feat: return denied when waffle flag disabled (#32795)

openedx · Jul 24, 2023 · 948f23a · 948f23a
1 parent 25afbb1
commit 948f23a
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 0 deletions.
diff --git a/cms/djangoapps/contentstore/rest_api/v0/tests/test_advanced_settings.py b/cms/djangoapps/contentstore/rest_api/v0/tests/test_advanced_settings.py
@@ -6,11 +6,14 @@
 import ddt
 from django.test import override_settings
 from django.urls import reverse
+from edx_toggles.toggles.testutils import override_waffle_flag
 from milestones.tests.utils import MilestonesTestCaseMixin
 
 from cms.djangoapps.contentstore.tests.utils import CourseTestCase
+from cms.djangoapps.contentstore.toggles import ENABLE_NEW_STUDIO_ADVANCED_SETTINGS_PAGE
 
 
+@override_waffle_flag(ENABLE_NEW_STUDIO_ADVANCED_SETTINGS_PAGE, active=True)
 @ddt.ddt
 class CourseAdvanceSettingViewTest(CourseTestCase, MilestonesTestCaseMixin):
     """

diff --git a/cms/djangoapps/contentstore/rest_api/v0/tests/test_tabs.py b/cms/djangoapps/contentstore/rest_api/v0/tests/test_tabs.py
@@ -8,12 +8,15 @@
 
 import ddt
 from django.urls import reverse
+from edx_toggles.toggles.testutils import override_waffle_flag
 from xmodule.modulestore.tests.factories import BlockFactory
 from xmodule.tabs import CourseTabList
 
 from cms.djangoapps.contentstore.tests.utils import CourseTestCase
+from cms.djangoapps.contentstore.toggles import ENABLE_NEW_STUDIO_CUSTOM_PAGES
 
 
+@override_waffle_flag(ENABLE_NEW_STUDIO_CUSTOM_PAGES, active=True)
 @ddt.ddt
 class TabsAPITests(CourseTestCase):
     """

diff --git a/cms/djangoapps/contentstore/rest_api/v0/views/advanced_settings.py b/cms/djangoapps/contentstore/rest_api/v0/views/advanced_settings.py
@@ -3,6 +3,7 @@
 from django import forms
 import edx_api_doc_tools as apidocs
 from opaque_keys.edx.keys import CourseKey
+from rest_framework import status
 from rest_framework.exceptions import ValidationError
 from rest_framework.request import Request
 from rest_framework.response import Response
@@ -11,6 +12,7 @@
 
 from cms.djangoapps.models.settings.course_metadata import CourseMetadata
 from cms.djangoapps.contentstore.api.views.utils import get_bool_param
+from cms.djangoapps.contentstore.toggles import use_new_advanced_settings_page
 from common.djangoapps.student.auth import has_studio_read_access, has_studio_write_access
 from openedx.core.lib.api.view_utils import DeveloperErrorViewMixin, verify_course_exists, view_auth_classes
 from ..serializers import CourseAdvancedSettingsSerializer
@@ -115,6 +117,8 @@ def get(self, request: Request, course_id: str):
         if not filter_query_data.is_valid():
             raise ValidationError(filter_query_data.errors)
         course_key = CourseKey.from_string(course_id)
+        if not use_new_advanced_settings_page(course_key):
+            return Response(status=status.HTTP_403_FORBIDDEN)
         if not has_studio_read_access(request.user, course_key):
             self.permission_denied(request)
         course_block = modulestore().get_course(course_key)

diff --git a/cms/djangoapps/contentstore/rest_api/v0/views/tabs.py b/cms/djangoapps/contentstore/rest_api/v0/views/tabs.py
@@ -79,6 +79,8 @@ def get(self, request: Request, course_id: str) -> Response:
         ```
         """
         course_key = CourseKey.from_string(course_id)
+        if not use_new_custom_pages(course_key):
+            return Response(status=status.HTTP_403_FORBIDDEN)
         if not has_studio_read_access(request.user, course_key):
             self.permission_denied(request)