change problem set list permissions

abeglova · abeglova · commit a2ce13f2c8a3 · 2025-07-31T13:41:45.000-04:00
diff --git a/learning_resources/views.py b/learning_resources/views.py
@@ -1400,7 +1400,7 @@ def has_permission(self, request, view):  # noqa: ARG002
                 return True
             return user.groups.filter(name=GROUP_TUTOR_PROBLEM_VIEWERS).exists()
 
-    permission_classes = (IsAdminOrTutorProblemViewer,)
+    permission_classes = ()
 
     http_method_names = ["get"]
     lookup_field = "run_readable_id"
@@ -1410,6 +1410,7 @@ def has_permission(self, request, view):  # noqa: ARG002
         detail=False,
         methods=["get"],
         url_path=r"(?P<run_readable_id>[^/]+)",
+        permission_classes=[AnonymousAccessReadonlyPermission],
     )
     def list_problems(self, request, run_readable_id):  # noqa: ARG002
         """
@@ -1434,6 +1435,7 @@ def list_problems(self, request, run_readable_id):  # noqa: ARG002
         detail=False,
         methods=["get"],
         url_path=r"(?P<run_readable_id>[^/]+)/(?P<problem_title>[^/]+)",
+        permission_classes=[IsAdminOrTutorProblemViewer],
     )
     def retrieve_problem(self, request, run_readable_id, problem_title):  # noqa: ARG002
         run = LearningResourceRun.objects.filter(
diff --git a/learning_resources/views_test.py b/learning_resources/views_test.py
@@ -1463,20 +1463,7 @@ def test_course_run_problems_endpoint(client, user_role, django_user_model):
         reverse("lr:v0:tutorproblem_api-list-problems", args=[course_run.run_id])
     )
 
-    if user_role in ["admin", "group_tutor_problem_viewer"]:
-        assert resp.json() == {"problem_set_titles": ["Problem Set 1", "Problem Set 2"]}
-    elif user_role == "normal":
-        assert resp.status_code == 403
-        assert resp.json() == {
-            "detail": "You do not have permission to perform this action.",
-            "error_type": "PermissionDenied",
-        }
-    elif user_role == "anonymous":
-        assert resp.status_code == 403
-        assert resp.json() == {
-            "detail": "Authentication credentials were not provided.",
-            "error_type": "NotAuthenticated",
-        }
+    assert resp.json() == {"problem_set_titles": ["Problem Set 1", "Problem Set 2"]}
 
     detail_resp = client.get(
         reverse(
