squash!: Change type to scope_type, add org filtering

Author: rodmgwgu

openedx_authz/rest_api/v1/serializers.py

@@ -36,6 +36,12 @@ class ActionMixin(serializers.Serializer):  # pylint: disable=abstract-method
     action = serializers.CharField(max_length=255)
 
 
+class OrgMixin(serializers.Serializer):  # pylint: disable=abstract-method
+    """Mixin providing org field functionality."""
+
+    org = serializers.CharField(required=False, max_length=255)
+
+
 class PermissionValidationSerializer(ActionMixin, ScopeMixin):  # pylint: disable=abstract-method
     """Serializer for permission validation request."""
 
@@ -212,11 +218,11 @@ def get_roles(self, obj: api.RoleAssignmentData) -> list[str]:
         return [role.external_key for role in obj.roles]
 
 
-class ListScopesSerializer(serializers.Serializer):  # pylint: disable=abstract-method
-    """Serializer for validating query parameters in AdminConsoleScopesAPIView."""
+class ListScopesQuerySerializer(OrgMixin):  # pylint: disable=abstract-method
+    """Serializer for validating query parameters in ScopesAPIView."""
 
     management_permission_only = serializers.BooleanField(required=False, default=False)
-    type = serializers.ChoiceField(choices=["course", "library"], required=False, default=None, allow_null=True)
+    scope_type = serializers.ChoiceField(choices=["course", "library"], required=False, default=None, allow_null=True)
     search = serializers.CharField(required=False, default="", allow_blank=True)
 
 

openedx_authz/rest_api/v1/urls.py

@@ -15,5 +15,5 @@
     path("orgs/", views.AdminConsoleOrgsAPIView.as_view(), name="orgs-list"),
     path("users/", views.TeamMembersAPIView.as_view(), name="user-list"),
     path("users/validate/", views.UserValidationAPIView.as_view(), name="user-validation"),
-    path("scopes/", views.AdminConsoleScopesAPIView.as_view(), name="scope-list"),
+    path("scopes/", views.ScopesAPIView.as_view(), name="scope-list"),
 ]

openedx_authz/rest_api/v1/views.py

@@ -47,7 +47,7 @@
     AddUsersToRoleWithScopeSerializer,
     ListRolesWithScopeResponseSerializer,
     ListRolesWithScopeSerializer,
-    ListScopesSerializer,
+    ListScopesQuerySerializer,
     ListTeamMembersSerializer,
     ListUsersInRoleWithScopeSerializer,
     PermissionValidationResponseSerializer,
@@ -575,6 +575,7 @@ def get_queryset(self) -> QuerySet:
     "get",
     parameters=[
         apidocs.query_parameter("search", str, description="Filter scopes by display name"),
+        apidocs.query_parameter("org", str, description="Filter scopes by org"),
         apidocs.query_parameter("page", int, description="Page number for pagination"),
         apidocs.query_parameter("page_size", int, description="Number of items per page"),
         apidocs.query_parameter(
@@ -586,18 +587,19 @@ def get_queryset(self) -> QuerySet:
             ),
         ),
         apidocs.query_parameter(
-            "type",
+            "scope_type",
             str,
             description="Filter by scope type. Either 'course' or 'library'. Returns both if not specified.",
         ),
     ],
     responses={
         status.HTTP_200_OK: ScopeSerializer(many=True),
         status.HTTP_400_BAD_REQUEST: "The request parameters are invalid",
-        status.HTTP_401_UNAUTHORIZED: "The user is not authenticated or does not have the required permissions",
+        status.HTTP_401_UNAUTHORIZED: "The user is not authenticated",
+        status.HTTP_403_FORBIDDEN: "The user does not have the required permisisons",
     },
 )
-class AdminConsoleScopesAPIView(generics.ListAPIView):
+class ScopesAPIView(generics.ListAPIView):
     """
     API view for listing scopes
     This API is used on the filters and assign roles functionality on the Admin Console.
@@ -609,9 +611,10 @@ class AdminConsoleScopesAPIView(generics.ListAPIView):
     **Query Parameters**
 
     - search (Optional): Search term to filter scopes by display name
+    - org (Optional): Filter scopes by org
     - page (Optional): Page number for pagination
     - page_size (Optional): Number of items per page
-    - type (Optional): Filter scopes by type. Supported values are `course` and `library`.
+    - scope_type (Optional): Filter scopes by type. Supported values are `course` and `library`.
     - management_permission_only (Optional): Filter scopes either by only the ones to which the user has "manage team"
         permissions (if true), or just "view team" permissions.
 
@@ -666,12 +669,17 @@ def get_serializer_context(self):
         return context
 
     def _get_courses_queryset(
-        self, allowed_ids: set | None = None, allowed_orgs: set | None = None, search: str = ""
+        self,
+        allowed_ids: set | None = None,
+        allowed_orgs: set | None = None,
+        search: str = "",
+        org: str = "",
     ) -> QuerySet:
         """Return a CourseOverview queryset projected to the unified scope shape.
 
         If allowed_ids and/or allowed_orgs are provided, filter to matching courses.
         If search is provided, filter by display_name.
+        If org is provided, filter by org short_name.
         """
         qs = CourseOverview.objects
         if allowed_ids is not None or allowed_orgs is not None:
@@ -682,6 +690,8 @@ def _get_courses_queryset(
                 qs = qs.none()
             else:
                 qs = qs.filter(combined_filter)
+        if org:
+            qs = qs.filter(org=org)
         if search:
             qs = qs.filter(display_name__icontains=search)
         return qs.annotate(
@@ -692,12 +702,17 @@ def _get_courses_queryset(
         ).values("scope_id", "display_name_col", "org_name", "scope_type")
 
     def _get_libraries_queryset(
-        self, allowed_pairs: set | None = None, allowed_orgs: set | None = None, search: str = ""
+        self,
+        allowed_pairs: set | None = None,
+        allowed_orgs: set | None = None,
+        search: str = "",
+        org: str = "",
     ) -> QuerySet:
         """Return a ContentLibrary queryset projected to the unified scope shape.
 
         If allowed_pairs and/or allowed_orgs are provided, filter to matching libraries.
         If search is provided, filter by learning_package__title.
+        If org is provided, filter by org short_name.
         """
         qs = ContentLibrary.objects
         if allowed_pairs is not None or allowed_orgs is not None:
@@ -712,6 +727,8 @@ def _get_libraries_queryset(
                 qs = qs.none()
             else:
                 qs = qs.filter(combined)
+        if org:
+            qs = qs.filter(org__short_name=org)
         if search:
             qs = qs.filter(learning_package__title__icontains=search)
         return qs.annotate(
@@ -738,16 +755,17 @@ def get_queryset(self) -> QuerySet:
         user = self.request.user
 
         # Validate and parse query parameters.
-        params_serializer = ListScopesSerializer(data=self.request.query_params)
+        params_serializer = ListScopesQuerySerializer(data=self.request.query_params)
         params_serializer.is_valid(raise_exception=True)
-        scope_type = params_serializer.validated_data["type"]
+        scope_type = params_serializer.validated_data["scope_type"]
         search = params_serializer.validated_data["search"]
+        org = params_serializer.validated_data.get("org", "")
 
         # Staff and superusers can see all scopes, skip permission filtering.
         if user.is_staff or user.is_superuser:
             return self._build_queryset(
-                courses_qs=self._get_courses_queryset(search=search) if scope_type != "library" else None,
-                libraries_qs=self._get_libraries_queryset(search=search) if scope_type != "course" else None,
+                courses_qs=(self._get_courses_queryset(search=search, org=org) if scope_type != "library" else None),
+                libraries_qs=(self._get_libraries_queryset(search=search, org=org) if scope_type != "course" else None),
             )
 
         management_only = params_serializer.validated_data["management_permission_only"]
@@ -766,7 +784,12 @@ def get_permission(scope_cls):
                 s.external_key for s in allowed_course_scopes if not isinstance(s, OrgCourseOverviewGlobData)
             }
             allowed_course_orgs = {s.org for s in allowed_course_scopes if isinstance(s, OrgCourseOverviewGlobData)}
-            courses_qs = self._get_courses_queryset(allowed_course_ids, allowed_course_orgs, search=search)
+            courses_qs = self._get_courses_queryset(
+                allowed_course_ids,
+                allowed_course_orgs,
+                search=search,
+                org=org,
+            )
 
         libraries_qs = None
         if scope_type != "course":
@@ -780,7 +803,12 @@ def get_permission(scope_cls):
                 if not isinstance(s, OrgContentLibraryGlobData)
             }
             allowed_library_orgs = {s.org for s in allowed_library_scopes if isinstance(s, OrgContentLibraryGlobData)}
-            libraries_qs = self._get_libraries_queryset(allowed_library_pairs, allowed_library_orgs, search=search)
+            libraries_qs = self._get_libraries_queryset(
+                allowed_library_pairs,
+                allowed_library_orgs,
+                search=search,
+                org=org,
+            )
 
         # Union the requested querysets and sort by org at the DB level.
         return self._build_queryset(courses_qs, libraries_qs)