feat: add library restore endpoint

[wgu-taylor-payne]

Description

Adds a library restore endpoint to restore a learning package from a backup. The learning package can then be used to create a content library.

POST /api/libraries/v2/restore/

Requires a file field, which must be a .zip file.

A library restore task will be queued for execution, and a task id will be returned in the JSON response.

{
    "task_id": "29cd29cb-a963-427b-8aaa-675c999832a1"
}

GET /api/libraries/v2/restore/

Requires a task_id parameter to be provided. If given a valid task_id it will return the task status and data based on the result of the restore.

Success:

{
    "state": "Succeeded",
    "result": {
        "learning_package_id": 6,
        "title": "Library test",
        "org": "WGU",
        "slug": "LIB_C001",
        "key": "lib-restore:tpayne:WGU:LIB_C001:6",
        "original_key": "lib:WGU:LIB_C001",
        "created": "2025-10-07T00:29:38.692050+00:00",
        "components": 6
    }
}

Failure:

{
    "state": "Failed",
    "result": {
        "error": "Error restoring learning package",
        "log_file": "/media/user_tasks/2025/10/06/00d8363d-5e24-48db-bfd5-24e66acde361-error.log"
    }
}

Supporting information

Resolves openedx/openedx-learning#388.

Depends on functionality in openedx/openedx-learning#406.

Testing instructions

TODO

Deadline

Ulmo release

[openedx-webhooks]

Thanks for the pull request, @wgu-taylor-payne!

This repository is currently maintained by @openedx/wg-maintenance-edx-platform.

Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review.

🔘 Get product approval

If you haven't already, check this list to see if your contribution needs to go through the product review process.

• If it does, you'll need to submit a product proposal for your contribution, and have it reviewed by the Product Working Group.
  • This process (including the steps you'll need to take) is documented here.
• If it doesn't, simply proceed with the next step.

🔘 Provide context

To help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:

• Dependencies

  This PR must be merged before / after / at the same time as ...

• Blockers

  This PR is waiting for OEP-1234 to be accepted.

• Timeline information

  This PR must be merged by XX date because ...

• Partner information

  This is for a course on edx.org.

• Supporting documentation
• Relevant Open edX discussion forum threads

🔘 Get a green build

If one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green.

🔘 Update the status of your PR

Your PR is currently marked as a draft. After completing the steps above, update its status by clicking "Ready for Review", or removing "WIP" from the title, as appropriate.

---

Where can I find more information?

If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:

• Overview of Review Process for Community Contributions
• Pull Request Status Guide
• Making changes to your pull request

When can I expect my changes to be merged?

Our goal is to get community contributions seen and reviewed as efficiently as possible.

However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:

• The size and impact of the changes that it introduces
• The need for product review
• Maintenance status of the parent repository

💡 As a result it may take up to several weeks or months to complete a review and merge your PR.

[dwong2708]

@ormsbee In the scenario where LibraryPackage.key already exists, should we assign a unique temporary key to stage this library package? Currently, the staged_key is built later using the LP.id

[ormsbee]

In my comment about this, I suggested making the LearningPackage.key be a combination of the learning key of the archive, the username of the person uploading, and a primary key (though really, anything that's unique will work--like a simple random hash value). So it would look like: lib-restore:dave:Axim:problem-bank:1002

(Okay, thinking on that more, I guess we'd want to construct the key in this bit of code and pass it to load_dump_zip_file as an argument, so that would favor having a random hash instead of a pkey at the end.

The goals of the key would be:

• easily look up the user's uploads
• reconstruct the original key of the archive without having to open the archive up
• namespace it so that the key entries never collide

[dwong2708]

Passing the staged LP sounds good to me, but @wgu-taylor-payne suggested passing only the User object, since the organization name (e.g., Axim in the example above) is already included in the zip file, and extracting it at the endpoint level wouldn’t make sense.

[ormsbee]

Recap: We talked about this at our sync-up today, where @dwong2708 brought me up to speed on what he and @wgu-taylor-payne were discussing.

I think the idea of having Learning Core decide what the temporary key is makes sense, and it also makes sense that we'd have to pass in the user object, since that is how Learning Core would namespace things. Overall, this gives LC the flexibility to determine how it wants to manage this specific kind of staged LearningPackage for a given user. In terms of the last part of the key--anything uniquely identifying will do. We could use a timestamp with sufficient precision, for instance.

In all cases, we shouldn't rely on parsing the key when displaying information to the frontend. The frontend should still get all its information from specific fields in the JSON artifact that is produced during the upload process.

[wgu-taylor-payne]

Currently in this PR, along with creating and updating the restored LP with the "staged" key, the code also validates the key format, extracts the username from the key to see if the user is authorized to create a library from the LP, and then changes the key back to the standard version after the LP is tied to a content library.

It would be nice to have Learning Core provide an interface for this functionality as well.

[dwong2708]

Sounds good to me, Just to clarify, @ormsbee , we don’t need to check that the uploaded user matches the backup user, right?

[ormsbee]

Right. Anyone could upload an archive created by anyone else.

[dwong2708]

In a nutshell:

The staged key generation happens on the LC side (PR
, pending review). Based on that, I believe the logic here can be simplified:

1. In this line, we pass the user and True value to generate the staged key:
   authoring_api.load_dump_zip_file(tmp_path, user=user, use_staged_lp_key=True)
2. The user task returns the Learning Package (LP) ID.
3. When creating the Content Library, the frontend will send the LP ID, and the endpoint will update the key based on the slug and org provided by the frontend. At this point, the ContentLibrary model has already been created, and you can use its library_key property to pass it to the update_library_package API.

[dwong2708]

Nice job, Tylor, and thank you for addressing this. I left some comments, but please note that they depend on the merge of this PR
.

[dwong2708]

Since the new learning package key will be generated by the ContentLibrary model, I think passing the learning_package_key is unnecessary.

[dwong2708]

No longer needed once this PR is merged.

[dwong2708]

Not necessary — please remove it

[dwong2708]

You could use ref.library_key and pass it here, since the new LP key is generated from the org and slug provided by the new ContentLibrary.

[dwong2708]

Won’t be necessary once this PR
is merged.