fix: update role assignment conditions (#37188)

2025-08-18 16:42:02 +05:30
parent 226ad8e5b7
commit bc76a865f4
1 changed files with 37 additions and 5 deletions
--- a/lms/djangoapps/support/rest_api/v1/views.py
+++ b/lms/djangoapps/support/rest_api/v1/views.py
@@ -14,7 +14,6 @@ from rest_framework.response import Response

 from common.djangoapps.student.models import CourseEnrollment
 from common.djangoapps.student.models.user import CourseAccessRole
-from common.djangoapps.student.roles import CourseRole
 from openedx.core.djangoapps.content.course_overviews.models import CourseOverview

 from ..serializers import CourseTeamManageSerializer
@@ -510,20 +509,53 @@ class CourseTeamManageAPIView(GenericAPIView):
    def _perform_role_action(self, data, role, action, user, course_key):
        """Assign or revoke role for the user on the course."""
        try:
-            course_role = CourseRole(role, course_key)
            if action == "assign":
-                course_role.add_users(user)
-                CourseEnrollment.enroll(user, course_key)
+                self._assign_role(user, role, course_key)
            elif action == "revoke":
-                course_role.remove_users(user)
+                self._revoke_role(user, role, course_key)
            else:
                return self._make_result(
                    data, "failed", "Invalid action. Use 'assign' or 'revoke'."
                )
+            # Clear user roles cache
+            if hasattr(user, '_roles'):
+                del user._roles
            return self._make_result(data, "success")
        except Exception as exc:  # pylint: disable=broad-except
            return self._make_result(data, "failed", str(exc))

+    def _assign_role(self, user, role, course_key):
+        """
+        Assign role with single entry.
+        """
+        existing_role = CourseAccessRole.objects.filter(
+            user=user,
+            course_id=course_key,
+            org=course_key.org,
+            role__in=["staff", "instructor"]
+        ).first()
+
+        if existing_role:
+            existing_role.role = role
+            existing_role.save()
+        else:
+            CourseAccessRole.objects.create(
+                user=user,
+                role=role,
+                course_id=course_key,
+                org=course_key.org,
+            )
+        CourseEnrollment.enroll(user, course_key)
+
+    def _revoke_role(self, user, role, course_key):
+        """
+        Revoke role with cleanup - instructor revoke removes all access.
+        """
+        existing_roles = CourseAccessRole.objects.filter(
+            user=user, course_id=course_key, role__in=["staff", "instructor"]
+        )
+        existing_roles.delete()
+
    def _make_result(self, data, outcome, error=None):
        """
        Formats the response for each role assignment entry.