feat: Implemented team member assignments endpoint

Author: rodmgwgu

openedx_authz/rest_api/data.py

@@ -20,6 +20,14 @@ class SortField(BaseEnum):
     EMAIL = "email"
 
 
+class AssignmentSortField(BaseEnum):
+    """Enum for the role assignment fields to sort by."""
+
+    ROLE = "role"
+    ORG = "org"
+    SCOPE = "scope"
+
+
 class SortOrder(BaseEnum):
     """Enum for the order to sort by."""
 

openedx_authz/rest_api/utils.py

@@ -16,7 +16,7 @@
 )
 from openedx_authz.api.users import is_user_allowed
 from openedx_authz.constants.permissions import COURSES_VIEW_COURSE, VIEW_LIBRARY
-from openedx_authz.rest_api.data import SearchField, SortField, SortOrder
+from openedx_authz.rest_api.data import AssignmentSortField, SearchField, SortField, SortOrder
 
 logger = logging.getLogger(__name__)
 
@@ -131,6 +131,40 @@ def filter_users(users: list[dict], search: str | None, roles: list[str] | None)
     return filtered_users
 
 
+def sort_assignments(
+    assignments: list[RoleAssignmentData],
+    sort_by: AssignmentSortField = AssignmentSortField.ROLE,
+    order: SortOrder = SortOrder.ASC,
+) -> list[RoleAssignmentData]:
+    """
+    Sort role assignments by a given field and order.
+
+    Args:
+        assignments (list[RoleAssignmentData]): The assignments to sort.
+        sort_by (SortField, optional): The field to sort by. Defaults to AssignmentSortField.ROLE.
+        order (SortOrder, optional): The order to sort by. Defaults to SortOrder.ASC.
+
+    Raises:
+        ValueError: If the sort field is invalid.
+        ValueError: If the sort order is invalid.
+
+    Returns:
+        list[RoleAssignmentData]: The sorted assignments.
+    """
+    if sort_by not in AssignmentSortField.values():
+        raise ValueError(f"Invalid field: '{sort_by}'. Must be one of {AssignmentSortField.values()}")
+
+    if order not in SortOrder.values():
+        raise ValueError(f"Invalid order: '{order}'. Must be one of {SortOrder.values()}")
+
+    sorted_assignments = sorted(
+        assignments,
+        key=lambda assignment: (assignment.get(sort_by) or "").lower(),
+        reverse=order == SortOrder.DESC,
+    )
+    return sorted_assignments
+
+
 @dataclass
 class UserAssignments:
     user: "User"

openedx_authz/rest_api/v1/serializers.py

@@ -250,3 +250,47 @@ def get_email(self, obj: UserAssignments) -> str:
     def get_assignation_count(self, obj: UserAssignments) -> int:
         """Get the assignation count for the given role assignment."""
         return len(obj.assignments)
+
+
+class ListTeamMemberAssignmentsSerializer(serializers.Serializer):  # pylint: disable=abstract-method
+    """Serializer for listing team member assignments."""
+
+    orgs = CaseSensitiveCommaSeparatedListField(required=False, default=[])
+    roles = CaseSensitiveCommaSeparatedListField(required=False, default=[])
+    sort_by = serializers.ChoiceField(
+        required=False,
+        choices=[(e.value, e.name) for e in SortField],
+        default=SortField.USERNAME,
+    )
+    order = serializers.ChoiceField(
+        required=False,
+        choices=[(e.value, e.name) for e in SortOrder],
+        default=SortOrder.ASC,
+    )
+
+
+class TeamMemberAssignmentSerializer(serializers.Serializer):  # pylint: disable=abstract-method
+    """Serializer for team member assignments."""
+
+    role = serializers.SerializerMethodField()
+    org = serializers.SerializerMethodField()
+    scope = serializers.SerializerMethodField()
+    permission_count = serializers.SerializerMethodField()
+
+    def get_role(self, obj: api.RoleAssignmentData) -> str:
+        """Get the role for the given role assignment."""
+        return obj.roles[0].external_key if obj.roles else ""
+
+    def get_org(self, obj: api.RoleAssignmentData) -> str:
+        """Get the org for the given role assignment."""
+        if isinstance(obj.scope, (api.ContentLibraryData, api.OrgContentLibraryGlobData)):
+            return obj.scope.org
+        return ""
+
+    def get_scope(self, obj: api.RoleAssignmentData) -> str:
+        """Get the scope for the given role assignment."""
+        return obj.scope.external_key
+
+    def get_permission_count(self, obj: api.RoleAssignmentData) -> int:
+        """Get the permission count for the given role assignment."""
+        return len(obj.roles[0].permissions) if obj.roles else 0

openedx_authz/rest_api/v1/urls.py

@@ -13,4 +13,5 @@
     path("roles/", views.RoleListView.as_view(), name="role-list"),
     path("roles/users/", views.RoleUserAPIView.as_view(), name="role-user-list"),
     path("users/", views.TeamMembersAPIView.as_view(), name="user-list"),
+    path("users/<str:username>/assignments", views.TeamMemberAssignmentsAPIView.as_view(), name="user-assignment-list"),
 ]

openedx_authz/rest_api/v1/views.py

@@ -16,7 +16,7 @@
 
 from openedx_authz import api
 from openedx_authz.constants import permissions
-from openedx_authz.rest_api.data import RoleOperationError, RoleOperationStatus, SortField
+from openedx_authz.rest_api.data import AssignmentSortField, RoleOperationError, RoleOperationStatus, SortField
 from openedx_authz.rest_api.decorators import authz_permissions, view_auth_classes
 from openedx_authz.rest_api.utils import (
     UserAssignments,
@@ -25,6 +25,7 @@
     get_generic_scope,
     get_user_assignment_map,
     get_user_map,
+    sort_assignments,
     sort_users,
 )
 from openedx_authz.rest_api.v1.paginators import AuthZAPIViewPagination
@@ -33,11 +34,13 @@
     AddUsersToRoleWithScopeSerializer,
     ListRolesWithScopeResponseSerializer,
     ListRolesWithScopeSerializer,
+    ListTeamMemberAssignmentsSerializer,
     ListTeamMembersSerializer,
     ListUsersInRoleWithScopeSerializer,
     PermissionValidationResponseSerializer,
     PermissionValidationSerializer,
     RemoveUsersFromRoleWithScopeSerializer,
+    TeamMemberAssignmentSerializer,
     TeamMemberSerializer,
     UserRoleAssignmentSerializer,
 )
@@ -527,3 +530,60 @@ def get(self, request: HttpRequest) -> Response:
         paginator = self.pagination_class()
         paginated_response_data = paginator.paginate_queryset(sorted_team_members, request)
         return paginator.get_paginated_response(paginated_response_data)
+
+
+@view_auth_classes()
+class TeamMemberAssignmentsAPIView(APIView):
+    """
+    API view for listing user role assignments
+    """
+
+    pagination_class = AuthZAPIViewPagination
+
+    @apidocs.schema(
+        parameters=[
+            apidocs.query_parameter("orgs", str, description="The orgs to query assignations for"),
+            apidocs.query_parameter("roles", str, description="The roles to query assignations for"),
+            apidocs.query_parameter("sort_by", str, description="The field to sort by"),
+            apidocs.query_parameter("order", str, description="The order to sort by"),
+            apidocs.query_parameter("page", int, description="Page number for pagination"),
+            apidocs.query_parameter("page_size", int, description="Number of items per page"),
+        ],
+        responses={
+            status.HTTP_200_OK: TeamMemberAssignmentSerializer(many=True),
+            status.HTTP_400_BAD_REQUEST: "The request parameters are invalid",
+            status.HTTP_401_UNAUTHORIZED: "The user is not authenticated or does not have the required permissions",
+        },
+    )
+    def get(self, request: HttpRequest, username: str) -> Response:
+        """Retrieve all user role assignments."""
+        serializer = ListTeamMemberAssignmentsSerializer(data=request.query_params)
+        serializer.is_valid(raise_exception=True)
+        query_params = serializer.validated_data
+
+        user_role_assignments = api.get_user_role_assignments(user_external_key=username)
+        # Filter assignments based on the user's permissions
+        user_role_assignments = filter_allowed_assignments(user=request.user, assignments=user_role_assignments)
+
+        orgs = query_params.get("orgs")
+        roles = query_params.get("roles")
+        order = query_params.get("order")
+        sort_by = query_params.get("sort_by", AssignmentSortField.ROLE)
+
+        if orgs:
+            # Filter by orgs
+            user_role_assignments = [a for a in user_role_assignments if a.scope.org in orgs]
+
+        if roles:
+            # Filter by roles
+            user_role_assignments = [
+                a for a in user_role_assignments if any(role.external_key in roles for role in a.roles)
+            ]
+
+        assignments = TeamMemberAssignmentSerializer(user_role_assignments, many=True)
+        # Sort
+        sorted_assignments = sort_assignments(assignments=assignments.data, sort_by=sort_by, order=order)
+        # Paginate
+        paginator = self.pagination_class()
+        paginated_response_data = paginator.paginate_queryset(sorted_assignments, request)
+        return paginator.get_paginated_response(paginated_response_data)