openedx-authz/openedx_authz/apps.py at e9165edc5ee17b3f7455308660f825fa641f65da · eduNEXT/openedx-authz · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
"""
openedx_authz Django application initialization.
"""

from django.apps import AppConfig


class OpenedxAuthzConfig(AppConfig):
    """
    Configuration for the openedx_authz Django application.
    """

    name = "openedx_authz"
    verbose_name = "Open edX AuthZ"
    default_auto_field = "django.db.models.BigAutoField"

    plugin_app = {
        "url_config": {
            "lms.djangoapp": {
                "namespace": "openedx-authz",
                "regex": r"^openedx-authz/",
                "relative_path": "urls",
            },
            "cms.djangoapp": {
                "namespace": "openedx-authz",
                "regex": r"^openedx-authz/",
                "relative_path": "urls",
            },
        },
        "settings_config": {
            "lms.djangoapp": {
                "test": {"relative_path": "settings.test"},
                "common": {"relative_path": "settings.common"},
                "production": {"relative_path": "settings.production"},
            },
            "cms.djangoapp": {
                "test": {"relative_path": "settings.test"},
                "common": {"relative_path": "settings.common"},
                "production": {"relative_path": "settings.production"},
            },
        },
    }

    def ready(self):
        """
        Add admin users to the authorization policy.
        """
        # pylint: disable=import-outside-toplevel
        from django.contrib.auth import get_user_model

        from openedx_authz.custom_enforcer import get_enforcer

        enforcer = get_enforcer()

        # Add minimum policies for anonymous users
        anonymous_policies = [
            ("/", "*"),
            ("/login", "*"),
            ("/api/mfe_config/v1", "*"),
            ("/login_refresh", "*"),
            ("/csrf/api/v1/token", "*"),
            ("/api/user/v2/account/login_session/", "*"),
            ("/dashboard", "*"),
            ("/__debug__/history_sidebar/", "*"),
            ("/theming/asset/images/no_course_image.png", "*"),
        ]

        for resource, action in anonymous_policies:
            if not enforcer.has_policy("anonymous", resource, action):
                enforcer.add_policy("anonymous", resource, action)

        # Ensure admin users have access to all resources
        User = get_user_model()

        enforcer.add_policy("admin", "*", "*")
        admin_users = User.objects.filter(is_staff=True, is_superuser=True)
        for user in admin_users:
            enforcer.add_role_for_user(user.username, "admin")

        print("\n\nAdded default policies!\n\n")