* feat: adds SearchAccess model
Stores a numeric ID for each course + library, which will generally be
shorter than the full context_key, so we can pack more of them into the
the Meilisearch search filter.
Also:
* Adds data migration pre-populates the SearchAccess model from the existing
CourseOverview and ContentLibrary records
* Adds signal handlers to add/remove SearchAccess entries when content
is created or deleted.
* Adds get_access_ids_for_request() helper method for use in views.
* Adds tests.
* test: can't import content.search in lms tests
* feat: use SearchAccess in documents and views
* Adds an access_id field to the document, which stores the
SearchAccess.id for the block's context.
* Use the requesting user's allowed access_ids to filter search results
to documents with those access_ids.
* Since some users have a lot of individual access granted, limit the
number of access_ids in the filter to a large number (1_000)
* Updates tests to demonstrate.
* test: can't import content.search or content_staging in lms tests
* fix: make access_id field filterable
* fix: use SearchAccess.get_or_create in signal handlers
In theory, we shouldn't have to do this, because the CREATE and DELETE
events should keep the SearchAccess table up-to-date.
But in practice, signals can be missed (or in tests, they may be
disabled). So we assume that it's ok to re-use a SearchAccess.id created
for a given course or library context_key.
* refactor: refactors the view tests to make them clearer
Uses helper methods and decorators to wrap the settings and patches used
by multiple view tests.
* feat: adds org filters to meilisearch filter
* Uses content_tagging.rules.get_user_orgs to fetch the user's
content-related orgs for use in the meilisearch filter.
* Limits the number of orgs used to 1_000 to keep token size down
* refactor: removes data migration
Users should use the reindex_studio management command to populate SearchAccess.
* refactor: adds functions to common.djangoapps.student.role_helpers
to allow general access to the user's RoleCache without having to access
private attributes of User or RoleCache.
Related changes:
* Moves some functionality from openedx.core.djangoapps.enrollments.data.get_user_roles
to this new helper method.
* Use these new helper method in content_tagging.rules
* fix: get_access_ids_for_request only returns individual access
instead of all course keys that the user can read.
Org- and GlobalStaff access checks will handle the rest.
* fix: use org-level permissions when generating search filter
Also refactors tests to demonstrate this change for OrgStaff and
OrgInstructor users.
* refactor: remove SearchAccess creation signal handlers
Lets SearchAccess entries be created on demand during search indexing.
* feat: omit access_ids from the search filter that are covered by the user's org roles
---------
Co-authored-by: Rômulo Penido <romulo.penido@gmail.com>
d67211051b