Skip to content

Fix: Create SearchAccess on library creation for course creator search access#38091

Merged
UsamaSadiq merged 3 commits intoopenedx:masterfrom
edly-io:fix/library-search-access-for-course-creators
Mar 5, 2026
Merged

Fix: Create SearchAccess on library creation for course creator search access#38091
UsamaSadiq merged 3 commits intoopenedx:masterfrom
edly-io:fix/library-search-access-for-course-creators

Conversation

@Waleed-Mujahid
Copy link
Contributor

@Waleed-Mujahid Waleed-Mujahid commented Mar 4, 2026

Problem

When a course creator (non-superuser) creates a new content library and immediately tries to add components, the UI doesn't update to show the newly added component in search results. This happens because:

  1. Meilisearch uses JWT tokens with access_id filters to restrict search results to libraries/courses the user has permission to access
  2. The JWT token is cached in the frontend for 1 hour
  3. SearchAccess records were only created during document indexing (in _meili_access_id_from_context_key)
  4. For a newly created empty library with no components yet, no SearchAccess record exists
  5. When the user adds the first component, their cached JWT doesn't include the new library's access_id, so Meilisearch filters it out

Solution

Create the SearchAccess record immediately when a library is created in the content_library_created_handler. This ensures:

  • The SearchAccess record exists before any components are added
  • Course creators who create a library can immediately search its content
  • The frontend can refresh the JWT token after library creation to get the updated access_id

Testing Instructions

Prerequisites

  • Have a course creator user (non-superuser with library creation permissions)
  • Have Meilisearch enabled and configured
  • Have the corresponding frontend fix deployed (see related PR)

Manual Testing

  1. Login as the course creator and navigate to Studio
  2. Create a new library
  3. Add a new component
  4. Notice how the the UI does not update.
  5. Reload page, the UI should show the component was added
  6. After applying the fix the component will render as soon as it is added

Authoring MFE PR

Refreshes JWT token after library creation

@Waleed-Mujahid
fix: create SearchAccess on library creation for course creator searc…
a97a234 
…h access

When a course creator creates a new library, the SearchAccess record must exist immediately so their JWT token can include the library's access_id. Without this, course creators cannot see newly added components in search results until the page is refreshed.

This issue doesn't affect superusers who bypass access_id filtering.
@Waleed-Mujahid
test: verify SearchAccess is created automatically on library creation
5d6fc06
@Waleed-Mujahid Waleed-Mujahid force-pushed the fix/library-search-access-for-course-creators branch from b3bbc4a to 5d6fc06 Compare March 5, 2026 06:31
@UsamaSadiq UsamaSadiq merged commit 1184026 into openedx:master Mar 5, 2026
65 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@UsamaSadiq UsamaSadiq UsamaSadiq approved these changes

+1 more reviewer

@muhammadali286 muhammadali286 muhammadali286 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Waleed-Mujahid @UsamaSadiq @muhammadali286