feat: return denied when waffle flag disabled (#32795)

2023-07-24 12:32:53 -04:00
parent 25afbb194e
commit 948f23a011
4 changed files with 12 additions and 0 deletions
--- a/cms/djangoapps/contentstore/rest_api/v0/tests/test_advanced_settings.py
+++ b/cms/djangoapps/contentstore/rest_api/v0/tests/test_advanced_settings.py
@@ -6,11 +6,14 @@ import json
 import ddt
 from django.test import override_settings
 from django.urls import reverse
+from edx_toggles.toggles.testutils import override_waffle_flag
 from milestones.tests.utils import MilestonesTestCaseMixin

 from cms.djangoapps.contentstore.tests.utils import CourseTestCase
+from cms.djangoapps.contentstore.toggles import ENABLE_NEW_STUDIO_ADVANCED_SETTINGS_PAGE


+@override_waffle_flag(ENABLE_NEW_STUDIO_ADVANCED_SETTINGS_PAGE, active=True)
@ddt.ddt
 class CourseAdvanceSettingViewTest(CourseTestCase, MilestonesTestCaseMixin):
    """
--- a/cms/djangoapps/contentstore/rest_api/v0/tests/test_tabs.py
+++ b/cms/djangoapps/contentstore/rest_api/v0/tests/test_tabs.py
@@ -8,12 +8,15 @@ from urllib.parse import urlencode

 import ddt
 from django.urls import reverse
+from edx_toggles.toggles.testutils import override_waffle_flag
 from xmodule.modulestore.tests.factories import BlockFactory
 from xmodule.tabs import CourseTabList

 from cms.djangoapps.contentstore.tests.utils import CourseTestCase
+from cms.djangoapps.contentstore.toggles import ENABLE_NEW_STUDIO_CUSTOM_PAGES


+@override_waffle_flag(ENABLE_NEW_STUDIO_CUSTOM_PAGES, active=True)
@ddt.ddt
 class TabsAPITests(CourseTestCase):
    """
--- a/cms/djangoapps/contentstore/rest_api/v0/views/advanced_settings.py
+++ b/cms/djangoapps/contentstore/rest_api/v0/views/advanced_settings.py
@@ -3,6 +3,7 @@
 from django import forms
 import edx_api_doc_tools as apidocs
 from opaque_keys.edx.keys import CourseKey
+from rest_framework import status
 from rest_framework.exceptions import ValidationError
 from rest_framework.request import Request
 from rest_framework.response import Response
@@ -11,6 +12,7 @@ from xmodule.modulestore.django import modulestore

 from cms.djangoapps.models.settings.course_metadata import CourseMetadata
 from cms.djangoapps.contentstore.api.views.utils import get_bool_param
+from cms.djangoapps.contentstore.toggles import use_new_advanced_settings_page
 from common.djangoapps.student.auth import has_studio_read_access, has_studio_write_access
 from openedx.core.lib.api.view_utils import DeveloperErrorViewMixin, verify_course_exists, view_auth_classes
 from ..serializers import CourseAdvancedSettingsSerializer
@@ -115,6 +117,8 @@ class AdvancedCourseSettingsView(DeveloperErrorViewMixin, APIView):
        if not filter_query_data.is_valid():
            raise ValidationError(filter_query_data.errors)
        course_key = CourseKey.from_string(course_id)
+        if not use_new_advanced_settings_page(course_key):
+            return Response(status=status.HTTP_403_FORBIDDEN)
        if not has_studio_read_access(request.user, course_key):
            self.permission_denied(request)
        course_block = modulestore().get_course(course_key)
--- a/cms/djangoapps/contentstore/rest_api/v0/views/tabs.py
+++ b/cms/djangoapps/contentstore/rest_api/v0/views/tabs.py
@@ -79,6 +79,8 @@ class CourseTabListView(DeveloperErrorViewMixin, APIView):
        ```
        """
        course_key = CourseKey.from_string(course_id)
+        if not use_new_custom_pages(course_key):
+            return Response(status=status.HTTP_403_FORBIDDEN)
        if not has_studio_read_access(request.user, course_key):
            self.permission_denied(request)