fix: Copilot feedback

brianjbuck-wgu · brianjbuck-wgu · commit f1aced39baee · 2026-04-08T09:56:34.000-06:00
diff --git a/lms/djangoapps/instructor/views/api_v2.py b/lms/djangoapps/instructor/views/api_v2.py
@@ -1624,15 +1624,15 @@ def _parse_course_and_problem(course_id, problem):
         course_key = CourseKey.from_string(course_id)
     except InvalidKeyError:
         return None, Response(
-            {'error': 'INVALID_PARAMETER', 'message': 'Invalid course key format', 'status_code': 400},
+            {'error': 'Invalid course key'},
             status=status.HTTP_400_BAD_REQUEST
         )
 
     try:
         usage_key = UsageKey.from_string(problem).map_into_course(course_key)
     except InvalidKeyError:
         return None, Response(
-            {'error': 'INVALID_PARAMETER', 'message': 'Invalid problem location', 'status_code': 400},
+            {'error': 'Invalid problem location'},
             status=status.HTTP_400_BAD_REQUEST
         )
 
@@ -1643,15 +1643,21 @@ def _resolve_learner(learner_identifier):
     """
     Resolve a learner identifier (username or email) to a User object.
 
-    Returns User on success, or a Response with 404 on failure.
+    Returns (User, None) on success, or (None, Response) on failure.
     """
+    UserModel = get_user_model()
     try:
-        return get_student_from_identifier(learner_identifier), None
-    except Exception:  # pylint: disable=broad-except
+        return get_user_by_username_or_email(learner_identifier), None
+    except UserModel.DoesNotExist:
         return None, Response(
-            {'error': 'RESOURCE_NOT_FOUND', 'message': 'Learner not found', 'status_code': 404},
+            {'error': 'Learner not found'},
             status=status.HTTP_404_NOT_FOUND
         )
+    except UserModel.MultipleObjectsReturned:
+        return None, Response(
+            {'error': 'Multiple learners found for the given identifier'},
+            status=status.HTTP_400_BAD_REQUEST
+        )
 
 
 def _build_async_response(instructor_task, course_id, problem_location, learner_scope='all'):
@@ -1685,6 +1691,33 @@ class ResetAttemptsView(DeveloperErrorViewMixin, APIView):
     permission_classes = (IsAuthenticated, permissions.InstructorPermission)
     permission_name = permissions.GIVE_STUDENT_EXTENSION
 
+    @apidocs.schema(
+        parameters=[
+            apidocs.string_parameter(
+                'course_id',
+                apidocs.ParameterLocation.PATH,
+                description="Course key for the course.",
+            ),
+            apidocs.string_parameter(
+                'problem',
+                apidocs.ParameterLocation.PATH,
+                description="Problem block usage key.",
+            ),
+            apidocs.string_parameter(
+                'learner',
+                apidocs.ParameterLocation.QUERY,
+                description="Optional: Learner username or email. If omitted, resets all learners (async).",
+            ),
+        ],
+        responses={
+            200: SyncOperationResultSerializer,
+            202: AsyncOperationResultSerializer,
+            400: "Invalid parameters provided.",
+            401: "The requesting user is not authenticated.",
+            403: "The requesting user lacks permission.",
+            404: "Learner not found.",
+        },
+    )
     @method_decorator(transaction.non_atomic_requests)
     def post(self, request, course_id, problem):
         """Reset problem attempts for one or all learners."""
@@ -1710,16 +1743,12 @@ def post(self, request, course_id, problem):
                 )
             except StudentModule.DoesNotExist:
                 return Response(
-                    {'error': 'RESOURCE_NOT_FOUND',
-                     'message': 'No state found for this learner and problem',
-                     'status_code': 404},
+                    {'error': 'No state found for this learner and problem'},
                     status=status.HTTP_404_NOT_FOUND,
                 )
             except sub_api.SubmissionError:
                 return Response(
-                    {'error': 'INTERNAL_ERROR',
-                     'message': 'An error occurred while resetting attempts',
-                     'status_code': 500},
+                    {'error': 'An error occurred while resetting attempts'},
                     status=status.HTTP_500_INTERNAL_SERVER_ERROR,
                 )
 
@@ -1736,9 +1765,7 @@ def post(self, request, course_id, problem):
             course = get_course_with_access(request.user, 'staff', course_key, depth=None)
             if not has_access(request.user, 'instructor', course):
                 return Response(
-                    {'error': 'PERMISSION_DENIED',
-                     'message': 'Instructor access required for bulk operations',
-                     'status_code': 403},
+                    {'error': 'Instructor access required for bulk operations'},
                     status=status.HTTP_403_FORBIDDEN,
                 )
 
@@ -1748,16 +1775,12 @@ def post(self, request, course_id, problem):
                 )
             except AlreadyRunningError:
                 return Response(
-                    {'error': 'ALREADY_RUNNING',
-                     'message': 'A reset task is already running for this problem',
-                     'status_code': 409},
+                    {'error': 'A reset task is already running for this problem'},
                     status=status.HTTP_409_CONFLICT,
                 )
             except ItemNotFoundError:
                 return Response(
-                    {'error': 'RESOURCE_NOT_FOUND',
-                     'message': 'Problem not found',
-                     'status_code': 404},
+                    {'error': 'Problem not found'},
                     status=status.HTTP_404_NOT_FOUND,
                 )
 
@@ -1774,6 +1797,32 @@ class DeleteStateView(DeveloperErrorViewMixin, APIView):
     permission_classes = (IsAuthenticated, permissions.InstructorPermission)
     permission_name = permissions.GIVE_STUDENT_EXTENSION
 
+    @apidocs.schema(
+        parameters=[
+            apidocs.string_parameter(
+                'course_id',
+                apidocs.ParameterLocation.PATH,
+                description="Course key for the course.",
+            ),
+            apidocs.string_parameter(
+                'problem',
+                apidocs.ParameterLocation.PATH,
+                description="Problem block usage key.",
+            ),
+            apidocs.string_parameter(
+                'learner',
+                apidocs.ParameterLocation.QUERY,
+                description="Learner username or email (required).",
+            ),
+        ],
+        responses={
+            200: SyncOperationResultSerializer,
+            400: "Invalid parameters or missing learner.",
+            401: "The requesting user is not authenticated.",
+            403: "The requesting user lacks permission.",
+            404: "Learner not found.",
+        },
+    )
     @method_decorator(transaction.non_atomic_requests)
     def delete(self, request, course_id, problem):
         """Delete learner problem state."""
@@ -1785,9 +1834,7 @@ def delete(self, request, course_id, problem):
         learner_identifier = request.query_params.get('learner')
         if not learner_identifier:
             return Response(
-                {'error': 'INVALID_PARAMETER',
-                 'message': 'The learner parameter is required',
-                 'status_code': 400},
+                {'error': 'The learner parameter is required'},
                 status=status.HTTP_400_BAD_REQUEST,
             )
 
@@ -1805,16 +1852,12 @@ def delete(self, request, course_id, problem):
             )
         except StudentModule.DoesNotExist:
             return Response(
-                {'error': 'RESOURCE_NOT_FOUND',
-                 'message': 'No state found for this learner and problem',
-                 'status_code': 404},
+                {'error': 'No state found for this learner and problem'},
                 status=status.HTTP_404_NOT_FOUND,
             )
         except sub_api.SubmissionError:
             return Response(
-                {'error': 'INTERNAL_ERROR',
-                 'message': 'An error occurred while deleting state',
-                 'status_code': 500},
+                {'error': 'An error occurred while deleting state'},
                 status=status.HTTP_500_INTERNAL_SERVER_ERROR,
             )
 
@@ -1840,6 +1883,37 @@ class RescoreView(DeveloperErrorViewMixin, APIView):
     permission_classes = (IsAuthenticated, permissions.InstructorPermission)
     permission_name = permissions.OVERRIDE_GRADES
 
+    @apidocs.schema(
+        parameters=[
+            apidocs.string_parameter(
+                'course_id',
+                apidocs.ParameterLocation.PATH,
+                description="Course key for the course.",
+            ),
+            apidocs.string_parameter(
+                'problem',
+                apidocs.ParameterLocation.PATH,
+                description="Problem block usage key.",
+            ),
+            apidocs.string_parameter(
+                'learner',
+                apidocs.ParameterLocation.QUERY,
+                description="Optional: Learner username or email. If omitted, rescores all learners.",
+            ),
+            apidocs.string_parameter(
+                'only_if_higher',
+                apidocs.ParameterLocation.QUERY,
+                description="Optional: If 'true', only update scores that are higher than current.",
+            ),
+        ],
+        responses={
+            202: AsyncOperationResultSerializer,
+            400: "Invalid parameters provided.",
+            401: "The requesting user is not authenticated.",
+            403: "The requesting user lacks permission.",
+            404: "Learner not found.",
+        },
+    )
     @method_decorator(transaction.non_atomic_requests)
     def post(self, request, course_id, problem):
         """Rescore problem submissions."""
@@ -1862,21 +1936,17 @@ def post(self, request, course_id, problem):
                 )
             except NotImplementedError as exc:
                 return Response(
-                    {'error': 'INVALID_PARAMETER', 'message': str(exc), 'status_code': 400},
+                    {'error': str(exc)},
                     status=status.HTTP_400_BAD_REQUEST,
                 )
             except ItemNotFoundError:
                 return Response(
-                    {'error': 'RESOURCE_NOT_FOUND',
-                     'message': 'Problem not found',
-                     'status_code': 404},
+                    {'error': 'Problem not found'},
                     status=status.HTTP_404_NOT_FOUND,
                 )
             except AlreadyRunningError:
                 return Response(
-                    {'error': 'ALREADY_RUNNING',
-                     'message': 'A rescore task is already running for this learner and problem',
-                     'status_code': 409},
+                    {'error': 'A rescore task is already running for this learner and problem'},
                     status=status.HTTP_409_CONFLICT,
                 )
 
@@ -1888,9 +1958,7 @@ def post(self, request, course_id, problem):
             course = get_course_with_access(request.user, 'staff', course_key)
             if not has_access(request.user, 'instructor', course):
                 return Response(
-                    {'error': 'PERMISSION_DENIED',
-                     'message': 'Instructor access required for bulk operations',
-                     'status_code': 403},
+                    {'error': 'Instructor access required for bulk operations'},
                     status=status.HTTP_403_FORBIDDEN,
                 )
 
@@ -1900,21 +1968,17 @@ def post(self, request, course_id, problem):
                 )
             except NotImplementedError as exc:
                 return Response(
-                    {'error': 'INVALID_PARAMETER', 'message': str(exc), 'status_code': 400},
+                    {'error': str(exc)},
                     status=status.HTTP_400_BAD_REQUEST,
                 )
             except ItemNotFoundError:
                 return Response(
-                    {'error': 'RESOURCE_NOT_FOUND',
-                     'message': 'Problem not found',
-                     'status_code': 404},
+                    {'error': 'Problem not found'},
                     status=status.HTTP_404_NOT_FOUND,
                 )
             except AlreadyRunningError:
                 return Response(
-                    {'error': 'ALREADY_RUNNING',
-                     'message': 'A rescore task is already running for this problem',
-                     'status_code': 409},
+                    {'error': 'A rescore task is already running for this problem'},
                     status=status.HTTP_409_CONFLICT,
                 )
 
@@ -1930,6 +1994,32 @@ class ScoreOverrideView(DeveloperErrorViewMixin, APIView):
     permission_classes = (IsAuthenticated, permissions.InstructorPermission)
     permission_name = permissions.OVERRIDE_GRADES
 
+    @apidocs.schema(
+        parameters=[
+            apidocs.string_parameter(
+                'course_id',
+                apidocs.ParameterLocation.PATH,
+                description="Course key for the course.",
+            ),
+            apidocs.string_parameter(
+                'problem',
+                apidocs.ParameterLocation.PATH,
+                description="Problem block usage key.",
+            ),
+            apidocs.string_parameter(
+                'learner',
+                apidocs.ParameterLocation.QUERY,
+                description="Learner username or email (required).",
+            ),
+        ],
+        responses={
+            200: SyncOperationResultSerializer,
+            400: "Invalid parameters or invalid score.",
+            401: "The requesting user is not authenticated.",
+            403: "The requesting user lacks permission.",
+            404: "Learner not found.",
+        },
+    )
     @method_decorator(transaction.non_atomic_requests)
     def put(self, request, course_id, problem):
         """Override a learner's score."""
@@ -1941,9 +2031,7 @@ def put(self, request, course_id, problem):
         learner_identifier = request.query_params.get('learner')
         if not learner_identifier:
             return Response(
-                {'error': 'INVALID_PARAMETER',
-                 'message': 'The learner parameter is required',
-                 'status_code': 400},
+                {'error': 'The learner parameter is required'},
                 status=status.HTTP_400_BAD_REQUEST,
             )
 
@@ -1954,8 +2042,7 @@ def put(self, request, course_id, problem):
         body_serializer = ScoreOverrideRequestSerializer(data=request.data)
         if not body_serializer.is_valid():
             return Response(
-                {'error': 'INVALID_PARAMETER', 'message': 'Invalid request body',
-                 'field_errors': body_serializer.errors, 'status_code': 400},
+                {'error': 'Invalid request body', 'field_errors': body_serializer.errors},
                 status=status.HTTP_400_BAD_REQUEST,
             )
         score = body_serializer.validated_data['score']
@@ -1964,17 +2051,13 @@ def put(self, request, course_id, problem):
             block = modulestore().get_item(usage_key)
         except ItemNotFoundError:
             return Response(
-                {'error': 'RESOURCE_NOT_FOUND',
-                 'message': 'Problem not found',
-                 'status_code': 404},
+                {'error': 'Problem not found'},
                 status=status.HTTP_404_NOT_FOUND,
             )
 
         if not has_access(request.user, 'staff', block):
             return Response(
-                {'error': 'PERMISSION_DENIED',
-                 'message': 'You do not have permission to override scores for this problem',
-                 'status_code': 403},
+                {'error': 'You do not have permission to override scores for this problem'},
                 status=status.HTTP_403_FORBIDDEN,
             )
 
@@ -1984,19 +2067,17 @@ def put(self, request, course_id, problem):
             )
         except NotImplementedError as exc:
             return Response(
-                {'error': 'INVALID_PARAMETER', 'message': str(exc), 'status_code': 400},
+                {'error': str(exc)},
                 status=status.HTTP_400_BAD_REQUEST,
             )
         except ValueError as exc:
             return Response(
-                {'error': 'INVALID_PARAMETER', 'message': str(exc), 'status_code': 400},
+                {'error': str(exc)},
                 status=status.HTTP_400_BAD_REQUEST,
             )
         except AlreadyRunningError:
             return Response(
-                {'error': 'ALREADY_RUNNING',
-                 'message': 'A score override task is already running for this learner and problem',
-                 'status_code': 409},
+                {'error': 'A score override task is already running for this learner and problem'},
                 status=status.HTTP_409_CONFLICT,
             )
 
