feat: Implemented team member assignments endpoint

rodmgwgu · rodmgwgu · commit 832a7af1c743 · 2026-04-10T12:32:19.000-06:00
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -14,6 +14,14 @@ Change Log
 Unreleased
 **********
 
+1.6.0 - 2026-04-09
+******************
+
+Added
+=====
+
+* Add the ``/api/authz/v1/users/<username>/assignments`` endpoint to get a list of role assignations for a user.
+
 1.5.0 - 2026-04-09
 ******************
 
diff --git a/openedx_authz/__init__.py b/openedx_authz/__init__.py
@@ -4,6 +4,6 @@
 
 import os
 
-__version__ = "1.5.0"
+__version__ = "1.6.0"
 
 ROOT_DIRECTORY = os.path.dirname(os.path.abspath(__file__))
diff --git a/openedx_authz/api/users.py b/openedx_authz/api/users.py
@@ -44,6 +44,7 @@
     "get_user_role_assignments",
     "get_user_role_assignments_in_scope",
     "get_user_role_assignments_for_role_in_scope",
+    "get_user_role_assignments_for_user_filtered",
     "get_user_role_assignments_filtered",
     "get_all_user_role_assignments_in_scope",
     "get_visible_role_assignments_for_user",
@@ -168,6 +169,42 @@ def get_user_role_assignments_for_role_in_scope(
     )
 
 
+def get_user_role_assignments_for_user_filtered(
+    user_external_key: str,
+    orgs: list[str] = None,
+    roles: list[str] = None,
+    allowed_for_user_external_key: str = None,
+) -> list[RoleAssignmentData]:
+    """
+    Get role assignments for a specific user, filtered by orgs and/or roles,
+    and only include assignments that the specified user has permission to view.
+
+    Args:
+        user_external_key: The user to get assignments for (e.g., 'john_doe').
+        orgs: Optional list of orgs to filter by (e.g., ['edX', 'MITx']).
+        roles: Optional list of roles to filter by (e.g., ['library_admin']).
+        allowed_for_user_external_key: The username to check permissions against (e.g., 'john_doe').
+
+    Returns:
+        list[RoleAssignmentData]: A list of role assignments for the user, filtered by orgs/roles and permissions.
+    """
+    user_role_assignments = get_user_role_assignments(user_external_key=user_external_key)
+    # Filter assignments based on the user's permissions
+    user_role_assignments = _filter_allowed_assignments(
+        user_external_key=allowed_for_user_external_key,
+        assignments=user_role_assignments,
+    )
+    if orgs:
+        # Filter by orgs
+        user_role_assignments = [a for a in user_role_assignments if a.scope.org in orgs]
+    if roles:
+        # Filter by roles
+        user_role_assignments = [
+            a for a in user_role_assignments if any(role.external_key in roles for role in a.roles)
+        ]
+    return user_role_assignments
+
+
 def get_user_role_assignments_filtered(
     *,
     user_external_key: str | None = None,
diff --git a/openedx_authz/rest_api/data.py b/openedx_authz/rest_api/data.py
@@ -20,6 +20,14 @@ class SortField(BaseEnum):
     EMAIL = "email"
 
 
+class AssignmentSortField(BaseEnum):
+    """Enum for the role assignment fields to sort by."""
+
+    ROLE = "role"
+    ORG = "org"
+    SCOPE = "scope"
+
+
 class SortOrder(BaseEnum):
     """Enum for the order to sort by."""
 
diff --git a/openedx_authz/rest_api/utils.py b/openedx_authz/rest_api/utils.py
@@ -2,9 +2,10 @@
 
 from openedx_authz.api.data import (
     GLOBAL_SCOPE_WILDCARD,
+    RoleAssignmentData,
     ScopeData,
 )
-from openedx_authz.rest_api.data import SearchField, SortField, SortOrder
+from openedx_authz.rest_api.data import AssignmentSortField, SearchField, SortField, SortOrder
 
 
 def get_generic_scope(scope: ScopeData) -> ScopeData:
@@ -93,3 +94,37 @@ def filter_users(users: list[dict], search: str | None, roles: list[str] | None)
         filtered_users.append(user)
 
     return filtered_users
+
+
+def sort_assignments(
+    assignments: list[RoleAssignmentData],
+    sort_by: AssignmentSortField = AssignmentSortField.ROLE,
+    order: SortOrder = SortOrder.ASC,
+) -> list[RoleAssignmentData]:
+    """
+    Sort role assignments by a given field and order.
+
+    Args:
+        assignments (list[RoleAssignmentData]): The assignments to sort.
+        sort_by (SortField, optional): The field to sort by. Defaults to AssignmentSortField.ROLE.
+        order (SortOrder, optional): The order to sort by. Defaults to SortOrder.ASC.
+
+    Raises:
+        ValueError: If the sort field is invalid.
+        ValueError: If the sort order is invalid.
+
+    Returns:
+        list[RoleAssignmentData]: The sorted assignments.
+    """
+    if sort_by not in AssignmentSortField.values():
+        raise ValueError(f"Invalid field: '{sort_by}'. Must be one of {AssignmentSortField.values()}")
+
+    if order not in SortOrder.values():
+        raise ValueError(f"Invalid order: '{order}'. Must be one of {SortOrder.values()}")
+
+    sorted_assignments = sorted(
+        assignments,
+        key=lambda assignment: (assignment.get(sort_by) or "").lower(),
+        reverse=order == SortOrder.DESC,
+    )
+    return sorted_assignments
diff --git a/openedx_authz/rest_api/v1/filters.py b/openedx_authz/rest_api/v1/filters.py
@@ -2,8 +2,8 @@
 
 from rest_framework.filters import BaseFilterBackend
 
-from openedx_authz.rest_api.data import SortField, SortOrder
-from openedx_authz.rest_api.utils import filter_users, sort_users
+from openedx_authz.rest_api.data import AssignmentSortField, SortField, SortOrder
+from openedx_authz.rest_api.utils import filter_users, sort_assignments, sort_users
 
 
 class TeamMemberSearchFilter(BaseFilterBackend):
@@ -21,3 +21,12 @@ def filter_queryset(self, request, queryset, view):
         sort_by = request.query_params.get("sort_by", SortField.USERNAME)
         order = request.query_params.get("order", SortOrder.ASC)
         return sort_users(users=queryset, sort_by=sort_by, order=order)
+
+
+class TeamMemberAssignmentsOrderingFilter(BaseFilterBackend):
+    """Sort team member assignments by a given field and order."""
+
+    def filter_queryset(self, request, queryset, view):
+        sort_by = request.query_params.get("sort_by", AssignmentSortField.ROLE)
+        order = request.query_params.get("order", SortOrder.ASC)
+        return sort_assignments(assignments=queryset, sort_by=sort_by, order=order)
diff --git a/openedx_authz/rest_api/v1/serializers.py b/openedx_authz/rest_api/v1/serializers.py
@@ -5,7 +5,7 @@
 
 from openedx_authz import api
 from openedx_authz.api.data import UserAssignments
-from openedx_authz.rest_api.data import SortField, SortOrder
+from openedx_authz.rest_api.data import AssignmentSortField, SortField, SortOrder
 from openedx_authz.rest_api.utils import get_generic_scope
 from openedx_authz.rest_api.v1.fields import (
     CaseSensitiveCommaSeparatedListField,
@@ -259,3 +259,47 @@ def get_email(self, obj: UserAssignments) -> str:
     def get_assignation_count(self, obj: UserAssignments) -> int:
         """Get the assignation count for the given role assignment."""
         return len(obj.assignments)
+
+
+class ListTeamMemberAssignmentsSerializer(serializers.Serializer):  # pylint: disable=abstract-method
+    """Serializer for listing team member assignments."""
+
+    orgs = CaseSensitiveCommaSeparatedListField(required=False, default=[])
+    roles = CaseSensitiveCommaSeparatedListField(required=False, default=[])
+    sort_by = serializers.ChoiceField(
+        required=False,
+        choices=[(e.value, e.name) for e in AssignmentSortField],
+        default=AssignmentSortField.ROLE,
+    )
+    order = serializers.ChoiceField(
+        required=False,
+        choices=[(e.value, e.name) for e in SortOrder],
+        default=SortOrder.ASC,
+    )
+
+
+class TeamMemberAssignmentSerializer(serializers.Serializer):  # pylint: disable=abstract-method
+    """Serializer for team member assignments."""
+
+    role = serializers.SerializerMethodField()
+    org = serializers.SerializerMethodField()
+    scope = serializers.SerializerMethodField()
+    permission_count = serializers.SerializerMethodField()
+
+    def get_role(self, obj: api.RoleAssignmentData) -> str:
+        """Get the role for the given role assignment."""
+        return obj.roles[0].external_key if obj.roles else ""
+
+    def get_org(self, obj: api.RoleAssignmentData) -> str:
+        """Get the org for the given role assignment."""
+        if isinstance(obj.scope, (api.ContentLibraryData, api.OrgContentLibraryGlobData)):
+            return obj.scope.org
+        return ""
+
+    def get_scope(self, obj: api.RoleAssignmentData) -> str:
+        """Get the scope for the given role assignment."""
+        return obj.scope.external_key
+
+    def get_permission_count(self, obj: api.RoleAssignmentData) -> int:
+        """Get the permission count for the given role assignment."""
+        return len(obj.roles[0].permissions) if obj.roles else 0
diff --git a/openedx_authz/rest_api/v1/urls.py b/openedx_authz/rest_api/v1/urls.py
@@ -14,4 +14,5 @@
     path("roles/users/", views.RoleUserAPIView.as_view(), name="role-user-list"),
     path("orgs/", views.AdminConsoleOrgsAPIView.as_view(), name="orgs-list"),
     path("users/", views.TeamMembersAPIView.as_view(), name="user-list"),
+    path("users/<str:username>/assignments", views.TeamMemberAssignmentsAPIView.as_view(), name="user-assignment-list"),
 ]
diff --git a/openedx_authz/rest_api/v1/views.py b/openedx_authz/rest_api/v1/views.py
@@ -20,6 +20,7 @@
 from rest_framework.views import APIView
 
 from openedx_authz import api
+from openedx_authz.api.users import get_user_role_assignments_for_user_filtered
 from openedx_authz.api.utils import get_user_map
 from openedx_authz.constants import permissions
 from openedx_authz.rest_api.data import RoleOperationError, RoleOperationStatus
@@ -29,18 +30,24 @@
     get_generic_scope,
     sort_users,
 )
-from openedx_authz.rest_api.v1.filters import TeamMemberOrderingFilter, TeamMemberSearchFilter
+from openedx_authz.rest_api.v1.filters import (
+    TeamMemberAssignmentsOrderingFilter,
+    TeamMemberOrderingFilter,
+    TeamMemberSearchFilter,
+)
 from openedx_authz.rest_api.v1.paginators import AuthZAPIViewPagination
 from openedx_authz.rest_api.v1.permissions import AnyScopePermission, DynamicScopePermission
 from openedx_authz.rest_api.v1.serializers import (
     AddUsersToRoleWithScopeSerializer,
     ListRolesWithScopeResponseSerializer,
     ListRolesWithScopeSerializer,
+    ListTeamMemberAssignmentsSerializer,
     ListTeamMembersSerializer,
     ListUsersInRoleWithScopeSerializer,
     PermissionValidationResponseSerializer,
     PermissionValidationSerializer,
     RemoveUsersFromRoleWithScopeSerializer,
+    TeamMemberAssignmentSerializer,
     TeamMemberSerializer,
     UserRoleAssignmentSerializer,
 )
@@ -590,3 +597,50 @@ def get(self, request: HttpRequest) -> Response:
         paginator = self.pagination_class()
         paginated_response_data = paginator.paginate_queryset(team_members, request)
         return paginator.get_paginated_response(paginated_response_data)
+
+
+@view_auth_classes()
+class TeamMemberAssignmentsAPIView(APIView):
+    """
+    API view for listing user role assignments
+    """
+
+    pagination_class = AuthZAPIViewPagination
+    filter_backends = [TeamMemberAssignmentsOrderingFilter]
+
+    @apidocs.schema(
+        parameters=[
+            apidocs.query_parameter("orgs", str, description="The orgs to query assignations for"),
+            apidocs.query_parameter("roles", str, description="The roles to query assignations for"),
+            apidocs.query_parameter("sort_by", str, description="The field to sort by"),
+            apidocs.query_parameter("order", str, description="The order to sort by"),
+            apidocs.query_parameter("page", int, description="Page number for pagination"),
+            apidocs.query_parameter("page_size", int, description="Number of items per page"),
+        ],
+        responses={
+            status.HTTP_200_OK: TeamMemberAssignmentSerializer(many=True),
+            status.HTTP_400_BAD_REQUEST: "The request parameters are invalid",
+            status.HTTP_401_UNAUTHORIZED: "The user is not authenticated or does not have the required permissions",
+        },
+    )
+    def get(self, request: HttpRequest, username: str) -> Response:
+        """Retrieve all user role assignments."""
+        serializer = ListTeamMemberAssignmentsSerializer(data=request.query_params)
+        serializer.is_valid(raise_exception=True)
+        query_params = serializer.validated_data
+
+        user_role_assignments = get_user_role_assignments_for_user_filtered(
+            user_external_key=username,
+            orgs=query_params.get("orgs"),
+            roles=query_params.get("roles"),
+            allowed_for_user_external_key=request.user.username,
+        )
+
+        assignments = TeamMemberAssignmentSerializer(user_role_assignments, many=True).data
+        for backend in self.filter_backends:
+            assignments = backend().filter_queryset(request, assignments, self)
+
+        # Paginate
+        paginator = self.pagination_class()
+        paginated_response_data = paginator.paginate_queryset(assignments, request)
+        return paginator.get_paginated_response(paginated_response_data)
diff --git a/openedx_authz/tests/rest_api/test_views.py b/openedx_authz/tests/rest_api/test_views.py

Original file line number	Diff line number	Diff line change
`@@ -14,4 +14,5 @@`
`14`	`14`	`path("roles/users/", views.RoleUserAPIView.as_view(), name="role-user-list"),`
`15`	`15`	`path("orgs/", views.AdminConsoleOrgsAPIView.as_view(), name="orgs-list"),`
`16`	`16`	`path("users/", views.TeamMembersAPIView.as_view(), name="user-list"),`
	`17`	`+ path("users/<str:username>/assignments", views.TeamMemberAssignmentsAPIView.as_view(), name="user-assignment-list"),`
`17`	`18`	`]`