feat: add function to retrieve role assignments in scope

BryanttV · BryanttV · commit bd4fedf37d5f · 2025-10-01T22:35:41.000-05:00
diff --git a/openedx_authz/api/roles.py b/openedx_authz/api/roles.py
@@ -163,6 +163,29 @@ def get_role_definitions_in_scope(scope: ScopeData) -> list[RoleData]:
     ]
 
 
+def get_role_assignments_in_scope(
+    scope: ScopeData
+) -> list[RoleAssignmentData]:
+    """Get all the role assignments in a specific scope.
+
+    Args:
+        scope: The scope to filter role assignments (e.g., 'library:123' or '*' for global).
+    """
+    enforcer.load_policy()
+    filtered_policy = enforcer.get_filtered_grouping_policy(
+        PolicyIndex.SCOPE.value, scope.scope_id
+    )
+
+    return [
+        RoleAssignmentData(
+            subject=SubjectData(subject_id=policy[GroupingPolicyIndex.SUBJECT.value]),
+            role=RoleData(role_id=policy[GroupingPolicyIndex.ROLE.value]),
+            scope=scope,
+        )
+        for policy in filtered_policy
+    ]
+
+
 def get_all_roles_names() -> list[str]:
     """Get all the available roles names in the current environment.
 
diff --git a/openedx_authz/rest_api/v1/serializers.py b/openedx_authz/rest_api/v1/serializers.py
@@ -43,9 +43,11 @@ class RemoveUserFromRoleWithScopeSerializer(RoleMixin, ScopeMixin):  # pylint: d
     user = serializers.CharField(max_length=255)
 
 
-class ListUsersInRoleWithScopeSerializer(RoleMixin, ScopeMixin):  # pylint: disable=abstract-method
+class ListUsersInRoleWithScopeSerializer(ScopeMixin):  # pylint: disable=abstract-method
     """Serializer for listing users in a role with a scope."""
 
+    role = serializers.CharField(max_length=255, required=False)
+
 
 class ListRolesWithScopeSerializer(ScopeMixin):  # pylint: disable=abstract-method
     """Serializer for listing roles with a scope."""
diff --git a/openedx_authz/rest_api/v1/views.py b/openedx_authz/rest_api/v1/views.py
@@ -8,7 +8,6 @@
 import logging
 
 import edx_api_doc_tools as apidocs
-from common.djangoapps.student.models.user import get_user_by_username_or_email
 from django.contrib.auth import get_user_model
 from django.http import HttpRequest
 from rest_framework import status
@@ -18,7 +17,7 @@
 
 from openedx_authz.api.data import ActionData, ScopeData, UserData
 from openedx_authz.api.permissions import has_permission
-from openedx_authz.api.roles import get_role_definitions_in_scope
+from openedx_authz.api.roles import get_role_definitions_in_scope, get_role_assignments_in_scope
 from openedx_authz.api.users import (
     assign_role_to_user_in_scope,
     get_user_role_assignments_for_role_in_scope,
@@ -35,6 +34,11 @@
     RemoveUserFromRoleWithScopeSerializer,
 )
 
+try:
+    from common.djangoapps.student.models.user import get_user_by_username_or_email
+except ImportError:
+    get_user_by_username_or_email = None
+
 logger = logging.getLogger(__name__)
 
 User = get_user_model()
@@ -110,10 +114,24 @@ def get(self, request: HttpRequest) -> Response:
         serializer = ListUsersInRoleWithScopeSerializer(data=request.query_params)
         serializer.is_valid(raise_exception=True)
 
-        role_name = serializer.validated_data["role"]
+        role_name = serializer.validated_data.get("role")
         scope = serializer.validated_data["scope"]
 
         response_data = []
+
+        # TODO: Should this be another endpoint?
+        if not role_name:
+            role_assignments = get_role_assignments_in_scope(ScopeData(name=scope))
+            for role_assignment in role_assignments:
+                response_data.append(
+                    {
+                        "role": role_assignment.role.name,
+                        # TODO: Include users by role
+                        "users": [],
+                    }
+                )
+            return Response(response_data, status=status.HTTP_200_OK)
+
         role_assignments = get_user_role_assignments_for_role_in_scope(role_name, scope)
         for assignment in role_assignments:
             # TODO: Should we get all users at once instead of one by one?
