feat(bffs): add multi-license entitlement handling

Author: rgopalrao-sonata-png

enterprise_access/apps/api/v1/tests/test_bff_views.py

@@ -340,6 +340,38 @@ def test_dashboard_with_subscriptions(
         })
         assert check_objects(response.json(), expected_response_data)
 
+    @mock_dashboard_dependencies
+    def test_dashboard_with_activated_license_fetches_secured_algolia_key_once(
+        self,
+        mock_get_enterprise_customers_for_user,
+        mock_get_secured_algolia_api_key_for_user,
+        mock_get_default_enrollment_intentions_learner_status,
+        mock_get_subscription_licenses_for_learner,
+        mock_get_enterprise_course_enrollments,
+    ):
+        """Learner-portal routes should not perform duplicate unscoped+scoped Algolia fetches."""
+        self.set_jwt_cookie([{
+            'system_wide_role': SYSTEM_ENTERPRISE_LEARNER_ROLE,
+            'context': self.mock_enterprise_customer_uuid,
+        }])
+        mock_get_enterprise_customers_for_user.return_value = self.mock_enterprise_learner_response_data
+        mock_get_secured_algolia_api_key_for_user.return_value = self.mock_secured_algolia_api_key_response
+        mock_get_subscription_licenses_for_learner.return_value = {
+            'customer_agreement': self.mock_customer_agreement,
+            'results': [self.mock_subscription_license],
+        }
+        mock_get_default_enrollment_intentions_learner_status.return_value = \
+            self.mock_default_enterprise_enrollment_intentions_learner_status_data
+        mock_get_enterprise_course_enrollments.return_value = self.mock_enterprise_course_enrollments
+
+        dashboard_url = reverse('api:v1:learner-portal-bff-dashboard')
+        dashboard_url += f"?{urlencode({'enterprise_customer_slug': self.mock_enterprise_customer_slug})}"
+
+        response = self.client.post(dashboard_url)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        mock_get_secured_algolia_api_key_for_user.assert_called_once()
+
     @mock_dashboard_dependencies
     @mock.patch('enterprise_access.apps.api_client.license_manager_client.LicenseManagerUserApiClient.activate_license')
     def test_dashboard_with_subscriptions_license_activation(

enterprise_access/apps/api/v1/views/bffs/common.py

@@ -44,20 +44,22 @@ class BaseBFFViewSetMixin:
     Mixin class containing common BFF viewset functionality.
     """
 
-    def _create_context(self, request, context_class):
+    def _create_context(self, request, context_class, context_kwargs=None):
         """
         Creates the appropriate context for the request.
 
         Args:
             request: The incoming HTTP request
             context_class: The context class to instantiate
+            context_kwargs (dict | None): Extra keyword arguments forwarded to the
+                context constructor (e.g. ``initialize_secured_algolia_api_keys=False``).
 
         Returns:
             tuple: (context_instance, error_response_data, error_status_code)
             If successful, error_response_data and error_status_code will be None
         """
         try:
-            context = context_class(request=request)
+            context = context_class(request=request, **(context_kwargs or {}))
             return context, None, None
         except Exception as exc:  # pylint: disable=broad-except
             logger.exception("Could not instantiate the handler context for the request.")
@@ -157,7 +159,14 @@ def _build_response(self, context, response_builder_class):
 
         return dict(ordered_representation), status_code
 
-    def load_route_data_and_build_response(self, request, handler_class, response_builder_class, context_class):
+    def load_route_data_and_build_response(
+        self,
+        request,
+        handler_class,
+        response_builder_class,
+        context_class,
+        context_kwargs=None,
+    ):
         """
         Handles the route and builds the response with the specified context class.
 
@@ -166,12 +175,16 @@ def load_route_data_and_build_response(self, request, handler_class, response_bu
             handler_class: The handler class to use
             response_builder_class: The response builder class to use
             context_class: The context class to use
+            context_kwargs (dict | None): Extra keyword arguments forwarded to the
+                context constructor (e.g. ``initialize_secured_algolia_api_keys=False``).
 
         Returns:
             tuple: (response_data, status_code)
         """
         # Create the context based on the request
-        context, error_response, error_status = self._create_context(request, context_class)
+        context, error_response, error_status = self._create_context(
+            request, context_class, context_kwargs=context_kwargs,
+        )
         if context is None:
             return error_response, error_status
 
@@ -191,12 +204,22 @@ class BaseBFFViewSet(BaseBFFViewSetMixin, ViewSet):
     authentication_classes = [JwtAuthentication]
     permission_classes = [IsAuthenticated]
 
-    def load_route_data_and_build_response(self, request, handler_class, response_builder_class):
+    def load_route_data_and_build_response(
+        self,
+        request,
+        handler_class,
+        response_builder_class,
+        context_kwargs=None,
+    ):
         """
         Handles the route and builds the response using HandlerContext for authenticated requests.
         """
         return super().load_route_data_and_build_response(
-            request, handler_class, response_builder_class, HandlerContext
+            request,
+            handler_class,
+            response_builder_class,
+            HandlerContext,
+            context_kwargs=context_kwargs,
         )
 
 

enterprise_access/apps/api/v1/views/bffs/learner_portal.py

@@ -62,6 +62,7 @@ def dashboard(self, request, *args, **kwargs):
             request=request,
             handler_class=DashboardHandler,
             response_builder_class=LearnerDashboardResponseBuilder,
+            context_kwargs={'initialize_secured_algolia_api_keys': False},
         )
         return Response(response_data, status=status_code)
 
@@ -92,6 +93,7 @@ def search(self, request, *args, **kwargs):
             request=request,
             handler_class=SearchHandler,
             response_builder_class=LearnerSearchResponseBuilder,
+            context_kwargs={'initialize_secured_algolia_api_keys': False},
         )
         return Response(response_data, status=status_code)
 
@@ -122,6 +124,7 @@ def academy(self, request, *args, **kwargs):
             request=request,
             handler_class=AcademyHandler,
             response_builder_class=LearnerAcademyResponseBuilder,
+            context_kwargs={'initialize_secured_algolia_api_keys': False},
         )
         return Response(response_data, status=status_code)
 
@@ -152,5 +155,6 @@ def skills_quiz(self, request, *args, **kwargs):
             request=request,
             handler_class=SkillsQuizHandler,
             response_builder_class=LearnerSkillsQuizResponseBuilder,
+            context_kwargs={'initialize_secured_algolia_api_keys': False},
         )
         return Response(response_data, status=status_code)

enterprise_access/apps/api_client/enterprise_catalog_client.py

@@ -155,12 +155,13 @@ def secured_algolia_api_key_endpoint(self, enterprise_customer_uuid: str) -> str
         secured_algolia_api_key_path: str = f'enterprise-customer/{enterprise_customer_uuid}/secured-algolia-api-key/'
         return urljoin(self.api_base_url, secured_algolia_api_key_path)
 
-    def get_secured_algolia_api_key(self, enterprise_customer_uuid):
+    def get_secured_algolia_api_key(self, enterprise_customer_uuid, catalog_uuids=None):
         """
         Fetch secured algolia API keys
 
         Arguments:
             enterprise_customer_uuid (uuid): UUID of the enterprise customer
+            catalog_uuids (list[str], optional): Catalog UUIDs to restrict the secured key to.
 
         Returns:
             200:
@@ -174,6 +175,10 @@ def get_secured_algolia_api_key(self, enterprise_customer_uuid):
                 'user_message' (str): Message of corresponding error indicating a user oriented message
                 'developer_message' (str): Message of corresponding error indicating an actionable developer message
         """
-        response = self.get(self.secured_algolia_api_key_endpoint(enterprise_customer_uuid))
+        query_params = {'catalog_uuids': catalog_uuids} if catalog_uuids is not None else None
+        response = self.get(
+            self.secured_algolia_api_key_endpoint(enterprise_customer_uuid),
+            params=query_params,
+        )
         response.raise_for_status()
         return response.json()

enterprise_access/apps/api_client/tests/test_enterprise_catalog_client.py

@@ -44,8 +44,9 @@ def test_contains_content_items(self, mock_oauth_client, mock_json):
 
         assert contains_content_items
 
+        expected_endpoint = client.enterprise_catalog_endpoint + str(ent_uuid) + '/contains_content_items/'
         mock_oauth_client.return_value.get.assert_called_with(
-            f'http://enterprise-catalog.example.com/api/v2/enterprise-catalogs/{ent_uuid}/contains_content_items/',
+            expected_endpoint,
             params={'course_run_ids': ['AB+CD101']},
         )
 
@@ -75,8 +76,9 @@ def test_catalog_content_metadata(self, mock_oauth_client):
         fetched_metadata = client.catalog_content_metadata(customer_uuid, content_keys)
 
         self.assertEqual(fetched_metadata['results'], mock_response_json['results'])
+        expected_endpoint = f'{client.enterprise_catalog_endpoint}{customer_uuid}/get_content_metadata/'
         mock_oauth_client.return_value.get.assert_called_with(
-            f'http://enterprise-catalog.example.com/api/v2/enterprise-catalogs/{customer_uuid}/get_content_metadata/',
+            expected_endpoint,
             params={
                 'content_keys': content_keys,
                 'traverse_pagination': True,
@@ -88,6 +90,8 @@ def test_catalog_content_metadata_raises_http_error(self, mock_oauth_client):
         content_keys = ['course+A', 'course+B']
         request_response = Response()
         request_response.status_code = 400
+        request_response.url = 'http://test.example.com'
+        request_response.raise_for_status = mock.Mock(side_effect=HTTPError())
 
         mock_oauth_client.return_value.get.return_value = request_response
 
@@ -97,14 +101,40 @@ def test_catalog_content_metadata_raises_http_error(self, mock_oauth_client):
         with self.assertRaises(HTTPError):
             client.catalog_content_metadata(customer_uuid, content_keys)
 
+        expected_endpoint = f'{client.enterprise_catalog_endpoint}{customer_uuid}/get_content_metadata/'
         mock_oauth_client.return_value.get.assert_called_with(
-            f'http://enterprise-catalog.example.com/api/v2/enterprise-catalogs/{customer_uuid}/get_content_metadata/',
+            expected_endpoint,
             params={
                 'content_keys': content_keys,
                 'traverse_pagination': True,
             },
         )
 
+    @mock.patch('enterprise_access.apps.api_client.base_oauth.OAuthAPIClient')
+    def test_catalog_content_metadata_raises_for_empty_keys_with_traverse_pagination(self, mock_oauth_client):
+        """
+        catalog_content_metadata raises when content_keys is empty and traverse_pagination=True,
+        to prevent fetching all metadata for an entire catalog (potentially thousands of records).
+        """
+        catalog_uuid = uuid4()
+        client = EnterpriseCatalogApiClient()
+
+        with self.assertRaises(Exception) as ctx:
+            client.catalog_content_metadata(catalog_uuid, content_keys=[], traverse_pagination=True)
+
+        self.assertIn('Cannot request all metadata', str(ctx.exception))
+        mock_oauth_client.return_value.get.assert_not_called()
+
+    @mock.patch('enterprise_access.apps.api_client.base_oauth.OAuthAPIClient')
+    def test_content_metadata_v2_raises_not_implemented(self, mock_oauth_client):
+        """EnterpriseCatalogApiClient.content_metadata (V2) is intentionally unimplemented."""
+        client = EnterpriseCatalogApiClient()
+
+        with self.assertRaises(NotImplementedError):
+            client.content_metadata('course+SomeKey')
+
+        mock_oauth_client.return_value.get.assert_not_called()
+
     @mock.patch('enterprise_access.apps.api_client.base_oauth.OAuthAPIClient')
     def test_get_content_metadata_count(self, mock_oauth_client):
         mock_response_json = {
@@ -119,8 +149,9 @@ def test_get_content_metadata_count(self, mock_oauth_client):
         fetched_metadata = client.get_content_metadata_count(catalog_uuid)
 
         self.assertEqual(fetched_metadata, mock_response_json['count'])
+        expected_endpoint = client.enterprise_catalog_endpoint + str(catalog_uuid) + '/get_content_metadata/'
         mock_oauth_client.return_value.get.assert_called_with(
-            f'http://enterprise-catalog.example.com/api/v2/enterprise-catalogs/{catalog_uuid}/get_content_metadata/',
+            expected_endpoint,
         )
 
 
@@ -154,8 +185,9 @@ def test_content_metadata(self, mock_oauth_client, coerce_to_parent_course):
         expected_query_params_kwarg = {}
         if coerce_to_parent_course:
             expected_query_params_kwarg |= {'params': {'coerce_to_parent_course': True}}
+        expected_endpoint = f'{client.content_metadata_endpoint}{content_key}'
         mock_oauth_client.return_value.get.assert_called_with(
-            f'http://enterprise-catalog.example.com/api/v1/content-metadata/{content_key}',
+            expected_endpoint,
             **expected_query_params_kwarg,
         )
 
@@ -164,6 +196,8 @@ def test_content_metadata_raises_http_error(self, mock_oauth_client):
         content_key = 'course+A'
         request_response = Response()
         request_response.status_code = 400
+        request_response.url = 'http://test.example.com'
+        request_response.raise_for_status = mock.Mock(side_effect=HTTPError())
 
         mock_oauth_client.return_value.get.return_value = request_response
 
@@ -172,8 +206,9 @@ def test_content_metadata_raises_http_error(self, mock_oauth_client):
         with self.assertRaises(HTTPError):
             client.content_metadata(content_key)
 
+        expected_endpoint = f'{client.content_metadata_endpoint}{content_key}'
         mock_oauth_client.return_value.get.assert_called_with(
-            f'http://enterprise-catalog.example.com/api/v1/content-metadata/{content_key}',
+            expected_endpoint,
         )
 
 
@@ -200,11 +235,7 @@ def setUp(self):
     )
     @ddt.unpack
     def test_secured_algolia_api_key_endpoint(self, enterprise_customer_uuid):
-        expected_url = (
-            f'http://enterprise-catalog.example.com/api/v1'
-            f'/enterprise-customer/{enterprise_customer_uuid}/secured-algolia-api-key/'
-        )
-        request = self.factory.get(expected_url)
+        request = self.factory.get('http://test.example.com')
         request.headers = {
             "Authorization": 'test-auth',
             self.request_id_key: 'test-request-id'
@@ -223,16 +254,16 @@ def test_secured_algolia_api_key_endpoint(self, enterprise_customer_uuid):
             secured_algolia_api_key_url = client.secured_algolia_api_key_endpoint(
                 enterprise_customer_uuid=enterprise_customer_uuid
             )
+            expected_url = (
+                f'{client.api_base_url}'
+                f'enterprise-customer/{enterprise_customer_uuid}/secured-algolia-api-key/'
+            )
             self.assertEqual(secured_algolia_api_key_url, expected_url)
 
     @mock.patch('requests.Session.send')
     @mock.patch('crum.get_current_request')
     def test_secured_algolia_api_key(self, mock_crum_get_current_request, mock_send):
-        expected_url = (
-            f'http://enterprise-catalog.example.com/api/v1'
-            f'/enterprise-customer/{self.mock_enterprise_customer_uuid}/secured-algolia-api-key/'
-        )
-        request = self.factory.get(expected_url)
+        request = self.factory.get('http://test.example.com')
         request.headers = {
             "Authorization": 'test-auth',
             self.request_id_key: 'test-request-id'
@@ -264,6 +295,10 @@ def test_secured_algolia_api_key(self, mock_crum_get_current_request, mock_send)
         prepared_request = mock_send.call_args[0][0]
 
         # Assert base request URL/method is correct
+        expected_url = (
+            f'{client.api_base_url}'
+            f'enterprise-customer/{self.mock_enterprise_customer_uuid}/secured-algolia-api-key/'
+        )
         parsed_url = urlparse(prepared_request.url)
         self.assertEqual(f"{parsed_url.scheme}://{parsed_url.netloc}{parsed_url.path}", expected_url)
         self.assertEqual(prepared_request.method, 'GET')
@@ -274,3 +309,41 @@ def test_secured_algolia_api_key(self, mock_crum_get_current_request, mock_send)
 
         # Assert the response is as expected
         self.assertEqual(result, expected_result)
+
+    @mock.patch('requests.Session.send')
+    @mock.patch('crum.get_current_request')
+    def test_secured_algolia_api_key_with_catalog_scope(self, mock_crum_get_current_request, mock_send):
+        request = self.factory.get('http://test.example.com')
+        request.headers = {
+            "Authorization": 'test-auth',
+            self.request_id_key: 'test-request-id'
+        }
+        request.user = self.user
+
+        mock_crum_get_current_request.return_value = request
+        mock_response = mock.Mock()
+        mock_response.status_code = 200
+        mock_response.json.return_value = {
+            'algolia': {
+                'secured_api_key': 'key',
+                'valid_until': _days_from_now(1, DATE_FORMAT_ISO_8601),
+            },
+            'catalog_uuids_to_catalog_query_uuids': {},
+        }
+        mock_send.return_value = mock_response
+
+        client = EnterpriseCatalogUserV1ApiClient(request)
+        client.get_secured_algolia_api_key(
+            enterprise_customer_uuid=self.mock_enterprise_customer_uuid,
+            catalog_uuids=['cat-a', 'cat-b'],
+        )
+        prepared_request = mock_send.call_args[0][0]
+        parsed_url = urlparse(prepared_request.url)
+
+        expected_url = (
+            f'{client.api_base_url}'
+            f'enterprise-customer/{self.mock_enterprise_customer_uuid}/secured-algolia-api-key/'
+        )
+        self.assertEqual(f"{parsed_url.scheme}://{parsed_url.netloc}{parsed_url.path}", expected_url)
+        self.assertIn('catalog_uuids=cat-a', parsed_url.query)
+        self.assertIn('catalog_uuids=cat-b', parsed_url.query)