learning-credentials 0.5.0rc1__py3-none-any.whl → 0.5.0rc3__py3-none-any.whl

learning_credentials/admin.py

@@ -6,9 +6,11 @@ import importlib
 import inspect
 from typing import TYPE_CHECKING
 
+import django
 from django import forms
 from django.contrib import admin, messages
 from django.core.exceptions import ValidationError
+from django.db.models import URLField
 from django.urls import reverse
 from django.utils.html import format_html
 from django_object_actions import DjangoObjectActions, action
@@ -228,10 +230,9 @@ class CredentialConfigurationAdmin(DjangoObjectActions, ReverseModelAdmin):
 @admin.register(Credential)
 class CredentialAdmin(DjangoObjectActions, admin.ModelAdmin):  # noqa: D101
     list_display = (
-        'user_id',
+        'user',
         'user_full_name',
-        'learning_context_key',
-        'credential_type',
+        'configuration',
         'status',
         'url',
         'created',
@@ -240,20 +241,26 @@ class CredentialAdmin(DjangoObjectActions, admin.ModelAdmin):  # noqa: D101
     readonly_fields = (
         'uuid',
         'verify_uuid',
-        'user_id',
+        'user',
+        'configuration',
         'created',
         'modified',
         'user_full_name',
-        'learning_context_key',
         'learning_context_name',
-        'credential_type',
         'status',
         'url',
         'legacy_id',
         'generation_task_id',
     )
-    search_fields = ("learning_context_key", "user_id", "user_full_name", "uuid")
-    list_filter = ("learning_context_key", "credential_type", "status")
+    search_fields = (
+        "configuration__learning_context_key",
+        "user_full_name",
+        "user__username",
+        "user__email",
+        "uuid",
+        "verify_uuid",
+    )
+    list_filter = ("configuration__learning_context_key", "configuration__credential_type", "status")
     change_actions = ('reissue_credential',)
 
     def save_model(self, request: HttpRequest, obj: Credential, _form: forms.ModelForm, _change: bool):  # noqa: FBT001
@@ -281,12 +288,27 @@ class CredentialAdmin(DjangoObjectActions, admin.ModelAdmin):  # noqa: D101
     @action(label="Reissue credential", description="Reissue the credential for the user.")
     def reissue_credential(self, request: HttpRequest, obj: Credential):
         """Reissue the credential for the user."""
-        try:
-            new_credential = obj.reissue()
-            admin_url = reverse('admin:learning_credentials_credential_change', args=[new_credential.pk])
-            message = format_html(
-                'The credential has been reissued as <a href="{}">{}</a>.', admin_url, new_credential.uuid
-            )
-            messages.success(request, message)
-        except CredentialConfiguration.DoesNotExist:
-            messages.error(request, "The configuration does not exist.")
+        new_credential = obj.reissue()
+        admin_url = reverse('admin:learning_credentials_credential_change', args=[new_credential.pk])
+        message = format_html(
+            'The credential has been reissued as <a href="{}">{}</a>.', admin_url, new_credential.uuid
+        )
+        messages.success(request, message)
+
+    def has_add_permission(self, _request: HttpRequest) -> bool:
+        """Hide the "Add" button in the admin interface."""
+        return False
+
+    def has_delete_permission(self, _request: HttpRequest, _obj: Credential | None = None) -> bool:
+        """Hide the "Delete" button in the admin interface."""
+        return False
+
+    def formfield_for_dbfield(self, db_field, request, **kwargs):  # noqa: ANN001, ANN201
+        """
+        Assume HTTPS for scheme-less domains pasted into URLFields.
+
+        This method can be removed when support for Django versions below 5.0 is dropped.
+        """
+        if django.VERSION[0] > 4 and isinstance(db_field, URLField):  # pragma: no cover
+            kwargs["assume_scheme"] = "https"
+        return super().formfield_for_dbfield(db_field, request, **kwargs)

learning_credentials/compat.py

@@ -10,7 +10,6 @@ It also simplifies running tests outside edx-platform's environment by stubbing
 from __future__ import annotations
 
 from contextlib import contextmanager
-from datetime import datetime
 from typing import TYPE_CHECKING
 
 import pytz
@@ -18,7 +17,9 @@ from celery import Celery
 from django.conf import settings
 from learning_paths.models import LearningPath
 
-if TYPE_CHECKING:  # pragma: no cover
+if TYPE_CHECKING:
+    from datetime import datetime
+
     from django.contrib.auth.models import User
     from learning_paths.keys import LearningPathKey
     from opaque_keys.edx.keys import CourseKey, LearningContextKey
@@ -33,7 +34,7 @@ def get_celery_app() -> Celery:
     # noinspection PyUnresolvedReferences,PyPackageRequirements
     from lms import CELERY_APP
 
-    return CELERY_APP  # pragma: no cover
+    return CELERY_APP
 
 
 def get_default_storage_url() -> str:
@@ -116,10 +117,15 @@ def get_course_grade(user: User, course_id: CourseKey):  # noqa: ANN201
     return CourseGradeFactory().read(user, course_key=course_id)
 
 
-def get_localized_credential_date() -> str:
-    """Get the localized date from Open edX."""
+def get_localized_credential_date(date: datetime) -> str:
+    """
+    Get the localized date from Open edX.
+
+    :param date: The datetime to format.
+    :returns: The formatted date string.
+    """
     # noinspection PyUnresolvedReferences,PyPackageRequirements
     from common.djangoapps.util.date_utils import strftime_localized
 
-    date = datetime.now(pytz.timezone(settings.TIME_ZONE))
-    return strftime_localized(date, settings.CERTIFICATE_DATE_FORMAT)
+    localized_date = date.astimezone(pytz.timezone(settings.TIME_ZONE))
+    return strftime_localized(localized_date, settings.CERTIFICATE_DATE_FORMAT)

learning_credentials/generators.py

@@ -25,7 +25,7 @@ from reportlab.pdfbase.pdfmetrics import FontError, FontNotFoundError, registerF
 from reportlab.pdfbase.ttfonts import TTFError, TTFont
 from reportlab.pdfgen.canvas import Canvas
 
-from .compat import get_default_storage_url, get_learning_context_name, get_localized_credential_date
+from .compat import get_default_storage_url, get_localized_credential_date
 from .exceptions import AssetNotFoundError
 from .models import CredentialAsset
 
@@ -34,10 +34,10 @@ log = logging.getLogger(__name__)
 if TYPE_CHECKING:  # pragma: no cover
     from uuid import UUID
 
-    from django.contrib.auth.models import User
-    from opaque_keys.edx.keys import CourseKey
     from pypdf import PageObject
 
+    from learning_credentials.models import Credential
+
 
 def _get_defaults() -> tuple[dict[str, Any], dict[str, dict[str, Any]]]:
     """
@@ -81,16 +81,6 @@ def _get_defaults() -> tuple[dict[str, Any], dict[str, dict[str, Any]]]:
     return default_styling, default_text_elements
 
 
-def _get_user_name(user: User) -> str:
-    """
-    Retrieve the user's name.
-
-    :param user: The user to generate the credential for.
-    :return: Username.
-    """
-    return user.profile.name or f"{user.first_name} {user.last_name}"
-
-
 def _register_font(pdf_canvas: Canvas, font_name: str) -> str:
     """
     Register a custom font if not already available.
@@ -246,11 +236,12 @@ def _render_text_element(
         pdf_canvas.drawString(line_x, line_y, line, charSpace=char_space)
 
 
-def _write_text_on_template(
+def _write_text_on_template(  # noqa: PLR0913
     template: PageObject,
     username: str,
     context_name: str,
     issue_date: str,
+    verify_uuid: str,
     options: dict[str, Any],
 ) -> Canvas:
     """
@@ -260,6 +251,7 @@ def _write_text_on_template(
     :param username: The name of the user to generate the credential for.
     :param context_name: The name of the learning context.
     :param issue_date: The formatted issue date string.
+    :param verify_uuid: The verification UUID of the credential.
     :param options: A dictionary documented in the ``generate_pdf_credential`` function.
     :returns: A canvas with written data.
     """
@@ -271,6 +263,7 @@ def _write_text_on_template(
         'name': username,
         'context_name': context_name,
         'issue_date': issue_date,
+        'verify_uuid': verify_uuid,
     }
 
     # Build and render text elements.
@@ -282,26 +275,73 @@ def _write_text_on_template(
     return pdf_canvas
 
 
-def _save_credential(credential: PdfWriter, credential_uuid: UUID) -> str:
+def _get_credential_paths(credential_uuid: UUID) -> tuple[str, str]:
+    """
+    Get the original and archive paths for a credential.
+
+    :param credential_uuid: The UUID of the credential.
+    :returns: A tuple of (original_path, archive_path).
+    """
+    output_dir = getattr(settings, 'LEARNING_CREDENTIALS_OUTPUT_DIR', 'learning_credentials')
+    original_path = f'{output_dir}/{credential_uuid}.pdf'
+    archive_path = f'{output_dir}_invalidated/{credential_uuid}.pdf'
+    return original_path, archive_path
+
+
+def _invalidate_credential(credential_uuid: UUID) -> str | None:
+    """
+    Invalidate a PDF credential by moving it to an archive location and restricting access.
+
+    For S3 storage: moves file to archive path and sets ACL to private.
+    For other backends: moves file to archive path.
+
+    :param credential_uuid: The UUID of the credential to invalidate.
+    :returns: The archive path if successful, None if file didn't exist.
+    """
+    original_path, archive_path = _get_credential_paths(credential_uuid)
+
+    if not default_storage.exists(original_path):
+        log.warning("Credential file %s does not exist, nothing to invalidate", original_path)
+        return None
+
+    with default_storage.open(original_path, 'rb') as original_file:
+        default_storage.save(archive_path, ContentFile(original_file.read()))
+    log.info("Archived credential to %s", archive_path)
+
+    default_storage.delete(original_path)
+    log.info("Deleted original credential file %s", original_path)
+
+    # Set ACL to private if S3 (django-storages S3Boto3Storage exposes the bucket).
+    if hasattr(default_storage, 'bucket'):
+        try:
+            obj = default_storage.bucket.Object(archive_path)
+            obj.Acl().put(ACL='private')
+            log.info("Set ACL to private for archived file %s", archive_path)
+        except Exception:
+            log.exception("Failed to set ACL to private for %s", archive_path)
+
+    return archive_path
+
+
+def _save_credential(pdf_writer: PdfWriter, credential_uuid: UUID) -> str:
     """
     Save the final PDF file to BytesIO and upload it using Django default storage.
 
-    :param credential: Pdf credential.
+    :param pdf_writer: The PdfWriter instance containing the credential.
     :param credential_uuid: The UUID of the credential.
     :returns: The URL of the saved credential.
     """
-    # Save the final PDF file to BytesIO.
-    output_path = f'external_certificates/{credential_uuid}.pdf'
+    output_path, _ = _get_credential_paths(credential_uuid)
 
     view_print_extract_permission = (
         UserAccessPermissions.PRINT
         | UserAccessPermissions.PRINT_TO_REPRESENTATION
         | UserAccessPermissions.EXTRACT_TEXT_AND_GRAPHICS
     )
-    credential.encrypt('', secrets.token_hex(32), permissions_flag=view_print_extract_permission, algorithm='AES-256')
+    pdf_writer.encrypt('', secrets.token_hex(32), permissions_flag=view_print_extract_permission, algorithm='AES-256')
 
     pdf_bytes = io.BytesIO()
-    credential.write(pdf_bytes)
+    pdf_writer.write(pdf_bytes)
     pdf_bytes.seek(0)  # Rewind to start.
     # Upload with Django default storage.
     credential_file = ContentFile(pdf_bytes.read())
@@ -320,20 +360,15 @@ def _save_credential(credential: PdfWriter, credential_uuid: UUID) -> str:
     return url
 
 
-def generate_pdf_credential(
-    learning_context_key: CourseKey,
-    user: User,
-    credential_uuid: UUID,
-    options: dict[str, Any],
-) -> str:
+def generate_pdf_credential(credential: Credential, options: dict[str, Any], *, invalidate: bool = False) -> str:
     r"""
-    Generate a PDF credential.
+    Generate or invalidate a PDF credential.
 
-    :param learning_context_key: The ID of the course or learning path the credential is for.
-    :param user: The user to generate the credential for.
-    :param credential_uuid: The UUID of the credential to generate.
+    :param credential: The Credential instance to generate or invalidate the PDF for.
     :param options: The custom options for the credential.
-    :returns: The URL of the saved credential.
+    :param invalidate: If True, invalidates the credential instead of generating it.
+        The PDF is moved to an archive location and made inaccessible.
+    :returns: The URL of the saved credential, or empty string if invalidated.
 
     Options:
 
@@ -372,12 +407,17 @@ def generate_pdf_credential(
         }
       }
     """
-    log.info("Starting credential generation for user %s", user.id)
+    if invalidate:
+        log.info("Invalidating credential %s for user %s", credential.uuid, credential.user.id)
+        _invalidate_credential(credential.uuid)
+        return ''
+
+    log.info("Starting credential generation for user %s", credential.user.id)
 
-    username = _get_user_name(user)
+    username = credential.user_full_name
 
     # Handle multiline context name.
-    context_name = get_learning_context_name(learning_context_key)
+    context_name = credential.learning_context_name
     custom_context_name = ''
     custom_context_text_element = options.get('text_elements', {}).get('context', {})
     if isinstance(custom_context_text_element, dict):
@@ -395,22 +435,24 @@ def generate_pdf_credential(
     template_file = CredentialAsset.get_asset_by_slug(template_path)
 
     # Get the issue date.
-    issue_date = get_localized_credential_date()
+    issue_date = get_localized_credential_date(credential.created)
 
     # Load the PDF template.
     with template_file.open('rb') as template_file:
         template = PdfReader(template_file).pages[0]
 
-        credential = PdfWriter()
+        pdf_writer = PdfWriter()
 
         # Create a new canvas, prepare the page and write the data.
-        pdf_canvas = _write_text_on_template(template, username, context_name, issue_date, options)
+        pdf_canvas = _write_text_on_template(
+            template, username, context_name, issue_date, str(credential.verify_uuid), options
+        )
 
         overlay_pdf = PdfReader(io.BytesIO(pdf_canvas.getpdfdata()))
         template.merge_page(overlay_pdf.pages[0])
-        credential.add_page(template)
+        pdf_writer.add_page(template)
 
-        url = _save_credential(credential, credential_uuid)
+        url = _save_credential(pdf_writer, credential.uuid)
 
         log.info("Credential saved to %s", url)
     return url

learning_credentials/migrations/0001_squashed_0010.py

@@ -0,0 +1,265 @@
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+import jsonfield.fields
+import learning_credentials.models
+import model_utils.fields
+import opaque_keys.edx.django.models
+import uuid
+
+
+class Migration(migrations.Migration):
+    replaces = [
+        ('learning_credentials', '0001_initial'),
+        ('learning_credentials', '0002_migrate_to_learning_credentials'),
+        ('learning_credentials', '0003_rename_certificates_to_credentials'),
+        ('learning_credentials', '0004_replace_course_keys_with_learning_context_keys'),
+        ('learning_credentials', '0005_rename_processors_and_generators'),
+        ('learning_credentials', '0006_cleanup_openedx_certificates_tables'),
+        ('learning_credentials', '0007_migrate_to_text_elements_format'),
+        ('learning_credentials', '0008_validation'),
+        ('learning_credentials', '0009_credential_user_fk'),
+        ('learning_credentials', '0010_credential_configuration_fk'),
+    ]
+
+    initial = True
+
+    dependencies = [
+        ("django_celery_beat", "0019_alter_periodictasks_options"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="CredentialAsset",
+            fields=[
+                ("id", models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name="ID")),
+                (
+                    "created",
+                    model_utils.fields.AutoCreatedField(
+                        default=django.utils.timezone.now, editable=False, verbose_name="created"
+                    ),
+                ),
+                (
+                    "modified",
+                    model_utils.fields.AutoLastModifiedField(
+                        default=django.utils.timezone.now, editable=False, verbose_name="modified"
+                    ),
+                ),
+                ("description", models.CharField(blank=True, help_text="Description of the asset.", max_length=255)),
+                (
+                    "asset",
+                    models.FileField(
+                        help_text="Asset file. It could be a PDF template, image or font file.",
+                        max_length=255,
+                        upload_to=learning_credentials.models.CredentialAsset.template_assets_path,
+                    ),
+                ),
+                (
+                    "asset_slug",
+                    models.SlugField(
+                        help_text="Asset's unique slug. We can reference the asset in templates using this value.",
+                        max_length=255,
+                        unique=True,
+                    ),
+                ),
+            ],
+            options={"get_latest_by": "created"},
+        ),
+        migrations.CreateModel(
+            name="CredentialType",
+            fields=[
+                ("id", models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name="ID")),
+                (
+                    "created",
+                    model_utils.fields.AutoCreatedField(
+                        default=django.utils.timezone.now, editable=False, verbose_name="created"
+                    ),
+                ),
+                (
+                    "modified",
+                    model_utils.fields.AutoLastModifiedField(
+                        default=django.utils.timezone.now, editable=False, verbose_name="modified"
+                    ),
+                ),
+                ("name", models.CharField(help_text="Name of the credential type.", max_length=255, unique=True)),
+                (
+                    "retrieval_func",
+                    models.CharField(help_text="A name of the function to retrieve eligible users.", max_length=200),
+                ),
+                (
+                    "generation_func",
+                    models.CharField(help_text="A name of the function to generate credentials.", max_length=200),
+                ),
+                (
+                    "custom_options",
+                    jsonfield.fields.JSONField(blank=True, default=dict, help_text="Custom options for the functions."),
+                ),
+            ],
+            options={"abstract": False},
+        ),
+        migrations.CreateModel(
+            name="CredentialConfiguration",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                (
+                    "created",
+                    model_utils.fields.AutoCreatedField(
+                        default=django.utils.timezone.now,
+                        editable=False,
+                        verbose_name="created",
+                    ),
+                ),
+                (
+                    "modified",
+                    model_utils.fields.AutoLastModifiedField(
+                        default=django.utils.timezone.now,
+                        editable=False,
+                        verbose_name="modified",
+                    ),
+                ),
+                (
+                    "learning_context_key",
+                    opaque_keys.edx.django.models.LearningContextKeyField(
+                        help_text="ID of a learning context (e.g., a course or a Learning Path).",
+                        max_length=255,
+                    ),
+                ),
+                (
+                    "custom_options",
+                    jsonfield.fields.JSONField(
+                        blank=True,
+                        default=dict,
+                        help_text="Custom options for the functions. If specified, they are merged with the options defined in the credential type.",
+                    ),
+                ),
+                (
+                    "credential_type",
+                    models.ForeignKey(
+                        help_text="Associated credential type.",
+                        on_delete=django.db.models.deletion.CASCADE,
+                        to="learning_credentials.credentialtype",
+                    ),
+                ),
+                (
+                    "periodic_task",
+                    models.OneToOneField(
+                        help_text="Associated periodic task.",
+                        on_delete=django.db.models.deletion.CASCADE,
+                        to="django_celery_beat.periodictask",
+                    ),
+                ),
+            ],
+            options={"unique_together": {("learning_context_key", "credential_type")}},
+        ),
+        migrations.CreateModel(
+            name="Credential",
+            fields=[
+                (
+                    "created",
+                    model_utils.fields.AutoCreatedField(
+                        default=django.utils.timezone.now, editable=False, verbose_name="created"
+                    ),
+                ),
+                (
+                    "modified",
+                    model_utils.fields.AutoLastModifiedField(
+                        default=django.utils.timezone.now, editable=False, verbose_name="modified"
+                    ),
+                ),
+                (
+                    "uuid",
+                    models.UUIDField(
+                        default=uuid.uuid4,
+                        editable=False,
+                        help_text="Auto-generated UUID of the credential",
+                        primary_key=True,
+                        serialize=False,
+                    ),
+                ),
+                (
+                    "verify_uuid",
+                    models.UUIDField(
+                        default=uuid.uuid4, editable=False, help_text="UUID used for verifying the credential"
+                    ),
+                ),
+                (
+                    "user_full_name",
+                    models.CharField(
+                        editable=False,
+                        help_text="User receiving the credential. This field is used for validation purposes.",
+                        max_length=255,
+                    ),
+                ),
+                (
+                    "learning_context_name",
+                    models.CharField(
+                        editable=False,
+                        help_text="Name of the learning context for which the credential was issued. This field is used for validation purposes.",
+                        max_length=255,
+                    ),
+                ),
+                (
+                    "status",
+                    models.CharField(
+                        choices=[
+                            ("generating", "Generating"),
+                            ("available", "Available"),
+                            ("error", "Error"),
+                            ("invalidated", "Invalidated"),
+                        ],
+                        default="generating",
+                        help_text="Status of the credential generation task",
+                        max_length=32,
+                    ),
+                ),
+                (
+                    "download_url",
+                    models.URLField(blank=True, help_text="URL of the generated credential PDF (e.g., to S3)"),
+                ),
+                (
+                    "legacy_id",
+                    models.IntegerField(
+                        help_text="Legacy ID of the credential imported from another system", null=True
+                    ),
+                ),
+                ("generation_task_id", models.CharField(help_text="Task ID from the Celery queue", max_length=255)),
+                (
+                    "invalidated_at",
+                    models.DateTimeField(
+                        editable=False, help_text="Timestamp when the credential was invalidated", null=True
+                    ),
+                ),
+                (
+                    "invalidation_reason",
+                    models.CharField(blank=True, help_text="Reason for invalidating the credential", max_length=255),
+                ),
+                (
+                    "configuration",
+                    models.ForeignKey(
+                        help_text="Associated credential configuration",
+                        on_delete=django.db.models.deletion.PROTECT,
+                        to="learning_credentials.credentialconfiguration",
+                    ),
+                ),
+                (
+                    "user",
+                    models.ForeignKey(
+                        help_text="User receiving the credential",
+                        on_delete=django.db.models.deletion.CASCADE,
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
+            ],
+            options={"abstract": False},
+        ),
+    ]

learning_credentials/migrations/0009_credential_user_fk.py

@@ -0,0 +1,63 @@
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+def populate_user_fk(apps, schema_editor):
+    """Copy user_id values to the new user FK field."""
+    Credential = apps.get_model("learning_credentials", "Credential")
+    for credential in Credential.objects.all():
+        credential.user_id = credential.user_id_old
+        credential.save(update_fields=["user_id"])
+
+
+def reverse_populate_user_fk(apps, schema_editor):
+    """Copy user FK values back to user_id_old."""
+    Credential = apps.get_model("learning_credentials", "Credential")
+    for credential in Credential.objects.all():
+        credential.user_id_old = credential.user_id
+        credential.save(update_fields=["user_id_old"])
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ("learning_credentials", "0008_validation"),
+    ]
+
+    operations = [
+        # Rename the old user_id field to user_id_old.
+        migrations.RenameField(
+            model_name="credential",
+            old_name="user_id",
+            new_name="user_id_old",
+        ),
+        # Add the new user FK field (nullable initially).
+        migrations.AddField(
+            model_name="credential",
+            name="user",
+            field=models.ForeignKey(
+                help_text="User receiving the credential",
+                null=True,
+                on_delete=django.db.models.deletion.CASCADE,
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        # Populate the user FK from user_id_old.
+        migrations.RunPython(populate_user_fk, reverse_code=reverse_populate_user_fk),
+        # Make the user FK non-nullable.
+        migrations.AlterField(
+            model_name="credential",
+            name="user",
+            field=models.ForeignKey(
+                help_text="User receiving the credential",
+                on_delete=django.db.models.deletion.CASCADE,
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        # Remove the old user_id_old field.
+        migrations.RemoveField(
+            model_name="credential",
+            name="user_id_old",
+        ),
+    ]

learning_credentials/migrations/0010_credential_configuration_fk.py

@@ -0,0 +1,79 @@
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+def populate_configuration_fk(apps, schema_editor):
+    """
+    Populate the configuration FK by finding the matching CredentialConfiguration.
+    """
+    Credential = apps.get_model("learning_credentials", "Credential")
+    CredentialConfiguration = apps.get_model("learning_credentials", "CredentialConfiguration")
+
+    for credential in Credential.objects.all():
+        try:
+            config = CredentialConfiguration.objects.get(
+                learning_context_key=credential.learning_context_key,
+                credential_type__name=credential.credential_type,
+            )
+            credential.configuration = config
+            credential.save(update_fields=["configuration"])
+        except CredentialConfiguration.DoesNotExist:
+            # If no matching configuration exists, we cannot migrate this credential.
+            # This should not happen in normal circumstances.
+            raise ValueError(
+                f"No CredentialConfiguration found for Credential {credential.uuid} "
+                f"with learning_context_key={credential.learning_context_key} "
+                f"and credential_type={credential.credential_type}"
+            )
+
+
+def reverse_populate_configuration_fk(apps, schema_editor):
+    """Reverse migration: populate credential_type and learning_context_key from configuration."""
+    Credential = apps.get_model("learning_credentials", "Credential")
+
+    for credential in Credential.objects.select_related("configuration__credential_type").all():
+        credential.credential_type = credential.configuration.credential_type.name
+        credential.learning_context_key = credential.configuration.learning_context_key
+        credential.save(update_fields=["credential_type", "learning_context_key"])
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("learning_credentials", "0009_credential_user_fk"),
+    ]
+
+    operations = [
+        # Add the new configuration FK field (nullable initially).
+        migrations.AddField(
+            model_name="credential",
+            name="configuration",
+            field=models.ForeignKey(
+                help_text="Associated credential configuration",
+                null=True,
+                on_delete=django.db.models.deletion.PROTECT,
+                to="learning_credentials.credentialconfiguration",
+            ),
+        ),
+        # Populate the configuration FK from credential_type and learning_context_key.
+        migrations.RunPython(populate_configuration_fk, reverse_code=reverse_populate_configuration_fk),
+        # Make the configuration FK non-nullable
+        migrations.AlterField(
+            model_name="credential",
+            name="configuration",
+            field=models.ForeignKey(
+                help_text="Associated credential configuration",
+                on_delete=django.db.models.deletion.PROTECT,
+                to="learning_credentials.credentialconfiguration",
+            ),
+        ),
+        # Remove the old credential_type field.
+        migrations.RemoveField(
+            model_name="credential",
+            name="credential_type",
+        ),
+        # Remove the redundant learning_context_key field (now accessible via configuration).
+        migrations.RemoveField(
+            model_name="credential",
+            name="learning_context_key",
+        ),
+    ]

learning_credentials/models.py

@@ -176,8 +176,7 @@ class CredentialConfiguration(TimeStampedModel):
                  2. Have such a credential with an error status.
         """
         users_ids_with_credentials = Credential.objects.filter(
-            models.Q(learning_context_key=self.learning_context_key),
-            models.Q(credential_type=self.credential_type),
+            models.Q(configuration=self),
             ~(models.Q(status=Credential.Status.ERROR)),
         ).values_list('user_id', flat=True)
 
@@ -221,9 +220,8 @@ class CredentialConfiguration(TimeStampedModel):
         custom_options = _deep_merge(self.credential_type.custom_options, self.custom_options)
 
         credential, _ = Credential.objects.exclude(status=Credential.Status.INVALIDATED).update_or_create(
-            user_id=user_id,
-            learning_context_key=self.learning_context_key,
-            credential_type=self.credential_type.name,
+            user=user,
+            configuration=self,
             defaults={
                 'user_full_name': user_full_name,
                 'learning_context_name': learning_context_name,
@@ -238,13 +236,13 @@ class CredentialConfiguration(TimeStampedModel):
             generation_func = getattr(generation_module, generation_func_name)
 
             # Run the functions. We do not validate them here, as they are validated in the model's clean() method.
-            credential.download_url = generation_func(self.learning_context_key, user, credential.uuid, custom_options)
+            credential.download_url = generation_func(credential, custom_options)
             credential.status = Credential.Status.AVAILABLE
             credential.save()
         except Exception as exc:
             credential.status = Credential.Status.ERROR
             credential.save()
-            msg = f'Failed to generate the {credential.uuid=} for {user_id=} with {self.id=}.'
+            msg = f'Failed to generate the {credential.uuid=} for {user_id=} with {self.id=}.\nReason: {exc}'
             raise CredentialGenerationError(msg) from exc
         else:
             # TODO: In the future, we want to check this before generating the credential.
@@ -297,16 +295,16 @@ class Credential(TimeStampedModel):
         editable=False,
         help_text=_('UUID used for verifying the credential'),
     )
-    user_id = models.IntegerField(help_text=_('ID of the user receiving the credential'))
+    user = models.ForeignKey(
+        settings.AUTH_USER_MODEL,
+        on_delete=models.CASCADE,
+        help_text=_('User receiving the credential'),
+    )
     user_full_name = models.CharField(
         max_length=255,
         editable=False,
         help_text=_('User receiving the credential. This field is used for validation purposes.'),
     )
-    learning_context_key = LearningContextKeyField(
-        max_length=255,
-        help_text=_('ID of a learning context (e.g., a course or a Learning Path) for which the credential was issued'),
-    )
     learning_context_name = models.CharField(
         max_length=255,
         editable=False,
@@ -315,7 +313,11 @@ class Credential(TimeStampedModel):
             'This field is used for validation purposes.'
         ),
     )
-    credential_type = models.CharField(max_length=255, help_text=_('Type of the credential'))
+    configuration = models.ForeignKey(
+        'CredentialConfiguration',
+        on_delete=models.PROTECT,
+        help_text=_('Associated credential configuration'),
+    )
     status = models.CharField(
         max_length=32,
         choices=Status.choices,
@@ -332,24 +334,36 @@ class Credential(TimeStampedModel):
         max_length=255, blank=True, help_text=_('Reason for invalidating the credential')
     )
 
-    def __str__(self):  # noqa: D105
-        return f"{self.credential_type} for {self.user_full_name} in {self.learning_context_key}"
+    def __str__(self):
+        """Get a string representation of this model's instance."""
+        return (
+            f"{self.configuration.credential_type.name} for {self.user_full_name} "
+            f"in {self.configuration.learning_context_key}"
+        )
 
     def save(self, *args, **kwargs):
-        """If the invalidation reason is set, update the status and timestamp."""
+        """If the invalidation reason is set, trigger the invalidation and update the timestamp."""
         if self.invalidation_reason and self.status != Credential.Status.INVALIDATED:
-            self.status = Credential.Status.INVALIDATED
+            self._invalidate()
         if self.status == Credential.Status.INVALIDATED and not self.invalidated_at:
             self.invalidated_at = timezone.now()
         super().save(*args, **kwargs)
 
+    def _invalidate(self):
+        """Trigger the invalidation process for the credential."""
+        generation_module_name, generation_func_name = self.configuration.credential_type.generation_func.rsplit('.', 1)
+        generation_module = import_module(generation_module_name)
+        generation_func = getattr(generation_module, generation_func_name)
+
+        self.download_url = generation_func(self, {}, invalidate=True)
+        self.status = Credential.Status.INVALIDATED
+
     def send_email(self):
         """Send a credential link to the student."""
-        user = get_user_model().objects.get(id=self.user_id)
         msg = Message(
             name="certificate_generated",
             app_label="learning_credentials",
-            recipient=Recipient(lms_user_id=user.id, email_address=user.email),
+            recipient=Recipient(lms_user_id=self.user.id, email_address=self.user.email),
             language='en',
             context={
                 'certificate_link': self.download_url,
@@ -361,17 +375,12 @@ class Credential(TimeStampedModel):
 
     def reissue(self) -> Self:
         """Invalidate the current credential and create a new one."""
-        config = CredentialConfiguration.objects.get(
-            learning_context_key=self.learning_context_key,
-            credential_type__name=self.credential_type,
-        )
-
         if self.invalidation_reason:
             self.invalidation_reason += '\n'
         self.invalidation_reason += 'Reissued'
         self.save()
 
-        return config.generate_credential_for_user(self.user_id)
+        return self.configuration.generate_credential_for_user(self.user.id)
 
 
 class CredentialAsset(TimeStampedModel):

{learning_credentials-0.5.0rc1.dist-info → learning_credentials-0.5.0rc3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: learning-credentials
-Version: 0.5.0rc1
+Version: 0.5.0rc3
 Summary: A pluggable service for preparing Open edX credentials.
 Author-email: OpenCraft <help@opencraft.com>
 License-Expression: AGPL-3.0-or-later

{learning_credentials-0.5.0rc1.dist-info → learning_credentials-0.5.0rc3.dist-info}/RECORD

@@ -1,10 +1,10 @@
 learning_credentials/__init__.py,sha256=8Q0-3Hdnfmcj41EKu1GSfzEfwWcYNDlItyEEke2r9bs,62
-learning_credentials/admin.py,sha256=gLVpCn5oOHLL3u-wnx4R1yJXfar1Z32vk8zcTVjtBFY,11791
+learning_credentials/admin.py,sha256=AkbLqeFyGEmEsv-EGU4tD3KeCOd6ldvopg2uj_sRUAA,12558
 learning_credentials/apps.py,sha256=trdQxe-JRhUdUaOQoQWiGL1sn6I1sfDiTvdCwy8yGuw,1037
-learning_credentials/compat.py,sha256=bTAB6bTh99ZyhUqOsDtM_BuIPzFxCjySFtfvc-_fCd4,4731
+learning_credentials/compat.py,sha256=EVUxlybL3ugzquPgL0sst7yAQ9qpyAplloTzS52jF5o,4826
 learning_credentials/exceptions.py,sha256=UaqBVXFMWR2Iob7_LMb3j4NNVmWQFAgLi_MNMRUvGsI,290
-learning_credentials/generators.py,sha256=gaw3zoEzVhSjo96QM6Q6K70e_iK44LxCuQIQ05p7lP0,14895
-learning_credentials/models.py,sha256=6ObPBesQW7RPXOH1bnQf4ZEWoXwHfwN3K_OmvZZxW8E,18476
+learning_credentials/generators.py,sha256=2tAeqmEaK5zaygloLXQNHjDXMAalYlwJprx1KmL1pUY,16969
+learning_credentials/models.py,sha256=JF2xtZWDCA7WRY0kBopzxgazPngpqHAM67wdPwdis1M,18602
 learning_credentials/processors.py,sha256=LkdjmkLBnXc9qeMcksB1T8AQ5ZhYaECyQO__KfHB_aU,15212
 learning_credentials/tasks.py,sha256=byoFEUvN_ayVaU5K5SlEiA7vu9BRPaSSmKnB9g5toec,1927
 learning_credentials/urls.py,sha256=KXZtvPXXl2X_nTREWaCFxcAgY2XET1eWRbcx2rq_6eI,348
@@ -17,6 +17,7 @@ learning_credentials/api/v1/urls.py,sha256=RytArViuKZQkWs46sk58VfaVCwLV-QrgTG7cQ
 learning_credentials/api/v1/views.py,sha256=CJEVPwCXs_ii463agPRpJeX6NCgyyFX9ZIBJh0BAc9I,4926
 learning_credentials/conf/locale/config.yaml,sha256=jPen2DmckNDKK30axCKEd2Q2ha9oOG3IBxrJ63Pvznk,2280
 learning_credentials/migrations/0001_initial.py,sha256=61EvThCv-0UAnhCE5feyQVfjRodbp-6cDaAr4CY5PMA,8435
+learning_credentials/migrations/0001_squashed_0010.py,sha256=STQ4MRVfW7F-Dfqb8DrdiezQavn0wlwWfjGpGFmDcqc,10944
 learning_credentials/migrations/0002_migrate_to_learning_credentials.py,sha256=vUhcnQKDdwOsppkXsjz2zZwOGMwIJ-fkQRsaj-K7l1o,1779
 learning_credentials/migrations/0003_rename_certificates_to_credentials.py,sha256=YqSaHTB60VNc9k245um2GYVDH6J0l9BrN3ak6WKljjk,4677
 learning_credentials/migrations/0004_replace_course_keys_with_learning_context_keys.py,sha256=5KaXvASl69qbEaHX5_Ty_3Dr7K4WV6p8VWOx72yJnTU,1919
@@ -24,6 +25,8 @@ learning_credentials/migrations/0005_rename_processors_and_generators.py,sha256=
 learning_credentials/migrations/0006_cleanup_openedx_certificates_tables.py,sha256=aJs_gOP4TmW9J-Dmr21m94jBfLQxzjAu6-ua7x4uYLE,727
 learning_credentials/migrations/0007_migrate_to_text_elements_format.py,sha256=_olkaxPPuRys2c2X5fnyQIFVvqEfdoYu-JlApmXuHEM,4758
 learning_credentials/migrations/0008_validation.py,sha256=jcTg4Lnlmcyp1Czc9b-52gPJ_s8W7Dwodvi_LggpVjw,3387
+learning_credentials/migrations/0009_credential_user_fk.py,sha256=yT1YdE1ptZ8ZT7bWVQyTpgxs--UifGxK3V10ehHZ5Ig,2233
+learning_credentials/migrations/0010_credential_configuration_fk.py,sha256=z3OZCgs_AJzxxyBvWVvvUSTXKPjYvBN8xd8VajwYBZA,3415
 learning_credentials/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 learning_credentials/settings/__init__.py,sha256=tofc5eg3Q2lV13Ff_jjg1ggGgWpKYoeESkP1qxl3H_A,29
 learning_credentials/settings/common.py,sha256=Cck-nyFt11G1NLiz-bHfKJp8MV6sDZGqTwdbC8_1WE0,360
@@ -35,9 +38,9 @@ learning_credentials/templates/learning_credentials/edx_ace/certificate_generate
 learning_credentials/templates/learning_credentials/edx_ace/certificate_generated/email/from_name.txt,sha256=-n8tjPSwfwAfeOSZ1WhcCTrpOah4VswzMZ5mh63Pxow,20
 learning_credentials/templates/learning_credentials/edx_ace/certificate_generated/email/head.html,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 learning_credentials/templates/learning_credentials/edx_ace/certificate_generated/email/subject.txt,sha256=S7Hc5T_sZSsSBXm5_H5HBNNv16Ohl0oZn0nVqqeWL0g,132
-learning_credentials-0.5.0rc1.dist-info/licenses/LICENSE.txt,sha256=GDpsPnW_1NKhPvZpZL9imz25P2nIpbwJPEhrlq4vPAU,34523
-learning_credentials-0.5.0rc1.dist-info/METADATA,sha256=8O8HFW30e2DKY_0Yzirkh_Nt0jQV7aWyCEBluO_Erfg,8461
-learning_credentials-0.5.0rc1.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-learning_credentials-0.5.0rc1.dist-info/entry_points.txt,sha256=hHqqLUEdzAN24v5OGBX9Fr-wh3ATDPjQjByKz03eC2Y,91
-learning_credentials-0.5.0rc1.dist-info/top_level.txt,sha256=Ce-4_leZe_nny7CpmkeRiemcDV6jIHpIvLjlcQBuf18,21
-learning_credentials-0.5.0rc1.dist-info/RECORD,,
+learning_credentials-0.5.0rc3.dist-info/licenses/LICENSE.txt,sha256=GDpsPnW_1NKhPvZpZL9imz25P2nIpbwJPEhrlq4vPAU,34523
+learning_credentials-0.5.0rc3.dist-info/METADATA,sha256=eOcIS9drEVJVDExK5zGolz5e3apUQWBEnfIzeTa8-vo,8461
+learning_credentials-0.5.0rc3.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+learning_credentials-0.5.0rc3.dist-info/entry_points.txt,sha256=hHqqLUEdzAN24v5OGBX9Fr-wh3ATDPjQjByKz03eC2Y,91
+learning_credentials-0.5.0rc3.dist-info/top_level.txt,sha256=Ce-4_leZe_nny7CpmkeRiemcDV6jIHpIvLjlcQBuf18,21
+learning_credentials-0.5.0rc3.dist-info/RECORD,,