feat: add HasLibraryPermission in api views

Author: BryanttV

openedx_authz/rest_api/v1/permissions.py

@@ -1 +1,17 @@
 """Permissions for the Open edX AuthZ REST API."""
+
+from rest_framework.permissions import SAFE_METHODS, BasePermission
+
+from openedx_authz.api.users import user_has_permission
+
+
+class HasLibraryPermission(BasePermission):
+    """Permission to check if the user has the library permission."""
+
+    def has_permission(self, request, view):
+        """Check if the user has the library permission."""
+        scope = request.data.get("scope") if request.data else request.query_params.get("scope")
+
+        if request.method in SAFE_METHODS:
+            return user_has_permission(request.user.username, "view_library_team", scope)
+        return user_has_permission(request.user.username, "manage_library_team", scope)

openedx_authz/rest_api/v1/views.py

@@ -17,6 +17,7 @@
 from openedx_authz import api
 from openedx_authz.rest_api.utils import filter_users, get_user_by_username_or_email, sort_users, view_auth_classes
 from openedx_authz.rest_api.v1.paginators import AuthZAPIViewPagination
+from openedx_authz.rest_api.v1.permissions import HasLibraryPermission
 from openedx_authz.rest_api.v1.serializers import (
     AddUserToRoleWithScopeSerializer,
     ListRolesWithScopeResponseSerializer,
@@ -85,6 +86,7 @@ class RoleUserAPIView(APIView):
     """
 
     pagination_class = AuthZAPIViewPagination
+    permission_classes = [HasLibraryPermission]
 
     @apidocs.schema(
         parameters=[