Skip to content

Permissions migration creates invalid v2 Library keys #148

New issue
New issue
Closed
Bug
#149
Closed
Permissions migration creates invalid v2 Library keys#148
Bug
#149
Assignees
mariajgrimaldi
@ormsbee

Description

@ormsbee
ormsbee
opened on Nov 25, 2025

When running openedx_authz/migrations/0006_migrate_legacy_permissions.py, I got the following error:

  Applying openedx_authz.0006_migrate_legacy_permissions...2025-11-25 17:15:29,649 INFO 17 [openedx_authz.engine.utils] [user None] [ip None] utils.py:142 - Migrating permission for User: dave to Role: library_admin in Scope: lib:Axim Collaborative:blankstart2
Traceback (most recent call last):
  File "/openedx/edx-platform/./manage.py", line 99, in <module>
    execute_from_command_line([sys.argv[0]] + django_args)
  File "/openedx/venv/lib/python3.11/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line
    utility.execute()
  File "/openedx/venv/lib/python3.11/site-packages/django/core/management/__init__.py", line 436, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/openedx/venv/lib/python3.11/site-packages/django/core/management/base.py", line 416, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/openedx/venv/lib/python3.11/site-packages/django/core/management/base.py", line 460, in execute
    output = self.handle(*args, **options)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/openedx/venv/lib/python3.11/site-packages/django/core/management/base.py", line 107, in wrapper
    res = handle_func(*args, **kwargs)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/openedx/venv/lib/python3.11/site-packages/django/core/management/commands/migrate.py", line 353, in handle
    post_migrate_state = executor.migrate(
                         ^^^^^^^^^^^^^^^^^
  File "/openedx/venv/lib/python3.11/site-packages/django/db/migrations/executor.py", line 135, in migrate
    state = self._migrate_all_forwards(
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/openedx/venv/lib/python3.11/site-packages/django/db/migrations/executor.py", line 167, in _migrate_all_forwards
    state = self.apply_migration(
            ^^^^^^^^^^^^^^^^^^^^^
  File "/openedx/venv/lib/python3.11/site-packages/django/db/migrations/executor.py", line 255, in apply_migration
    state = migration.apply(state, schema_editor)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/openedx/venv/lib/python3.11/site-packages/django/db/migrations/migration.py", line 127, in apply
    operation.database_forwards(
  File "/openedx/venv/lib/python3.11/site-packages/django/db/migrations/operations/special.py", line 196, in database_forwards
    self.code(from_state.apps, schema_editor)
  File "/openedx/venv/lib/python3.11/site-packages/openedx_authz/migrations/0006_migrate_legacy_permissions.py", line 43, in apply_migrate_legacy_permissions
    permissions_with_errors = migrate_legacy_permissions(ContentLibraryPermission)
                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/openedx/venv/lib/python3.11/site-packages/openedx_authz/engine/utils.py", line 147, in migrate_legacy_permissions
    assign_role_to_user_in_scope(
  File "/openedx/venv/lib/python3.11/site-packages/openedx_authz/api/users.py", line 58, in assign_role_to_user_in_scope
    ScopeData(external_key=scope_external_key),
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/openedx/venv/lib/python3.11/site-packages/openedx_authz/api/data.py", line 197, in __call__
    scope_cls = cls.get_subclass_by_external_key(kwargs["external_key"])
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/openedx/venv/lib/python3.11/site-packages/openedx_authz/api/data.py", line 264, in get_subclass_by_external_key
    raise ValueError(f"Invalid external_key format: {external_key}")
ValueError: Invalid external_key format: lib:Axim Collaborative:blankstart2

At the end, it tries to create the opaque key: "lib:Axim Collaborative:blankstart2", which is invalid because of the space between "Axim" and "Collaborative". This happens because the code is using the name attribute of the Organization model, which has the full name of the org:

openedx-authz/openedx_authz/engine/utils.py

Lines 127 to 128 in 9a9ab05

# Generating scope based on library identifier
scope = f"lib:{permission.library.org.name}:{permission.library.slug}"

It should use short_name instead.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions