Skip to content

feat: Add enable_authz_course_authoring flag to course_waffle_flags endpoint#37990

Open
rodmgwgu wants to merge 1 commit intoopenedx:masterfrom
WGU-Open-edX:rod/authz_course_authoring_flag_api
Open

feat: Add enable_authz_course_authoring flag to course_waffle_flags endpoint#37990
rodmgwgu wants to merge 1 commit intoopenedx:masterfrom
WGU-Open-edX:rod/authz_course_authoring_flag_api

Conversation

@rodmgwgu
Copy link
Contributor

@rodmgwgu rodmgwgu commented Feb 9, 2026
edited
Loading

Description

Related issue: openedx/frontend-app-authoring#2831

As part of the AuthZ for Course Authoring project, a feature flag was added that allows enabling the new authorization engine selectively on specific courses, orgs or the whole instance.

In order to honor the new granular permissions in the frontend, the code at frontend-app-authoring will need to know if the flag is enabled for a specific course before querying for permissions to decide to show or hide parts of the UI.

This PR adds the value of the authz.enable_course_authoring Waffle flag to the /api/contentstore/v1/course_waffle_flags and /api/contentstore/v1/course_waffle_flags/(course_key) endpoints, which are currently used by the frontend for other flags.

Supporting information

Related issue: openedx/frontend-app-authoring#2831

Testing instructions

Flag enabled for a specific course:

  1. In the Django Admin, go to Home > Waffle_Utils > Waffle flag course overrides (/admin/waffle_utils/waffleflagcourseoverridemodel/)
  2. Click on "ADD WAFFLE FLAG COURSE OVERRIDE"
  3. Set Waffle flag to "authz.enable_course_authoring"
  4. Set Course id to the desired course key
  5. Set Override choice to "Force On"
  6. Check the "Enabled" box
  7. Click "Save"
  8. Do an authorized request to GET /api/contentstore/v1/course_waffle_flags
    • Response should have the following value: 
       {
 	...
 	"enable_authz_course_authoring": false
 }
  9. Do an authorized request to GET /api/contentstore/v1/course_waffle_flags/(desired course_key)
    • Response should have the following value: 
       {
 	...
 	"enable_authz_course_authoring": true
 }

Flag enabled for a specific ORG:

  1. Disable any other flag override you added before
  2. In the Django Admin, go to Home > Waffle_Utils > Add Waffle flag org override (/admin/waffle_utils/waffleflagorgoverridemodel/)
  3. Click on "ADD WAFFLE FLAG ORG OVERRIDE"
  4. Set Waffle flag to "authz.enable_course_authoring"
  5. Set Course id to the desired Org name matching the course you are using to test
  6. Set Override choice to "Force On"
  7. Check the "Enabled" box
  8. Click "Save"
  9. Do an authorized request to GET /api/contentstore/v1/course_waffle_flags
    • Response should have the following value: 
       {
 	...
 	"enable_authz_course_authoring": false
 }
  10. Do an authorized request to GET /api/contentstore/v1/course_waffle_flags/(desired course_key)
    - Response should have the following value: 
      {
  	...
  	"enable_authz_course_authoring": true
  }

Flag enabled globally:

  1. Disable any other flag override you added before
  2. In the Django Admin, go to Home > django-waffle > Flags (/admin/waffle/flag/)
  3. Click on ADD FLAG
  4. Set the Name to "authz.enable_course_authoring"
  5. Set Everyone: "Yes"
  6. Click "Save"
  7. Do an authorized request to GET /api/contentstore/v1/course_waffle_flags
    • Response should have the following value: 
       {
 	...
 	"enable_authz_course_authoring": true
 }
  8. Do an authorized request to GET /api/contentstore/v1/course_waffle_flags/(desired course_key)
    • Response should have the following value: 
       {
 	...
 	"enable_authz_course_authoring": true
 }

Deadline

Verawood release

@openedx-webhooks openedx-webhooks added open-source-contribution PR author is not from Axim or 2U core contributor PR author is a Core Contributor (who may or may not have write access to this repo). labels Feb 9, 2026
@openedx-webhooks
Copy link

openedx-webhooks commented Feb 9, 2026
edited
Loading

Thanks for the pull request, @rodmgwgu!

This repository is currently maintained by @openedx/wg-maintenance-openedx-platform.

Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review.

🔘 Get product approval

If you haven't already, check this list to see if your contribution needs to go through the product review process.

  • If it does, you'll need to submit a product proposal for your contribution, and have it reviewed by the Product Working Group.
    • This process (including the steps you'll need to take) is documented here.
  • If it doesn't, simply proceed with the next step.
🔘 Provide context

To help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:

  • Dependencies

    This PR must be merged before / after / at the same time as ...

  • Blockers

    This PR is waiting for OEP-1234 to be accepted.

  • Timeline information

    This PR must be merged by XX date because ...

  • Partner information

    This is for a course on edx.org.

  • Supporting documentation
  • Relevant Open edX discussion forum threads
🔘 Get a green build

If one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green.

Details
Where can I find more information?

If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:

When can I expect my changes to be merged?

Our goal is to get community contributions seen and reviewed as efficiently as possible.

However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:

  • The size and impact of the changes that it introduces
  • The need for product review
  • Maintenance status of the parent repository

💡 As a result it may take up to several weeks or months to complete a review and merge your PR.

@github-project-automation github-project-automation bot moved this to Needs Triage in Contributions Feb 9, 2026
@rodmgwgu rodmgwgu force-pushed the rod/authz_course_authoring_flag_api branch from 3a963b0 to 545e158 Compare February 9, 2026 21:02
@mphilbrick211 mphilbrick211 added the mao-onboarding Reviewing this will help onboard devs from an Axim mission-aligned organization (MAO). label Feb 9, 2026
@mphilbrick211 mphilbrick211 moved this from Needs Triage to Waiting on Author in Contributions Feb 9, 2026
@rodmgwgu rodmgwgu marked this pull request as ready for review February 9, 2026 22:06
@rodmgwgu rodmgwgu force-pushed the rod/authz_course_authoring_flag_api branch from 545e158 to 8ccfb58 Compare February 9, 2026 22:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dwong2708 dwong2708 Awaiting requested review from dwong2708

@wgu-taylor-payne wgu-taylor-payne Awaiting requested review from wgu-taylor-payne

@bmtcril bmtcril Awaiting requested review from bmtcril

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

core contributor PR author is a Core Contributor (who may or may not have write access to this repo). mao-onboarding Reviewing this will help onboard devs from an Axim mission-aligned organization (MAO). open-source-contribution PR author is not from Axim or 2U

Projects

Contributions
Status: Waiting on Author

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rodmgwgu @openedx-webhooks @mphilbrick211