use anonymous user ID when calling the edxnotes retirement endpoint

lms/djangoapps/edxnotes/helpers.py

@@ -121,11 +121,11 @@ def send_request(user, course_id, page, page_size, path="", text=None):
     return response
 
 
-def delete_all_notes_for_user(user, user_id):
+def delete_all_notes_for_user(user):
     """
-    helper method to delete all notes for a user_id, as part of GDPR compliance
+    helper method to delete all notes for a user, as part of GDPR compliance
 
-    :param user_id: The user object associated with the deleted notes
+    :param user: The user object associated with the deleted notes
     :return: response (requests) object
 
     Raises:
@@ -136,7 +136,7 @@ def delete_all_notes_for_user(user, user_id):
         "x-annotator-auth-token": get_edxnotes_id_token(user),
     }
     data = {
-        "user_id": user_id
+        "user_id": anonymous_id_for_user(user, None)
     }
     try:
         response = requests.delete(

lms/djangoapps/edxnotes/tests.py

@@ -532,23 +532,26 @@ class EdxNotesHelpersTest(ModuleStoreTestCase):
 
     @override_settings(EDXNOTES_PUBLIC_API="http://example.com")
     @override_settings(EDXNOTES_INTERNAL_API="http://example.com")
+    @patch("edxnotes.helpers.anonymous_id_for_user", autospec=True)
+    @patch("edxnotes.helpers.get_edxnotes_id_token", autospec=True)
     @patch("edxnotes.helpers.requests.delete")
-    def test_delete_all_notes_for_user(self, mock_delete):
+    def test_delete_all_notes_for_user(self, mock_delete, mock_get_id_token, mock_anonymous_id_for_user):
         """
         Test GDPR data deletion for Notes user_id
         """
-        with mock.patch('edxnotes.helpers.get_edxnotes_id_token', return_value="test_token"):
-            helpers.delete_all_notes_for_user(user=self.user, user_id="anonymous_id")
-            mock_delete.assert_called_with(
-                url='http://example.com/',
-                headers={
-                    'x-annotator-auth-token': 'test_token'
-                },
-                data={
-                    'user_id': 'anonymous_id'
-                },
-                timeout=(settings.EDXNOTES_CONNECT_TIMEOUT, settings.EDXNOTES_READ_TIMEOUT)
-            )
+        mock_anonymous_id_for_user.return_value = "anonymous_id"
+        mock_get_id_token.return_value = "test_token"
+        helpers.delete_all_notes_for_user(self.user)
+        mock_delete.assert_called_with(
+            url='http://example.com/',
+            headers={
+                'x-annotator-auth-token': 'test_token'
+            },
+            data={
+                'user_id': 'anonymous_id'
+            },
+            timeout=(settings.EDXNOTES_CONNECT_TIMEOUT, settings.EDXNOTES_READ_TIMEOUT)
+        )
 
     def test_preprocess_collection_no_item(self):
         """

lms/djangoapps/edxnotes/views.py

@@ -256,7 +256,7 @@ class RetireUserView(APIView):
         username = request.data['username']
         try:
             retirement = UserRetirementStatus.get_retirement_for_retirement_action(username)
-            delete_all_notes_for_user(retirement.user, retirement.user.id)
+            delete_all_notes_for_user(retirement.user)
         except UserRetirementStatus.DoesNotExist:
             return Response(status=status.HTTP_404_NOT_FOUND)
         except RetirementStateError as exc: