Skip to content

Commit 7bffc13

Browse files
BryanttVBryanttV
committed
feat: add minimum policies to admin and anonymous users
1 parent 62b30ca commit 7bffc13

1 file changed

Lines changed: 39 additions & 0 deletions

File tree

openedx_authz/apps.py

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,3 +40,42 @@ class OpenedxAuthzConfig(AppConfig):
4040
},
4141
},
4242
}
43+
44+
def ready(self):
45+
"""
46+
Add admin users to the authorization policy.
47+
"""
48+
# pylint: disable=import-outside-toplevel
49+
from django.contrib.auth import get_user_model
50+
from dauthz.core import enforcer
51+
52+
# Add minimum policies for anonymous users
53+
anonymous_policies = [
54+
("/", "*"),
55+
("/login", "*"),
56+
("/api/mfe_config/v1", "*"),
57+
("/login_refresh", "*"),
58+
("/csrf/api/v1/token", "*"),
59+
("/api/user/v2/account/login_session/", "*"),
60+
("/dashboard", "*"),
61+
("/__debug__/history_sidebar/", "*"),
62+
("/theming/asset/images/no_course_image.png", "*"),
63+
]
64+
65+
for resource, action in anonymous_policies:
66+
if not enforcer.has_policy("anonymous", resource, action):
67+
enforcer.add_policy("anonymous", resource, action)
68+
69+
enforcer.save_policy()
70+
print("\n\nAdded minimum policies for anonymous users!")
71+
72+
# Ensure admin users have access to all resources
73+
User = get_user_model()
74+
75+
enforcer.add_policy("admin", "*", "*")
76+
admin_users = User.objects.filter(is_staff=True, is_superuser=True)
77+
for user in admin_users:
78+
enforcer.add_role_for_user(user.username, "admin")
79+
enforcer.save_policy()
80+
81+
print("Added admin users to the authorization policy!\n\n")

0 commit comments

Comments
 (0)