feat: use namespace instead scope to list role definitions

Author: BryanttV

openedx_authz/api/data.py

@@ -256,6 +256,20 @@ def get_subclass_by_external_key(mcs, external_key: str) -> Type["ScopeData"]:
 
         return scope_subclass
 
+    @classmethod
+    def get_all_namespaces(mcs) -> dict[str, Type["ScopeData"]]:
+        """Get all registered scope namespaces.
+
+        Returns:
+            dict[str, Type["ScopeData"]]: A dictionary of all namespace prefixes registered in the scope registry.
+                Each namespace corresponds to a ScopeData subclass (e.g., 'lib', 'sc').
+
+        Examples:
+            >>> ScopeMeta.get_all_namespaces()
+            {'sc': ScopeData, 'lib': ContentLibraryData, 'org': OrganizationData}
+        """
+        return mcs.scope_registry
+
     @classmethod
     def validate_external_key(mcs, external_key: str) -> bool:
         """Validate the external_key format for the subclass.

openedx_authz/rest_api/v1/serializers.py

@@ -98,8 +98,36 @@ class ListUsersInRoleWithScopeSerializer(ScopeMixin):  # pylint: disable=abstrac
     search = LowercaseCharField(required=False, default=None)
 
 
-class ListRolesWithScopeSerializer(ScopeMixin):  # pylint: disable=abstract-method
-    """Serializer for listing roles with a scope."""
+class ListRolesWithNamespaceSerializer(serializers.Serializer):  # pylint: disable=abstract-method
+    """Serializer for listing roles within a namespace."""
+
+    namespace = serializers.CharField(max_length=255)
+
+    def validate_namespace(self, value: str) -> api.ScopeData:
+        """Validate and convert namespace string to a ScopeData instance.
+
+        Checks that the provided namespace is registered in the scope registry and
+        returns an instance of the appropriate ScopeData subclass with a wildcard
+        external_key to represent all scopes within that namespace.
+
+        Args:
+            value: The namespace string to validate (e.g., 'lib', 'sc', 'org').
+
+        Returns:
+            ScopeData: An instance of the appropriate ScopeData subclass for the
+                namespace, initialized with external_key="*".
+
+        Raises:
+            serializers.ValidationError: If the namespace is not registered in the scope registry.
+
+        Examples:
+            >>> validate_namespace('lib')
+            ContentLibraryData(external_key='*')
+        """
+        namespaces = api.ScopeData.get_all_namespaces()
+        if value not in namespaces:
+            raise serializers.ValidationError(f"'{value}' is not a valid namespace")
+        return namespaces[value](external_key="*")
 
 
 class ListUsersInRoleWithScopeResponseSerializer(serializers.Serializer):  # pylint: disable=abstract-method

openedx_authz/rest_api/v1/views.py

@@ -27,8 +27,8 @@
 from openedx_authz.rest_api.v1.permissions import HasLibraryPermission
 from openedx_authz.rest_api.v1.serializers import (
     AddUsersToRoleWithScopeSerializer,
+    ListRolesWithNamespaceSerializer,
     ListRolesWithScopeResponseSerializer,
-    ListRolesWithScopeSerializer,
     ListUsersInRoleWithScopeSerializer,
     PermissionValidationResponseSerializer,
     PermissionValidationSerializer,
@@ -300,17 +300,17 @@ def delete(self, request: HttpRequest) -> Response:
 
 @view_auth_classes()
 class RoleListView(APIView):
-    """API view for retrieving role definitions and their associated permissions.
+    """API view for retrieving role definitions and their associated permissions within a specific namespace.
 
     This view provides read-only access to role definitions within a specific
-    authorization scope. It returns detailed information about each role including
+    authorization namespace. It returns detailed information about each role including
     the permissions granted and the number of users assigned to each role.
 
     **Endpoints**
-        GET: Retrieve all roles and their permissions for a specific scope
+        GET: Retrieve all roles and their permissions for a specific namespace
 
     **Query Parameters**
-        - scope (Required): The authorization scope to query roles for (e.g., 'lib^*')
+        - namespace (Required): The namespace to query roles for (e.g., 'lib')
         - page (Optional): Page number for pagination
         - page_size (Optional): Number of items per page
 
@@ -324,7 +324,7 @@ class RoleListView(APIView):
         Requires authenticated user.
 
     **Example Request**
-        GET /api/authz/v1/roles/?scope=lib^*&page=1&page_size=10
+        GET /api/authz/v1/roles/?namespace=lib&page=1&page_size=10
 
     **Example Response**
         {
@@ -350,7 +350,7 @@ class RoleListView(APIView):
 
     @apidocs.schema(
         parameters=[
-            apidocs.query_parameter("scope", str, description="The scope to query roles for"),
+            apidocs.query_parameter("namespace", str, description="The namespace to query roles for"),
             apidocs.query_parameter("page", int, description="Page number for pagination"),
             apidocs.query_parameter("page_size", int, description="Number of items per page"),
         ],
@@ -361,13 +361,11 @@ class RoleListView(APIView):
         },
     )
     def get(self, request: HttpRequest) -> Response:
-        """Retrieve all roles and their permissions for a specific scope."""
-        serializer = ListRolesWithScopeSerializer(data=request.query_params)
+        """Retrieve all roles and their permissions for a specific namespace."""
+        serializer = ListRolesWithNamespaceSerializer(data=request.query_params)
         serializer.is_valid(raise_exception=True)
 
-        scope = api.ContentLibraryData(external_key=serializer.validated_data["scope"])
-        roles = api.get_role_definitions_in_scope(scope)
-
+        roles = api.get_role_definitions_in_scope(serializer.validated_data["namespace"])
         response_data = []
         for role in roles:
             users = api.get_users_for_role(role.external_key)