Skip to content

can_add_tag is not correct for Django superusers #635

Description

@bradenmacdonald

When accessing a taxonomy's tags in the REST API, the can_add_tag value is supposed to indicate if the user can add new tags to the taxonomy.

For system-defined or free text taxonomies, this value should always be false:

https://github.com/openedx/openedx-platform/blob/c0973707f398359a9a5ed87a72204a291ac1abe7/openedx/core/djangoapps/content_tagging/rules.py#L356-L369

However, because the logic for can_add_tag is only implemented as a permissions check, when a superuser uses the API, the can_add_tag value is always True, even for system-defined taxonomies and free text taxonomies, because the Django permissions code doesn't even evaluate the permissions predicate for superusers.

The result is that most devstack users will see the "+ add tag" button for these taxonomies, even though attempting to add a tag will result in an error:

Image

(attempting to add a new tag then correctly displays an error:)

Image

Related frontend issue: The error is reported three times, but none of those have the actual error reason shown. (TODO: open separate bug issue for this.)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Fields

    No fields configured for Bug.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions