squash!: Fix conflicts

rodmgwgu · rodmgwgu · commit 0db0991e8c81 · 2026-03-31T12:24:06.000-06:00
diff --git a/openedx_authz/api/roles.py b/openedx_authz/api/roles.py
@@ -31,6 +31,9 @@
     "batch_unassign_role_from_subjects_in_scope",
     "get_all_roles_in_scope",
     "get_all_roles_names",
+    "get_subject_role_assignments_in_scope",
+    "get_subject_role_assignments_for_role_in_scope",
+    "get_all_subject_role_assignments",
     "get_all_subject_role_assignments_in_scope",
     "get_permissions_for_active_roles_in_scope",
     "get_permissions_for_roles",
@@ -269,6 +272,28 @@ def batch_unassign_role_from_subjects_in_scope(subjects: list[SubjectData], role
         unassign_role_from_subject_in_scope(subject, role, scope)
 
 
+def get_all_subject_role_assignments() -> list[RoleAssignmentData]:
+    """Get all the roles for every subject across all scopes.
+
+    Returns:
+        list[RoleAssignmentData]: A list of role assignments for the subject.
+    """
+    enforcer = AuthzEnforcer.get_enforcer()
+    role_assignments = []
+    for policy in enforcer.get_grouping_policy():
+        subject = SubjectData(namespaced_key=policy[GroupingPolicyIndex.SUBJECT.value])
+        role = RoleData(namespaced_key=policy[GroupingPolicyIndex.ROLE.value])
+        role.permissions = get_permissions_for_single_role(role)
+
+        role_assignments.append(
+            RoleAssignmentData(
+                subject=subject,
+                roles=[role],
+                scope=ScopeData(namespaced_key=policy[GroupingPolicyIndex.SCOPE.value]),
+            )
+        )
+    return role_assignments
+
 def get_subject_role_assignments(subject: SubjectData) -> list[RoleAssignmentData]:
     """Get all the roles for a subject across all scopes.
 
diff --git a/openedx_authz/api/users.py b/openedx_authz/api/users.py
@@ -22,6 +22,7 @@
     assign_role_to_subject_in_scope,
     batch_assign_role_to_subjects_in_scope,
     batch_unassign_role_from_subjects_in_scope,
+    get_all_subject_role_assignments,
     get_all_subject_role_assignments_in_scope,
     get_role_assignments,
     get_scopes_for_subject_and_permission,
@@ -38,6 +39,7 @@
     "batch_assign_role_to_users_in_scope",
     "unassign_role_from_user",
     "batch_unassign_role_from_users",
+    "get_all_user_role_assignments",
     "get_user_role_assignments",
     "get_user_role_assignments_in_scope",
     "get_user_role_assignments_for_role_in_scope",
@@ -117,6 +119,13 @@ def batch_unassign_role_from_users(users: list[str], role_external_key: str, sco
         ScopeData(external_key=scope_external_key),
     )
 
+def get_all_user_role_assignments() -> list[RoleAssignmentData]:
+    """Get all roles for all users across all scopes.
+
+    Returns:
+        list[RoleAssignmentData]: A list of role assignments and all their metadata assigned to the user.
+    """
+    return get_all_subject_role_assignments()
 
 def get_user_role_assignments(user_external_key: str) -> list[RoleAssignmentData]:
     """Get all roles for a user across all scopes.
diff --git a/openedx_authz/rest_api/v1/serializers.py b/openedx_authz/rest_api/v1/serializers.py
@@ -203,3 +203,20 @@ def get_email(self, obj) -> str:
     def get_roles(self, obj: api.RoleAssignmentData) -> list[str]:
         """Get the roles for the given role assignment."""
         return [role.external_key for role in obj.roles]
+
+class ListTeamMembersSerializer(serializers.Serializer):  # pylint: disable=abstract-method
+    """Serializer for listing team members."""
+
+    scopes = CommaSeparatedListField(required=False, default=[])
+    orgs = CommaSeparatedListField(required=False, default=[])
+    sort_by = serializers.ChoiceField(
+        required=False,
+        choices=[(e.value, e.name) for e in SortField],
+        default=SortField.USERNAME,
+    )
+    order = serializers.ChoiceField(
+        required=False,
+        choices=[(e.value, e.name) for e in SortOrder],
+        default=SortOrder.ASC,
+    )
+    search = LowercaseCharField(required=False, default=None)
diff --git a/openedx_authz/rest_api/v1/urls.py b/openedx_authz/rest_api/v1/urls.py
@@ -12,4 +12,5 @@
     ),
     path("roles/", views.RoleListView.as_view(), name="role-list"),
     path("roles/users/", views.RoleUserAPIView.as_view(), name="role-user-list"),
+    path("users/", views.TeamMembersAPIView.as_view(), name="user-list"),
 ]
diff --git a/openedx_authz/rest_api/v1/views.py b/openedx_authz/rest_api/v1/views.py
@@ -5,6 +5,7 @@
 permissions, roles, and user assignments within Open edX platform.
 """
 
+from dataclasses import dataclass
 import logging
 
 import edx_api_doc_tools as apidocs
@@ -31,6 +32,7 @@
     AddUsersToRoleWithScopeSerializer,
     ListRolesWithScopeResponseSerializer,
     ListRolesWithScopeSerializer,
+    ListTeamMembersSerializer,
     ListUsersInRoleWithScopeSerializer,
     PermissionValidationResponseSerializer,
     PermissionValidationSerializer,
@@ -449,3 +451,87 @@ def get(self, request: HttpRequest) -> Response:
         paginated_response_data = paginator.paginate_queryset(response_data, request)
         serialized_data = ListRolesWithScopeResponseSerializer(paginated_response_data, many=True)
         return paginator.get_paginated_response(serialized_data.data)
+
+@dataclass
+class UserAssignments:
+    user: "User"
+    assignments: list[api.RoleAssignmentData]
+
+def get_user_assignment_map(role_assignments: list[api.RoleAssignmentData]) -> list[UserAssignments]:
+    """
+    Group role assignments by user
+    """
+    usernames = {assignment.subject.username for assignment in role_assignments}
+    user_map = get_user_map(usernames)
+
+    users_with_assignments: list[UserAssignments] = []
+
+    for username, user in user_map.items():
+        assignments = [a for a in role_assignments if a.subject.username == username]
+        users_with_assignments.append(UserAssignments(user=user, assignments=assignments))
+
+    return users_with_assignments
+
+
+
+@view_auth_classes()
+class TeamMembersAPIView(APIView):
+    """
+    API view for listing users in relation to role assignations
+    """
+
+    pagination_class = AuthZAPIViewPagination
+    permission_classes = [DynamicScopePermission] # TODO check if this is needed/works
+
+    @apidocs.schema(
+        parameters=[
+            apidocs.query_parameter("scopes", str, description="The scopes to query assignations for"),
+            apidocs.query_parameter("orgs", str, description="The orgs to query assignations for"),
+            apidocs.query_parameter("search", str, description="The search query to filter users by"),
+            apidocs.query_parameter("sort_by", str, description="The field to sort by"),
+            apidocs.query_parameter("order", str, description="The order to sort by"),
+            apidocs.query_parameter("page", int, description="Page number for pagination"),
+            apidocs.query_parameter("page_size", int, description="Number of items per page"),
+        ],
+        responses={
+            status.HTTP_200_OK: ListRolesWithScopeResponseSerializer(many=True),
+            status.HTTP_400_BAD_REQUEST: "The request parameters are invalid",
+            status.HTTP_401_UNAUTHORIZED: "The user is not authenticated or does not have the required permissions",
+        },
+    )
+    @authz_permissions([permissions.VIEW_LIBRARY.identifier])
+    def get(self, request: HttpRequest) -> Response:
+        """Retrieve all users that have at least one assignation according to the filtering fields."""
+        serializer = ListTeamMembersSerializer(data=request.query_params)
+        serializer.is_valid(raise_exception=True)
+        query_params = serializer.validated_data
+
+        user_role_assignments = api.get_all_user_role_assignments()
+        # Group assignments by user
+        users_with_assignments = get_user_assignment_map(user_role_assignments)
+
+        if query_params.scopes:
+            # Filter by scopes
+            scopes = {s.strip() for s in query_params.scopes.split(",")}
+            users_with_assignments = [
+                uwa for uwa in users_with_assignments if any(a.scope.external_key in scopes for a in uwa.assignments)
+            ]
+
+        if query_params.orgs:
+            # Filter by orgs
+            orgs = {o.strip() for o in query_params.orgs.split(",")}
+            users_with_assignments = [
+                uwa for uwa in users_with_assignments if any(a.scope.org in orgs for a in uwa.assignments)
+            ]
+
+
+        logger.info(f">>>>Query params: {query_params}")
+        logger.info(f">>>>assignments: {user_role_assignments}")
+
+        # sort
+        # paginate
+
+
+        return Response({"results": []}, status=status.HTTP_200_OK)
+
+

Original file line number	Diff line number	Diff line change
`@@ -12,4 +12,5 @@`
`12`	`12`	`),`
`13`	`13`	`path("roles/", views.RoleListView.as_view(), name="role-list"),`
`14`	`14`	`path("roles/users/", views.RoleUserAPIView.as_view(), name="role-user-list"),`
	`15`	`+ path("users/", views.TeamMembersAPIView.as_view(), name="user-list"),`
`15`	`16`	`]`