_name = "DemoX"
         organization = Organization.objects.create(short_name=org_name)
         ContentLibrary.objects.create(org=organization, slug="testlib", title="Test Library")
@@ -768,8 +771,8 @@ def test_exists_true_when_org_has_libraries_in_db(self):
 
         self.assertTrue(result)
 
-    def test_exists_false_when_org_does_not_exist_in_db(self):
-        """exists() returns False when the org does not exist in the DB."""
+    def test_exists_false_when_org_does_not_exist(self):
+        """exists() returns False when the org does not exist."""
         org_name = "DemoX"
 
         result = OrgContentLibraryGlobData(external_key=f"lib:{org_name}:*").exists()
@@ -785,7 +788,6 @@ def test_exists_false_when_org_cannot_be_parsed(self):
 
 
 @ddt
-@override_settings(OPENEDX_AUTHZ_COURSE_OVERVIEW_MODEL="course_overviews.CourseOverview")
 class TestOrgCourseOverviewGlobData(TestCase):
     """Tests for the OrgCourseOverviewGlobData scope."""
 
@@ -806,6 +808,7 @@ class TestOrgCourseOverviewGlobData(TestCase):
         ("course-v1:(Org)+*", False),
         ("course-v1:Org:With:Plus+*", False),
         ("course-v1:OpenedX", False),
+        ("course-v1:OpenedX*", False),
         ("other:OpenedX+*", False),
         ("course-v1:OpenedX**", False),
     )
@@ -819,14 +822,18 @@ def test_validate_external_key(self, external_key, expected_valid):
         ("course-v1:My-Org_1+*", "My-Org_1"),
         ("course-v1:Org.with.dots+*", "Org.with.dots"),
         ("course-v1:Org:With:Plus+*", "Org:With:Plus"),
+        ("course-v1:OpenedX", None),
+        ("course-v1:OpenedX*", None),
+        ("course-v1:OpenedX+**", None),
+        ("course-v1:OpenedX+suffix", None),
     )
     @unpack
     def test_get_org(self, external_key, expected_org):
         """Test organization extraction from course glob pattern."""
         self.assertEqual(OrgCourseOverviewGlobData.get_org(external_key), expected_org)
 
-    def test_exists_true_when_org_has_courses(self):
-        """exists() returns True when at least one course with the org exists."""
+    def test_exists_true_when_org_exists(self):
+        """exists() returns True when the org exists."""
         org_name = "OpenedX"
         Organization.objects.create(short_name=org_name)
         CourseOverview.objects.create(org=org_name, display_name="Test Course")
diff --git a/pii_report/None20260320-000409.yaml b/pii_report/None20260320-000409.yaml
@@ -0,0 +1,266 @@
+.annotation_safe_list.yml:
+- annotation_data: This model has no PII
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: '{''.. no_pii:'': ''This model has no PII''}'
+    object_id: sessions.Session
+  filename: .annotation_safe_list.yml
+  found_by: safelist
+  line_number: 0
+  report_group_id: 1
+- annotation_data: This model has no PII
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: '{''.. no_pii:'': ''This model has no PII''}'
+    object_id: contenttypes.ContentType
+  filename: .annotation_safe_list.yml
+  found_by: safelist
+  line_number: 0
+  report_group_id: 2
+- annotation_data: This model has no PII
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: '{''.. no_pii:'': ''This model has no PII''}'
+    object_id: auth.Permission
+  filename: .annotation_safe_list.yml
+  found_by: safelist
+  line_number: 0
+  report_group_id: 3
+- annotation_data: This model stores authorization policy rules and contains no PII
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: '{''.. no_pii:'': ''This model stores authorization policy rules
+      and contains no PII''}'
+    object_id: casbin_adapter.CasbinRule
+  filename: .annotation_safe_list.yml
+  found_by: safelist
+  line_number: 0
+  report_group_id: 4
+- annotation_data: This model has no PII
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: '{''.. no_pii:'': ''This model has no PII''}'
+    object_id: admin.LogEntry
+  filename: .annotation_safe_list.yml
+  found_by: safelist
+  line_number: 0
+  report_group_id: 5
+- annotation_data: This model minimally contains a username, password, and email
+  annotation_token: .. pii
+  extra:
+    full_comment: '{''.. pii'': ''This model minimally contains a username, password,
+      and email'', ''.. pii_types'': ''username, email_address, password'', ''.. pii_retirement'':
+      ''consumer_api''}'
+    object_id: auth.User
+  filename: .annotation_safe_list.yml
+  found_by: safelist
+  line_number: 0
+  report_group_id: 6
+- annotation_data: username, email_address, password
+  annotation_token: .. pii_types
+  extra:
+    full_comment: '{''.. pii'': ''This model minimally contains a username, password,
+      and email'', ''.. pii_types'': ''username, email_address, password'', ''.. pii_retirement'':
+      ''consumer_api''}'
+    object_id: auth.User
+  filename: .annotation_safe_list.yml
+  found_by: safelist
+  line_number: 0
+  report_group_id: 6
+- annotation_data: consumer_api
+  annotation_token: .. pii_retirement
+  extra:
+    full_comment: '{''.. pii'': ''This model minimally contains a username, password,
+      and email'', ''.. pii_types'': ''username, email_address, password'', ''.. pii_retirement'':
+      ''consumer_api''}'
+    object_id: auth.User
+  filename: .annotation_safe_list.yml
+  found_by: safelist
+  line_number: 0
+  report_group_id: 6
+- annotation_data: This model has no PII
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: '{''.. no_pii:'': ''This model has no PII''}'
+    object_id: auth.Group
+  filename: .annotation_safe_list.yml
+  found_by: safelist
+  line_number: 0
+  report_group_id: 7
+/home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/models/core.py:
+- annotation_data: ''
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: "Model representing a scope in the authorization system.\n\n   \
+      \ .. no_pii:\n\n    This model can be extended to represent different types\
+      \ of scopes,\n    such as courses or content libraries.\n\n    Subclasses should\
+      \ define a NAMESPACE class attribute (e.g., 'lib' for content libraries)\n \
+      \   and implement get_or_create_for_external_key() classmethod."
+    object_id: openedx_authz.Scope
+  filename: /home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/models/core.py
+  found_by: django
+  line_number: 105
+  report_group_id: 12
+- annotation_data: ''
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: "Extended model for Casbin rules to store additional metadata.\n\
+      \n    .. no_pii:\n\n    This model extends the CasbinRule model provided by\
+      \ the casbin_adapter\n    package to include additional fields for storing metadata\
+      \ about each rule."
+    object_id: openedx_authz.ExtendedCasbinRule
+  filename: /home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/models/core.py
+  found_by: django
+  line_number: 141
+  report_group_id: 13
+- annotation_data: ''
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: "Model representing a subject in the authorization system.\n\n \
+      \   .. no_pii:\n\n    This model can be extended to represent different types\
+      \ of subjects,\n    such as users or groups.\n\n    Subclasses should define\
+      \ a NAMESPACE class attribute (e.g., 'user' for users)\n    and implement get_or_create_for_external_key()\
+      \ classmethod."
+    object_id: openedx_authz.Subject
+  filename: /home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/models/core.py
+  found_by: django
+  line_number: 123
+  report_group_id: 14
+/home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/models/engine.py:
+- annotation_data: ''
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: "Model to control policy cache invalidation.\n\n    This model can\
+      \ be used to trigger cache invalidation for authorization policies\n    by changing\
+      \ the version. Whenever this model is updated, the authorization\n    engine\
+      \ should invalidate its cached policies.\n\n    .. no_pii:"
+    object_id: openedx_authz.PolicyCacheControl
+  filename: /home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/models/engine.py
+  found_by: django
+  line_number: 8
+  report_group_id: 20
+/home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/models/scopes.py:
+- annotation_data: ''
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: "Scope representing a content library in the authorization system.\n\
+      \n    .. no_pii:"
+    object_id: openedx_authz.ContentLibraryScope
+  filename: /home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/models/scopes.py
+  found_by: django
+  line_number: 76
+  report_group_id: 8
+- annotation_data: ''
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: "Model representing a scope in the authorization system.\n\n   \
+      \ .. no_pii:\n\n    This model can be extended to represent different types\
+      \ of scopes,\n    such as courses or content libraries.\n\n    Subclasses should\
+      \ define a NAMESPACE class attribute (e.g., 'lib' for content libraries)\n \
+      \   and implement get_or_create_for_external_key() classmethod."
+    object_id: openedx_authz.ContentLibraryScope
+  filename: /home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/models/core.py
+  found_by: django
+  line_number: 105
+  report_group_id: 9
+- annotation_data: ''
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: "Scope representing a course in the authorization system.\n\n  \
+      \  .. no_pii:"
+    object_id: openedx_authz.CourseScope
+  filename: /home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/models/scopes.py
+  found_by: django
+  line_number: 120
+  report_group_id: 10
+- annotation_data: ''
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: "Model representing a scope in the authorization system.\n\n   \
+      \ .. no_pii:\n\n    This model can be extended to represent different types\
+      \ of scopes,\n    such as courses or content libraries.\n\n    Subclasses should\
+      \ define a NAMESPACE class attribute (e.g., 'lib' for content libraries)\n \
+      \   and implement get_or_create_for_external_key() classmethod."
+    object_id: openedx_authz.CourseScope
+  filename: /home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/models/core.py
+  found_by: django
+  line_number: 105
+  report_group_id: 11
+/home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/models/subjects.py:
+- annotation_data: ''
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: "Subject representing a user in the authorization system.\n\n  \
+      \  .. no_pii:"
+    object_id: openedx_authz.UserSubject
+  filename: /home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/models/subjects.py
+  found_by: django
+  line_number: 16
+  report_group_id: 21
+- annotation_data: ''
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: "Model representing a subject in the authorization system.\n\n \
+      \   .. no_pii:\n\n    This model can be extended to represent different types\
+      \ of subjects,\n    such as users or groups.\n\n    Subclasses should define\
+      \ a NAMESPACE class attribute (e.g., 'user' for users)\n    and implement get_or_create_for_external_key()\
+      \ classmethod."
+    object_id: openedx_authz.UserSubject
+  filename: /home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/models/core.py
+  found_by: django
+  line_number: 123
+  report_group_id: 22
+/home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/tests/stubs/models.py:
+- annotation_data: ''
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: "Stub model representing an organization for testing purposes.\n\
+      \n    .. no_pii:"
+    object_id: stubs.Organization
+  filename: /home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/tests/stubs/models.py
+  found_by: django
+  line_number: 15
+  report_group_id: 15
+- annotation_data: ''
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: "Stub model representing legacy content library permissions for\
+      \ testing purposes.\n\n    .. no_pii:"
+    object_id: stubs.ContentLibraryPermission
+  filename: /home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/tests/stubs/models.py
+  found_by: django
+  line_number: 69
+  report_group_id: 16
+- annotation_data: ''
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: "Maps users to org, courses, and roles. Used by student.roles.CourseRole\
+      \ and OrgRole.\n    To establish a user as having a specific role over all courses\
+      \ in the org, create an entry\n    without a course_id.\n\n    .. no_pii:"
+    object_id: stubs.CourseAccessRole
+  filename: /home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/tests/stubs/models.py
+  found_by: django
+  line_number: 165
+  report_group_id: 17
+- annotation_data: ''
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: "Stub model representing a course overview for testing purposes.\n\
+      \n    This model contains basic course metadata such as an ID, display name,\
+      \ and organization.\n    It is used to link CourseScope instances to actual\
+      \ courses in the system.\n\n    .. no_pii:"
+    object_id: stubs.CourseOverview
+  filename: /home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/tests/stubs/models.py
+  found_by: django
+  line_number: 94
+  report_group_id: 18
+- annotation_data: ''
+  annotation_token: '.. no_pii:'
+  extra:
+    full_comment: "Stub model representing a content library for testing purposes.\n\
+      \n    .. no_pii:"
+    object_id: stubs.ContentLibrary
+  filename: /home/bryanttv/edunext/tutor/main-rbac/extra-deps/openedx-authz/openedx_authz/tests/stubs/models.py
+  found_by: django
+  line_number: 50
+  report_group_id: 19
