squash!: Fix quality

Author: rodmgwgu

openedx_authz/api/roles.py

@@ -294,6 +294,7 @@ def get_all_subject_role_assignments() -> list[RoleAssignmentData]:
         )
     return role_assignments
 
+
 def get_subject_role_assignments(subject: SubjectData) -> list[RoleAssignmentData]:
     """Get all the roles for a subject across all scopes.
 

openedx_authz/api/users.py

@@ -119,6 +119,7 @@ def batch_unassign_role_from_users(users: list[str], role_external_key: str, sco
         ScopeData(external_key=scope_external_key),
     )
 
+
 def get_all_user_role_assignments() -> list[RoleAssignmentData]:
     """Get all roles for all users across all scopes.
 
@@ -127,6 +128,7 @@ def get_all_user_role_assignments() -> list[RoleAssignmentData]:
     """
     return get_all_subject_role_assignments()
 
+
 def get_user_role_assignments(user_external_key: str) -> list[RoleAssignmentData]:
     """Get all roles for a user across all scopes.
 

openedx_authz/engine/matcher.py

@@ -3,15 +3,24 @@
 from django.contrib.auth import get_user_model
 from edx_django_utils.cache import RequestCache
 
-from openedx_authz.api.data import ContentLibraryData, CourseOverviewData, ScopeData, UserData
-from openedx_authz.rest_api.utils import get_user_by_username_or_email
+from openedx_authz.api.data import (
+    ContentLibraryData,
+    CourseOverviewData,
+    OrgContentLibraryGlobData,
+    OrgCourseOverviewGlobData,
+    ScopeData,
+    UserData,
+)
+from openedx_authz.utils import get_user_by_username_or_email
 
 User = get_user_model()
 
 
 SCOPES_WITH_ADMIN_OR_SUPERUSER_CHECK = {
     (ContentLibraryData.NAMESPACE, ContentLibraryData),
     (CourseOverviewData.NAMESPACE, CourseOverviewData),
+    (OrgContentLibraryGlobData.NAMESPACE, OrgContentLibraryGlobData),
+    (OrgCourseOverviewGlobData.NAMESPACE, OrgCourseOverviewGlobData),
 }
 
 

openedx_authz/rest_api/utils.py

@@ -1,10 +1,9 @@
 """Utility functions for the Open edX AuthZ REST API."""
 
-from dataclasses import dataclass
 import logging
+from dataclasses import dataclass
 
 from django.contrib.auth import get_user_model
-from django.db.models import Q
 
 from openedx_authz.api.data import (
     GLOBAL_SCOPE_WILDCARD,
@@ -66,26 +65,6 @@ def get_user_map(usernames: list[str]) -> dict[str, User]:
     return {user.username: user for user in users}
 
 
-def get_user_by_username_or_email(username_or_email: str) -> User:
-    """
-    Retrieve a user by their username or email address.
-
-    Args:
-        username_or_email (str): The username or email address to search for.
-
-    Returns:
-        User: The User object if found and not retired.
-
-    Raises:
-        User.DoesNotExist: If no user matches the provided username or email,
-            or if the user has an associated retirement request.
-    """
-    user = User.objects.get(Q(email=username_or_email) | Q(username=username_or_email))
-    if hasattr(user, "userretirementrequest"):
-        raise User.DoesNotExist
-    return user
-
-
 def sort_users(
     users: list[dict],
     sort_by: SortField = SortField.USERNAME,
@@ -174,9 +153,7 @@ def get_user_assignment_map(role_assignments: list[RoleAssignmentData]) -> list[
     return users_with_assignments
 
 
-def filter_allowed_assignments(
-    user: "User", assignments: list[RoleAssignmentData]
-) -> list[RoleAssignmentData]:
+def filter_allowed_assignments(user: "User", assignments: list[RoleAssignmentData]) -> list[RoleAssignmentData]:
     """
     Filter the given role assignments to only include those that the user has permission to view.
     """
@@ -193,7 +170,7 @@ def filter_allowed_assignments(
         if permission and is_user_allowed(
             user_external_key=user.username,
             action_external_key=permission,
-            scope_external_key=assignment.scope.external_key
+            scope_external_key=assignment.scope.external_key,
         ):
             allowed_assignments.append(assignment)
 

openedx_authz/rest_api/v1/fields.py

@@ -13,7 +13,8 @@ def to_internal_value(self, data):
     def to_representation(self, value):
         """Convert list to string separated by commas"""
         return ",".join(value).lower()
-    
+
+
 class CaseSensitiveCommaSeparatedListField(serializers.CharField):
     """Serializer for a comma-separated list of strings, case-sensitive."""
 

openedx_authz/rest_api/v1/serializers.py

@@ -6,7 +6,11 @@
 from openedx_authz import api
 from openedx_authz.rest_api.data import SortField, SortOrder
 from openedx_authz.rest_api.utils import UserAssignments, get_generic_scope
-from openedx_authz.rest_api.v1.fields import CaseSensitiveCommaSeparatedListField, CommaSeparatedListField, LowercaseCharField
+from openedx_authz.rest_api.v1.fields import (
+    CaseSensitiveCommaSeparatedListField,
+    CommaSeparatedListField,
+    LowercaseCharField,
+)
 
 User = get_user_model()
 
@@ -204,6 +208,7 @@ def get_roles(self, obj: api.RoleAssignmentData) -> list[str]:
         """Get the roles for the given role assignment."""
         return [role.external_key for role in obj.roles]
 
+
 class ListTeamMembersSerializer(serializers.Serializer):  # pylint: disable=abstract-method
     """Serializer for listing team members."""
 
@@ -221,6 +226,7 @@ class ListTeamMembersSerializer(serializers.Serializer):  # pylint: disable=abst
     )
     search = LowercaseCharField(required=False, default=None)
 
+
 class TeamMemberSerializer(serializers.Serializer):  # pylint: disable=abstract-method
     """Serializer for team members."""
 

openedx_authz/rest_api/v1/views.py

@@ -24,7 +24,6 @@
     filter_users,
     get_generic_scope,
     get_user_assignment_map,
-    get_user_by_username_or_email,
     get_user_map,
     sort_users,
 )
@@ -42,6 +41,7 @@
     TeamMemberSerializer,
     UserRoleAssignmentSerializer,
 )
+from openedx_authz.utils import get_user_by_username_or_email
 
 logger = logging.getLogger(__name__)
 
@@ -463,7 +463,7 @@ class TeamMembersAPIView(APIView):
     """
 
     pagination_class = AuthZAPIViewPagination
-    permission_classes = [DynamicScopePermission] # TODO check if this is needed/works
+    permission_classes = [DynamicScopePermission]  # TODO check if this is needed/works
 
     @apidocs.schema(
         parameters=[
@@ -489,23 +489,24 @@ def get(self, request: HttpRequest) -> Response:
         query_params = serializer.validated_data
 
         user_role_assignments = api.get_all_user_role_assignments()
+        # Filter assignments based on the user's permissions
         user_role_assignments = filter_allowed_assignments(user=request.user, assignments=user_role_assignments)
         # Group assignments by user
         users_with_assignments = get_user_assignment_map(user_role_assignments)
 
-        scopes = query_params.get('scopes')
-        orgs = query_params.get('orgs')
-        search = query_params.get('search')
-        order = query_params.get('order')
-        sort_by = query_params.get('sort_by', SortField.USERNAME)
+        scopes = query_params.get("scopes")
+        orgs = query_params.get("orgs")
+        search = query_params.get("search")
+        order = query_params.get("order")
+        sort_by = query_params.get("sort_by", SortField.USERNAME)
 
         if scopes:
             # Filter by scopes
             filtered_users: list[UserAssignments] = []
             for uwa in users_with_assignments:
                 if any(a.scope.external_key in scopes for a in uwa.assignments):
                     # Also filter assignments to reflect the correct number of assignments
-                    filtered_assignments = [a for a in uwa.assignments if a.scope.external_key in scopes]  
+                    filtered_assignments = [a for a in uwa.assignments if a.scope.external_key in scopes]
                     filtered_users.append(UserAssignments(user=uwa.user, assignments=filtered_assignments))
             users_with_assignments = filtered_users
 

openedx_authz/utils.py

@@ -0,0 +1,26 @@
+"""General utility functions for Open edX AuthZ."""
+
+from django.contrib.auth import get_user_model
+from django.db.models import Q
+
+User = get_user_model()
+
+
+def get_user_by_username_or_email(username_or_email: str) -> User:
+    """
+    Retrieve a user by their username or email address.
+
+    Args:
+        username_or_email (str): The username or email address to search for.
+
+    Returns:
+        User: The User object if found and not retired.
+
+    Raises:
+        User.DoesNotExist: If no user matches the provided username or email,
+            or if the user has an associated retirement request.
+    """
+    user = User.objects.get(Q(email=username_or_email) | Q(username=username_or_email))
+    if hasattr(user, "userretirementrequest"):
+        raise User.DoesNotExist
+    return user