...

Common Questions

...

Courses and CourseRuns have many people and orgs through join tables which also specify their relation to the course/run.  For example all courses will be related to the org which is running the course, but some courses also have a sponsor who is not directly running the course, but providing assistance in some way, like Databricks sponsoring this Berkley course on spark https://www.edx.org/course/introduction-spark-uc-berkeleyx-cs105x.  

Authorization

The authorization progression would be as follows:

V1 - API is read-only.  Anyone with a valid access token can read.
V2 - API has basic CRUD operations.  Only super users can access non-read endpoints. Note: this would necessarily coincide with a switch making this the system of record for course metadata.
V3 - Super users can grant standard users create and update permissions at an organization level (TBD on delete).  E.G. Harvard users may be given access to edit/update any course, course run, or person that exists under the Harvard organization.