fixup! feat: add AuthZ permissions for schedule and course details

Author: dwong2708

cms/djangoapps/contentstore/rest_api/v1/views/course_details.py

@@ -150,7 +150,7 @@ def put(self, request: Request, course_id: str):
         along with all the course's details similar to a ``GET`` request.
         """
         course_key = CourseKey.from_string(course_id)
-        is_schedule_update, is_details_update = self.classify_update(request, course_key)
+        is_schedule_update, is_details_update = self._classify_update(request, course_key)
 
         if not is_schedule_update and not is_details_update:
             # No updatable fields provided in the request
@@ -182,7 +182,7 @@ def put(self, request: Request, course_id: str):
         serializer = CourseDetailsSerializer(updated_data)
         return Response(serializer.data)
 
-    def classify_update(self, request: Request, course_key: str) -> tuple[bool, bool]:
+    def _classify_update(self, request: Request, course_key: str) -> tuple[bool, bool]:
         """
         Determine whether the payload is updating schedule fields, detail fields, or both.
 

openedx/core/djangoapps/authz/tests/mixins.py

@@ -55,11 +55,11 @@ def setUp(self):
         self.unauthorized_client = APIClient()
         self.unauthorized_client.force_authenticate(user=self.unauthorized_user)
 
-        self.super_user = UserFactory(is_superuser=True)
+        self.super_user = UserFactory(is_superuser=True, password=self.password)
         self.super_client = APIClient()
         self.super_client.force_authenticate(user=self.super_user)
 
-        self.staff_user = UserFactory(is_staff=True)
+        self.staff_user = UserFactory(is_staff=True, password=self.password)
         self.staff_client = APIClient()
         self.staff_client.force_authenticate(user=self.staff_user)