feat: implement Assign Role Wizard with user validation and role assignment steps

Author: bra-i-am

src/authz-module/constants.ts

@@ -1,6 +1,7 @@
 export const ROUTES = {
   LIBRARIES_TEAM_PATH: '/libraries/:libraryId',
   LIBRARIES_USER_PATH: '/libraries/:libraryId/:username',
+  ASSIGN_ROLE_WIZARD_PATH: '/assign-role',
 };
 
 export enum RoleOperationErrorStatus {
@@ -10,3 +11,120 @@ export enum RoleOperationErrorStatus {
   ROLE_ASSIGNMENT_ERROR = 'role_assignment_error',
   ROLE_REMOVAL_ERROR = 'role_removal_error',
 }
+
+// Content Library Permission Keys
+export const CONTENT_LIBRARY_PERMISSIONS = {
+  DELETE_LIBRARY: 'content_libraries.delete_library',
+  MANAGE_LIBRARY_TAGS: 'content_libraries.manage_library_tags',
+  VIEW_LIBRARY: 'content_libraries.view_library',
+
+  EDIT_LIBRARY_CONTENT: 'content_libraries.edit_library_content',
+  PUBLISH_LIBRARY_CONTENT: 'content_libraries.publish_library_content',
+  REUSE_LIBRARY_CONTENT: 'content_libraries.reuse_library_content',
+
+  CREATE_LIBRARY_COLLECTION: 'content_libraries.create_library_collection',
+  EDIT_LIBRARY_COLLECTION: 'content_libraries.edit_library_collection',
+  DELETE_LIBRARY_COLLECTION: 'content_libraries.delete_library_collection',
+
+  MANAGE_LIBRARY_TEAM: 'content_libraries.manage_library_team',
+  VIEW_LIBRARY_TEAM: 'content_libraries.view_library_team',
+};
+
+// Note: this information will eventually come from the backend API
+// but for the MVP we decided to manage it in the frontend
+export const libraryRolesMetadata = [
+  {
+    role: 'library_admin', name: 'Library Admin', description: 'The Library Admin has full control over the library, including managing users, modifying content, and handling publishing workflows. They ensure content is properly maintained and accessible as needed.', contextType: 'library',
+  },
+  {
+    role: 'library_author', name: 'Library Author', description: 'The Library Author is responsible for creating, editing, and publishing content within a library. They can manage tags and collections but cannot delete libraries or manage users.', contextType: 'library',
+  },
+  {
+    role: 'library_contributor', name: 'Library Contributor', description: 'The Library Contributor can create and edit content within a library but cannot publish it. They support the authoring process while leaving final publishing to Authors or Admins.', contextType: 'library',
+  },
+  {
+    role: 'library_user', name: 'Library User', description: 'The Library User can view and reuse content but cannot edit or delete any resource.', contextType: 'library',
+  },
+];
+
+export const libraryResourceTypes = [
+  { key: 'library', label: 'Library', description: 'Permissions related to the library as a whole.' },
+  { key: 'library_content', label: 'Content', description: 'Permissions to create, edit, delete, and publish individual content items within the library.' },
+  { key: 'library_collection', label: 'Collection', description: 'Permissions to create, edit, and delete content collections within the library.' },
+  { key: 'library_team', label: 'Team', description: 'Permissions to manage user access and roles within the library.' },
+];
+
+export const libraryPermissions = [
+  { key: CONTENT_LIBRARY_PERMISSIONS.DELETE_LIBRARY, resource: 'library', description: 'Allows the user to delete the library and all its contents.' },
+  { key: CONTENT_LIBRARY_PERMISSIONS.MANAGE_LIBRARY_TAGS, resource: 'library', description: 'Add or remove tags from content.' },
+  { key: CONTENT_LIBRARY_PERMISSIONS.VIEW_LIBRARY, resource: 'library', description: 'View content, search, filter, and sort within the library.' },
+
+  { key: CONTENT_LIBRARY_PERMISSIONS.EDIT_LIBRARY_CONTENT, resource: 'library_content', description: 'Edit content in draft mode' },
+  { key: CONTENT_LIBRARY_PERMISSIONS.PUBLISH_LIBRARY_CONTENT, resource: 'library_content', description: 'Publish content, making it available for reuse' },
+  { key: CONTENT_LIBRARY_PERMISSIONS.REUSE_LIBRARY_CONTENT, resource: 'library_content', description: 'Reuse published content within a course.' },
+
+  { key: CONTENT_LIBRARY_PERMISSIONS.CREATE_LIBRARY_COLLECTION, resource: 'library_collection', description: 'Create new collections within a library.' },
+  { key: CONTENT_LIBRARY_PERMISSIONS.EDIT_LIBRARY_COLLECTION, resource: 'library_collection', description: 'Add or remove content from existing collections.' },
+  { key: CONTENT_LIBRARY_PERMISSIONS.DELETE_LIBRARY_COLLECTION, resource: 'library_collection', description: 'Delete entire collections from the library.' },
+
+  { key: CONTENT_LIBRARY_PERMISSIONS.MANAGE_LIBRARY_TEAM, resource: 'library_team', description: 'View the list of users who have access to the library.' },
+  { key: CONTENT_LIBRARY_PERMISSIONS.VIEW_LIBRARY_TEAM, resource: 'library_team', description: 'Add, remove, and assign roles to users within the library.' },
+];
+
+// Resource Type Definitions
+export const RESOURCE_TYPES = {
+  LIBRARY: 'library',
+  COURSE: 'course',
+} as const;
+
+export type ResourceType = typeof RESOURCE_TYPES[keyof typeof RESOURCE_TYPES];
+
+export const courseRolesMetadata = [
+  {
+    role: 'course_admin', name: 'Course Admin', description: 'Can manage the course team and all course settings.', contextType: 'course',
+  },
+  {
+    role: 'course_staff', name: 'Course Staff', description: 'Can publish content and manage the course lifecycle in Studio.', contextType: 'course',
+  },
+  {
+    role: 'course_editor', name: 'Course Editor', description: 'Can create and edit course content, but cannot publish or change critical course settings.', contextType: 'course', disabled: true,
+  },
+  {
+    role: 'course_auditor', name: 'Course Auditor', description: 'Can view course content and settings, but cannot make changes.', contextType: 'course', disabled: true,
+  },
+];
+
+// Course roles placeholder for future implementation
+export const COURSE_ROLES_METADATA = courseRolesMetadata;
+
+// Get roles metadata by resource type
+export const getRolesMetadata = (resourceType: ResourceType) => {
+  switch (resourceType) {
+    case RESOURCE_TYPES.LIBRARY:
+      return libraryRolesMetadata;
+    case RESOURCE_TYPES.COURSE:
+      return COURSE_ROLES_METADATA;
+    default:
+      return [];
+  }
+};
+
+// Get permissions by resource type
+export const getPermissions = (resourceType: ResourceType) => {
+  switch (resourceType) {
+    case RESOURCE_TYPES.LIBRARY:
+      return libraryPermissions;
+    default:
+      return [];
+  }
+};
+
+// Get resource types by resource type
+export const getResourceTypes = (resourceType: ResourceType) => {
+  switch (resourceType) {
+    case RESOURCE_TYPES.LIBRARY:
+      return libraryResourceTypes;
+    default:
+      return [];
+  }
+};

src/authz-module/data/api.ts

@@ -50,6 +50,16 @@ export interface AssignTeamMembersRoleRequest {
   scope: string;
 }
 
+// Validate Users API
+export type ValidateUsersRequest = {
+  users: string[];
+};
+
+export type ValidateUsersResponse = {
+  validUsers: string[];
+  invalidUsers: string[];
+};
+
 export const getTeamMembers = async (object: string, querySettings: QuerySettings): Promise<GetTeamMembersResponse> => {
   const url = new URL(getApiUrl(`/api/authz/v1/roles/users/?scope=${object}`));
 
@@ -77,6 +87,16 @@ export const assignTeamMembersRole = async (
   return camelCaseObject(res.data);
 };
 
+export const validateUsers = async (
+  data: ValidateUsersRequest,
+): Promise<ValidateUsersResponse> => {
+  const res = await getAuthenticatedHttpClient().post(
+    getApiUrl('/api/authz/v1/users/validate'),
+    data,
+  );
+  return camelCaseObject(res.data);
+};
+
 // TODO: this should be replaced in the future with Console API
 export const getLibrary = async (libraryId: string): Promise<LibraryMetadata> => {
   const { data } = await getAuthenticatedHttpClient().get(getStudioApiUrl(`/api/libraries/v2/${libraryId}/`));

src/authz-module/data/hooks.ts

@@ -6,6 +6,7 @@ import { LibraryMetadata } from '@src/types';
 import {
   assignTeamMembersRole, AssignTeamMembersRoleRequest, getLibrary, getPermissionsByRole, getTeamMembers,
   GetTeamMembersResponse, PermissionsByRole, QuerySettings, revokeUserRoles, RevokeUserRolesRequest,
+  validateUsers, ValidateUsersRequest,
 } from './api';
 
 const authzQueryKeys = {
@@ -91,6 +92,20 @@ export const useAssignTeamMembersRole = () => {
   });
 };
 
+/**
+ * React Query hook to validate users exist without assigning roles.
+ * It checks if the provided usernames/email addresses are valid.
+ *
+ * @example
+ * const { mutate: validateUsers } = useValidateUsers();
+ * validateUsers({ data: { users: ['jdoe', 'jane@example.com'] } });
+ */
+export const useValidateUsers = () => useMutation({
+  mutationFn: async ({ data }: {
+      data: ValidateUsersRequest
+    }) => validateUsers(data),
+});
+
 /**
  * React Query hook to remove roles for a specific team member within a scope.
  *

src/authz-module/index.tsx

@@ -6,6 +6,7 @@ import LoadingPage from '@src/components/LoadingPage';
 import LibrariesErrorFallback from '@src/authz-module/libraries-manager/ErrorPage';
 import { ToastManagerProvider } from './libraries-manager/ToastManagerContext';
 import { LibrariesTeamManager, LibrariesUserManager, LibrariesLayout } from './libraries-manager';
+import AssignRoleWizardPage from './wizard/AssignRoleWizardPage';
 import { ROUTES } from './constants';
 
 import './index.scss';
@@ -21,6 +22,7 @@ const AuthZModule = () => (
                 <Route path={ROUTES.LIBRARIES_TEAM_PATH} element={<LibrariesTeamManager />} />
                 <Route path={ROUTES.LIBRARIES_USER_PATH} element={<LibrariesUserManager />} />
               </Route>
+              <Route path={ROUTES.ASSIGN_ROLE_WIZARD_PATH} element={<AssignRoleWizardPage />} />
             </Routes>
           </Suspense>
         </ToastManagerProvider>

src/authz-module/libraries-manager/LibrariesTeamManager.tsx

@@ -1,24 +1,25 @@
 import { useMemo } from 'react';
 import { useIntl } from '@edx/frontend-platform/i18n';
 import {
-  Container, Skeleton, Tab, Tabs,
+  Container, Skeleton, Tab, Tabs, Button,
 } from '@openedx/paragon';
 import { useLibrary } from '@src/authz-module/data/hooks';
-import { useLocation } from 'react-router-dom';
+import { useLocation, useNavigate } from 'react-router-dom';
 import { ROUTES } from '@src/authz-module/constants';
+import { Plus } from '@openedx/paragon/icons';
 import TeamTable from './components/TeamTable';
 import AuthZLayout from '../components/AuthZLayout';
 import RoleCard from '../components/RoleCard';
 import PermissionTable from '../components/PermissionTable';
 import { useLibraryAuthZ } from './context';
-import { AddNewTeamMemberTrigger } from './components/AddNewTeamMemberModal';
 import { buildPermissionMatrixByResource, buildPermissionMatrixByRole } from './utils';
 
 import messages from './messages';
 
 const LibrariesTeamManager = () => {
   const intl = useIntl();
   const { hash } = useLocation();
+  const navigate = useNavigate();
   const {
     libraryId, canManageTeam, roles, permissions, resources,
   } = useLibraryAuthZ();
@@ -27,6 +28,11 @@ const LibrariesTeamManager = () => {
   const pageTitle = intl.formatMessage(messages['library.authz.manage.page.title']);
   const teamMembersPath = `/authz${ROUTES.LIBRARIES_TEAM_PATH.replace(':libraryId', libraryId)}`;
 
+  // Handler to navigate to Assign Role Wizard
+  const handleNavigateToWizard = () => {
+    navigate(`/authz/assign-role?scope=${libraryId}`);
+  };
+
   const [libraryPermissionsByRole, libraryPermissionsByResource] = useMemo(() => {
     if (!roles && !permissions && !resources) { return [null, null]; }
     const permissionsByRole = buildPermissionMatrixByRole({
@@ -50,9 +56,18 @@ const LibrariesTeamManager = () => {
         pageTitle={pageTitle}
         pageSubtitle={libraryId}
         actions={
-          [
-            ...(canManageTeam ? [<AddNewTeamMemberTrigger libraryId={libraryId} key="add-new-member" />] : []),
-          ]
+          canManageTeam
+            ? [
+              <Button
+                iconBefore={Plus}
+                variant="primary"
+                onClick={handleNavigateToWizard}
+                key="add-new-role"
+              >
+                {intl.formatMessage(messages['library.authz.manage.add.role.button']) || 'New Role'}
+              </Button>,
+            ]
+            : []
         }
       >
         <Tabs

src/authz-module/libraries-manager/constants.ts

@@ -1,55 +1,17 @@
-import { PermissionMetadata, ResourceMetadata, RoleMetadata } from 'types';
-
-export const CONTENT_LIBRARY_PERMISSIONS = {
-  DELETE_LIBRARY: 'content_libraries.delete_library',
-  MANAGE_LIBRARY_TAGS: 'content_libraries.manage_library_tags',
-  VIEW_LIBRARY: 'content_libraries.view_library',
-
-  EDIT_LIBRARY_CONTENT: 'content_libraries.edit_library_content',
-  PUBLISH_LIBRARY_CONTENT: 'content_libraries.publish_library_content',
-  REUSE_LIBRARY_CONTENT: 'content_libraries.reuse_library_content',
-
-  CREATE_LIBRARY_COLLECTION: 'content_libraries.create_library_collection',
-  EDIT_LIBRARY_COLLECTION: 'content_libraries.edit_library_collection',
-  DELETE_LIBRARY_COLLECTION: 'content_libraries.delete_library_collection',
-
-  MANAGE_LIBRARY_TEAM: 'content_libraries.manage_library_team',
-  VIEW_LIBRARY_TEAM: 'content_libraries.view_library_team',
+import {
+  CONTENT_LIBRARY_PERMISSIONS,
+  libraryRolesMetadata,
+  libraryResourceTypes,
+  libraryPermissions,
+} from '../constants';
+
+export {
+  CONTENT_LIBRARY_PERMISSIONS,
+  libraryRolesMetadata,
+  libraryResourceTypes,
+  libraryPermissions,
 };
 
-// Note: this information will eventually come from the backend API
-// but for the MVP we decided to manage it in the frontend
-export const libraryRolesMetadata: RoleMetadata[] = [
-  { role: 'library_admin', name: 'Library Admin', description: 'The Library Admin has full control over the library, including managing users, modifying content, and handling publishing workflows. They ensure content is properly maintained and accessible as needed.' },
-  { role: 'library_author', name: 'Library Author', description: 'The Library Author is responsible for creating, editing, and publishing content within a library. They can manage tags and collections but cannot delete libraries or manage users.' },
-  { role: 'library_contributor', name: 'Library Contributor', description: 'The Library Contributor can create and edit content within a library but cannot publish it. They support the authoring process while leaving final publishing to Authors or Admins.' },
-  { role: 'library_user', name: 'Library User', description: 'The Library User can view and reuse content but cannot edit or delete any resource.' },
-];
-
-export const libraryResourceTypes: ResourceMetadata[] = [
-  { key: 'library', label: 'Library', description: 'Permissions related to the library as a whole.' },
-  { key: 'library_content', label: 'Content', description: 'Permissions to create, edit, delete, and publish individual content items within the library.' },
-  { key: 'library_collection', label: 'Collection', description: 'Permissions to create, edit, and delete content collections within the library.' },
-  { key: 'library_team', label: 'Team', description: 'Permissions to manage user access and roles within the library.' },
-];
-
-export const libraryPermissions: PermissionMetadata[] = [
-  { key: CONTENT_LIBRARY_PERMISSIONS.DELETE_LIBRARY, resource: 'library', description: 'Allows the user to delete the library and all its contents.' },
-  { key: CONTENT_LIBRARY_PERMISSIONS.MANAGE_LIBRARY_TAGS, resource: 'library', description: 'Add or remove tags from content.' },
-  { key: CONTENT_LIBRARY_PERMISSIONS.VIEW_LIBRARY, resource: 'library', description: 'View content, search, filter, and sort within the library.' },
-
-  { key: CONTENT_LIBRARY_PERMISSIONS.EDIT_LIBRARY_CONTENT, resource: 'library_content', description: 'Edit content in draft mode' },
-  { key: CONTENT_LIBRARY_PERMISSIONS.PUBLISH_LIBRARY_CONTENT, resource: 'library_content', description: 'Publish content, making it available for reuse' },
-  { key: CONTENT_LIBRARY_PERMISSIONS.REUSE_LIBRARY_CONTENT, resource: 'library_content', description: 'Reuse published content within a course.' },
-
-  { key: CONTENT_LIBRARY_PERMISSIONS.CREATE_LIBRARY_COLLECTION, resource: 'library_collection', description: 'Create new collections within a library.' },
-  { key: CONTENT_LIBRARY_PERMISSIONS.EDIT_LIBRARY_COLLECTION, resource: 'library_collection', description: 'Add or remove content from existing collections.' },
-  { key: CONTENT_LIBRARY_PERMISSIONS.DELETE_LIBRARY_COLLECTION, resource: 'library_collection', description: 'Delete entire collections from the library.' },
-
-  { key: CONTENT_LIBRARY_PERMISSIONS.MANAGE_LIBRARY_TEAM, resource: 'library_team', description: 'View the list of users who have access to the library.' },
-  { key: CONTENT_LIBRARY_PERMISSIONS.VIEW_LIBRARY_TEAM, resource: 'library_team', description: 'Add, remove, and assign roles to users within the library.' },
-];
-
 export const DEFAULT_TOAST_DELAY = 5000;
 export const RETRY_TOAST_DELAY = 120_000; // 2 minutes
 export const SKELETON_ROWS = Array.from({ length: 10 }).map(() => ({

src/authz-module/libraries-manager/messages.ts

@@ -11,6 +11,11 @@ const messages = defineMessages({
     defaultMessage: 'Manage Access',
     description: 'Libreries AuthZ root breafcrumb',
   },
+  'library.authz.manage.add.role.button': {
+    id: 'library.authz.manage.add.role.button',
+    defaultMessage: 'Assign Role',
+    description: 'Button to add a new role',
+  },
   'library.authz.tabs.team': {
     id: 'library.authz.tabs.team',
     defaultMessage: 'Team Members',