Skip to content

feat: add waffle flag states rest api and util#358

Merged
MaferMazu merged 7 commits into
openedx:mainfrom
eduNEXT:mfmz/waffle-flag-state
Jul 15, 2026
Merged

feat: add waffle flag states rest api and util#358
MaferMazu merged 7 commits into
openedx:mainfrom
eduNEXT:mfmz/waffle-flag-state

Conversation

@MaferMazu

@MaferMazu MaferMazu commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Description

This PR adds a util and a REST API to check whether the waffle flag related to authz (authz.enable_course_authoring) is enabled.

Those functions return a dictionary mapping scopes to their activation status:

  • 'global' (bool): True if the global waffle flag is enabled.
  • 'org_overrides' (dict): Orgs with an organization-level override, as 'on'
    (forces the flag on) and 'off' (forces the flag off) lists.
  • 'course_overrides' (dict): Courses with a course-level override, split the same way.

This PR is related to:

And try to solve:

same fix as #341 : we show Authoring UI if ANY Authoring related Waffle flag is ON. We hide it if ALL of them are OFF.

📌 We still need to modify the REST API endpoints to provide the correct information to the front end, but this is an effort to centralize the waffle flag information.

How to test

More about how to activate the waffle flags: openedx/openedx-platform#37985

More context on how it should work

Operator notes: https://openedx.atlassian.net/wiki/spaces/OEPM/pages/6331662350/RBAC+AuthZ+for+Course+Authoring+-+Operator+Release+Notes

Merge checklist:
Check off if complete or not applicable:

  • Version bumped
  • Changelog record added
  • Documentation updated (not only docstrings)
  • Fixup commits are squashed away
  • Unit tests added/updated
  • Manual testing instructions provided
  • Noted any: Concerns, dependencies, migration issues, deadlines, tickets

@openedx-webhooks

Copy link
Copy Markdown

Thanks for the pull request, @MaferMazu!

This repository is currently maintained by @openedx/committers-openedx-authz.

Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review.

🔘 Get product approval

If you haven't already, check this list to see if your contribution needs to go through the product review process.

  • If it does, you'll need to submit a product proposal for your contribution, and have it reviewed by the Product Working Group.
    • This process (including the steps you'll need to take) is documented here.
  • If it doesn't, simply proceed with the next step.
🔘 Provide context

To help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:

  • Dependencies

    This PR must be merged before / after / at the same time as ...

  • Blockers

    This PR is waiting for OEP-1234 to be accepted.

  • Timeline information

    This PR must be merged by XX date because ...

  • Partner information

    This is for a course on edx.org.

  • Supporting documentation
  • Relevant Open edX discussion forum threads
🔘 Get a green build

If one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green.

Details
Where can I find more information?

If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:

When can I expect my changes to be merged?

Our goal is to get community contributions seen and reviewed as efficiently as possible.

However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:

  • The size and impact of the changes that it introduces
  • The need for product review
  • Maintenance status of the parent repository

💡 As a result it may take up to several weeks or months to complete a review and merge your PR.

@openedx-webhooks openedx-webhooks added the open-source-contribution PR author is not from Axim or 2U label Jul 10, 2026
@github-project-automation github-project-automation Bot moved this to Needs Triage in Contributions Jul 10, 2026
@MaferMazu
MaferMazu requested review from dcoa and mariajgrimaldi July 10, 2026 23:40
@MaferMazu

Copy link
Copy Markdown
Contributor Author

I still need to add the tests, but that's the base.

Comment thread openedx_authz/utils.py Outdated
Comment thread openedx_authz/utils.py Outdated
Comment thread openedx_authz/rest_api/v1/views.py
@mphilbrick211 mphilbrick211 moved this from Needs Triage to In Eng Review in Contributions Jul 13, 2026
mariajgrimaldi added a commit that referenced this pull request Jul 14, 2026
- get_waffle_flag_states used a manual Flag query for the global tier
instead of enable_authz_course_authoring, and returned flat booleans for
org/course overrides instead of the actual affected orgs/courses, split
by whether the override forces the flag on or off.

- Adds test coverage for get_waffle_flag_states and WaffleFlagStatesAPIView,
and an ADR documenting why this endpoint (issue #358) supersedes PR #361's
approach of enforcing the flag cascade inside release-blocking endpoints.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
mariajgrimaldi added a commit that referenced this pull request Jul 14, 2026
- get_waffle_flag_states used a manual Flag query for the global tier
instead of enable_authz_course_authoring, and returned flat booleans for
org/course overrides instead of the actual affected orgs/courses, split
by whether the override forces the flag on or off.

- Adds test coverage for get_waffle_flag_states and WaffleFlagStatesAPIView,
and an ADR documenting why this endpoint (issue #358) supersedes PR #361's
approach of enforcing the flag cascade inside release-blocking endpoints.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
@mariajgrimaldi

Copy link
Copy Markdown
Member

Here how the changes could look like: 567e9a0. I also added an ADR explaining why this is how we're moving forward.

- get_waffle_flag_states used a manual Flag query for the global tier
instead of enable_authz_course_authoring, and returned flat booleans for
org/course overrides instead of the actual affected orgs/courses, split
by whether the override forces the flag on or off.

- Adds test coverage for get_waffle_flag_states and WaffleFlagStatesAPIView,
and an ADR documenting why this endpoint (issue openedx#358) supersedes PR openedx#361's
approach of enforcing the flag cascade inside release-blocking endpoints.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
@MaferMazu
MaferMazu requested a review from mariajgrimaldi July 14, 2026 22:13
@MaferMazu

Copy link
Copy Markdown
Contributor Author

@mariajgrimaldi, thanks a lot for your commit. I cherry-picked it. The only thing is, I reverted the change to use enable_authz_course_authoring(), because it requires a course key, and in this case, we want it globally.

Ref: https://github.com/openedx/openedx-platform/blob/c82accb66b38713b7b83f551974bb7c279b7207a/openedx/core/toggles.py#L33

@MaferMazu
MaferMazu requested review from BryanttV and bra-i-am July 14, 2026 22:19
Comment thread docs/decisions/0015-expose-course-authoring-waffle-flag-state-via-rest-api.rst Outdated

@dcoa dcoa left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I check and looks good to me, thanks Mafer.

@mariajgrimaldi

Copy link
Copy Markdown
Member

@MaferMazu it should work with this PR: https://github.com/openedx/openedx-platform/pull/38855/changes#diff-201a5011ca69071dd6ad00c38d5dd9741add9ee1d780325c11f1631887e37d41R46, the idea is to decrease the dependency on other models as much as we can

@BryanttV BryanttV left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested it locally with the latest changes in openedx-platform and it works as expected. Thanks!

@MaferMazu
MaferMazu force-pushed the mfmz/waffle-flag-state branch from c1d1ed4 to b9fa3a2 Compare July 15, 2026 17:35
@MaferMazu

Copy link
Copy Markdown
Contributor Author

Thanks for the feedback.

I updated the adr as mentioned and also reverted to using enable_authz_course_authoring() directly, since it works with the latest version of edx-platform.

Note: this change depends on https://github.com/openedx/openedx-platform/pull/38855/changes#diff-201a5011ca69071dd6ad00c38d5dd9741add9ee1d780325c11f1631887e37d41R46

@mariajgrimaldi mariajgrimaldi left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks a lot for this

@MaferMazu

Copy link
Copy Markdown
Contributor Author

@mariajgrimaldi I found out that using the direct enable_authz_course_authoring() isn't working properly, because it generates a circular import.
I will drop the revert and maintain the use of Flags to ensure a proper answer.

The final version would be like this: 1cb3457

Context of the errors I get using enable_authz_course_authoring():
Logs

Traceback (most recent call last):
lms-1          |   File "/openedx/openedx-authz/openedx_authz/rest_api/v1/views.py", line 1403, in get
lms-1          |     data = get_waffle_flag_states()
lms-1          |            ^^^^^^^^^^^^^^^^^^^^^^^^
lms-1          |   File "/openedx/openedx-authz/openedx_authz/utils.py", line 87, in get_waffle_flag_states
lms-1          |     global_enabled = bool(enable_authz_course_authoring())
lms-1          |                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
lms-1          | TypeError: 'NoneType' object is not callable
lms-1          | Internal Server Error: /api/authz/v1/waffle-flag-states/

Removing the try except to understand why the object is None:

File "/openedx/openedx-authz/openedx_authz/utils.py", line 16, in <module>
lms-1          |     from common.djangoapps.student.roles import enable_authz_course_authoring
lms-1          | ImportError: cannot import name 'enable_authz_course_authoring' from partially initialized module 'common.djangoapps.student.roles' (most likely due to a circular import) (/openedx/edx-platform/common/djangoapps/student/roles.py)

@MaferMazu

MaferMazu commented Jul 15, 2026

Copy link
Copy Markdown
Contributor Author

@mariajgrimaldi @BryanttV I dropped the revert and maintain the use of Flags to ensure a proper answer.
I also considered the lazy import (import inside the function), but I discarded it, besides the fact that it is not recommended and can hide behaviors, it also required some changes to the tests.

Details: #358 (comment)

@BryanttV

Copy link
Copy Markdown
Contributor

Thanks, @MaferMazu. I agree with your comment. I tested again, and everything worked fine.

@MaferMazu
MaferMazu merged commit d2d0e63 into openedx:main Jul 15, 2026
7 of 8 checks passed
@github-project-automation github-project-automation Bot moved this from In Eng Review to Done in Contributions Jul 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

open-source-contribution PR author is not from Axim or 2U

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

6 participants