feat: add PoC permission and role

Author: dwong2708

openedx_authz/constants/permissions.py

@@ -53,3 +53,12 @@
     action=ActionData(external_key=f"{CONTENT_LIBRARIES_NAMESPACE}.delete_library_collection"),
     effect="allow",
 )
+
+# Course Permissions
+
+COURSES_NAMESPACE = "courses"
+
+MANAGE_ADVANCED_SETTINGS = PermissionData(
+    action=ActionData(external_key=f"{COURSES_NAMESPACE}.manage_advanced_settings"),
+    effect="allow",
+)

openedx_authz/constants/roles.py

@@ -56,3 +56,13 @@
 LIBRARY_AUTHOR = RoleData(external_key="library_author", permissions=LIBRARY_AUTHOR_PERMISSIONS)
 LIBRARY_CONTRIBUTOR = RoleData(external_key="library_contributor", permissions=LIBRARY_CONTRIBUTOR_PERMISSIONS)
 LIBRARY_USER = RoleData(external_key="library_user", permissions=LIBRARY_USER_PERMISSIONS)
+
+
+# Course Roles and Permissions
+
+
+COURSE_STAFF_PERMISSIONS = [
+    permissions.MANAGE_ADVANCED_SETTINGS,
+]
+
+COURSE_STAFF = RoleData(external_key="course_staff", permissions=COURSE_STAFF_PERMISSIONS)

openedx_authz/engine/config/authz.policy

@@ -68,3 +68,9 @@ g2, act^content_libraries.manage_library_team, act^content_libraries.view_librar
 g2, act^content_libraries.delete_library_collection, act^content_libraries.edit_library_collection
 g2, act^content_libraries.create_library_collection, act^content_libraries.edit_library_collection
 g2, act^content_libraries.edit_library_collection, act^content_libraries.view_library
+
+
+# Course Policies
+
+# Course Staff Permissions
+p, role^course_staff, act^courses.manage_advanced_settings, course^*, allow

openedx_authz/tests/test_enforcer.py

@@ -413,7 +413,7 @@ def test_multi_scope_filtering(self):
         org_count = len(global_enforcer.get_policy())
 
         self.assertEqual(lib_count, expected_lib_count)
-        self.assertEqual(course_count, 6)
+        self.assertEqual(course_count, 7)
         self.assertEqual(org_count, 3)
 
         global_enforcer.clear_policy()

openedx_authz/tests/test_engine_utils.py

@@ -76,10 +76,10 @@ def test_migrate_all_file_policies_to_database(self):
 
         Expected Result:
             - All policies from the file are loaded into the database
-            - The file contains 31 regular policies (p rules)
+            - The file contains 32 regular policies (p rules)
             - Policy content matches expected file content
         """
-        expected_policy_count = 31
+        expected_policy_count = 32
 
         migrate_policy_between_enforcers(self.source_enforcer, self.target_enforcer)
         self.target_enforcer.load_policy()
@@ -216,7 +216,7 @@ def test_migrate_complete_file_contents(self):
 
         self.assertEqual(
             len(self.target_enforcer.get_policy()),
-            31,
+            32,
             "Should have 31 regular policies from file",
         )
         self.assertEqual(
@@ -250,8 +250,8 @@ def test_migrate_partial_duplicates(self):
         target_policies = self.target_enforcer.get_policy()
         self.assertEqual(
             len(target_policies),
-            31,
-            "Should have 31 policies total, with no duplicates",
+            32,
+            "Should have 32 policies total, with no duplicates",
         )
 
         duplicates = CasbinRule.objects.values("v0", "v1", "v2").annotate(total=Count("*")).filter(total__gt=1)
@@ -346,7 +346,7 @@ def test_migrate_preserves_existing_db_policies(self):
         migrate_policy_between_enforcers(self.source_enforcer, self.target_enforcer)
 
         target_policies = self.target_enforcer.get_policy()
-        self.assertEqual(len(target_policies), 32, "Should have 31 file policies + 1 custom policy")
+        self.assertEqual(len(target_policies), 33, "Should have 32 file policies + 1 custom policy")
         self.assertIn(custom_policy, target_policies, "Custom database policy should be preserved")
 
     def test_migrate_preserves_user_role_assignments_in_db(self):
@@ -382,4 +382,4 @@ def test_migrate_preserves_user_role_assignments_in_db(self):
         )
 
         target_policies = self.target_enforcer.get_policy()
-        self.assertEqual(len(target_policies), 31, "All 31 policies from file should be loaded")
+        self.assertEqual(len(target_policies), 32, "All 32 policies from file should be loaded")