squash!: Change type to scope_type, add org filtering

rodmgwgu · rodmgwgu · commit f5e5636d3996 · 2026-04-15T15:36:55.000-06:00
diff --git a/openedx_authz/rest_api/v1/serializers.py b/openedx_authz/rest_api/v1/serializers.py
@@ -51,6 +51,12 @@ class OrderMixin(serializers.Serializer):  # pylint: disable=abstract-method
     )
 
 
+class OrgMixin(serializers.Serializer):  # pylint: disable=abstract-method
+    """Mixin providing org field functionality."""
+
+    org = serializers.CharField(required=False, max_length=255)
+
+
 class PermissionValidationSerializer(ActionMixin, ScopeMixin):  # pylint: disable=abstract-method
     """Serializer for permission validation request."""
 
@@ -217,11 +223,11 @@ def get_roles(self, obj: api.RoleAssignmentData) -> list[str]:
         return [role.external_key for role in obj.roles]
 
 
-class ListScopesSerializer(serializers.Serializer):  # pylint: disable=abstract-method
-    """Serializer for validating query parameters in AdminConsoleScopesAPIView."""
+class ListScopesQuerySerializer(OrgMixin):  # pylint: disable=abstract-method
+    """Serializer for validating query parameters in ScopesAPIView."""
 
     management_permission_only = serializers.BooleanField(required=False, default=False)
-    type = serializers.ChoiceField(choices=["course", "library"], required=False, default=None, allow_null=True)
+    scope_type = serializers.ChoiceField(choices=["course", "library"], required=False, default=None, allow_null=True)
     search = serializers.CharField(required=False, default="", allow_blank=True)
 
 
diff --git a/openedx_authz/rest_api/v1/urls.py b/openedx_authz/rest_api/v1/urls.py
@@ -18,5 +18,5 @@
     path(
         "users/<str:username>/assignments/", views.TeamMemberAssignmentsAPIView.as_view(), name="user-assignment-list"
     ),
-    path("scopes/", views.AdminConsoleScopesAPIView.as_view(), name="scope-list"),
+    path("scopes/", views.ScopesAPIView.as_view(), name="scope-list"),
 ]
diff --git a/openedx_authz/rest_api/v1/views.py b/openedx_authz/rest_api/v1/views.py
@@ -58,7 +58,7 @@
     ListRolesWithScopeResponseSerializer,
     ListRolesWithScopeSerializer,
     ListTeamMemberAssignmentsQuerySerializer,
-    ListScopesSerializer,
+    ListScopesQuerySerializer,
     ListTeamMembersSerializer,
     ListUsersInRoleWithScopeSerializer,
     PermissionValidationResponseSerializer,
@@ -587,6 +587,7 @@ def get_queryset(self) -> QuerySet:
     "get",
     parameters=[
         apidocs.query_parameter("search", str, description="Filter scopes by display name"),
+        apidocs.query_parameter("org", str, description="Filter scopes by org"),
         apidocs.query_parameter("page", int, description="Page number for pagination"),
         apidocs.query_parameter("page_size", int, description="Number of items per page"),
         apidocs.query_parameter(
@@ -598,18 +599,19 @@ def get_queryset(self) -> QuerySet:
             ),
         ),
         apidocs.query_parameter(
-            "type",
+            "scope_type",
             str,
             description="Filter by scope type. Either 'course' or 'library'. Returns both if not specified.",
         ),
     ],
     responses={
         status.HTTP_200_OK: ScopeSerializer(many=True),
         status.HTTP_400_BAD_REQUEST: "The request parameters are invalid",
-        status.HTTP_401_UNAUTHORIZED: "The user is not authenticated or does not have the required permissions",
+        status.HTTP_401_UNAUTHORIZED: "The user is not authenticated",
+        status.HTTP_403_FORBIDDEN: "The user does not have the required permisisons",
     },
 )
-class AdminConsoleScopesAPIView(generics.ListAPIView):
+class ScopesAPIView(generics.ListAPIView):
     """
     API view for listing scopes
     This API is used on the filters and assign roles functionality on the Admin Console.
@@ -621,9 +623,10 @@ class AdminConsoleScopesAPIView(generics.ListAPIView):
     **Query Parameters**
 
     - search (Optional): Search term to filter scopes by display name
+    - org (Optional): Filter scopes by org
     - page (Optional): Page number for pagination
     - page_size (Optional): Number of items per page
-    - type (Optional): Filter scopes by type. Supported values are `course` and `library`.
+    - scope_type (Optional): Filter scopes by type. Supported values are `course` and `library`.
     - management_permission_only (Optional): Filter scopes either by only the ones to which the user has "manage team"
         permissions (if true), or just "view team" permissions.
 
@@ -678,12 +681,17 @@ def get_serializer_context(self):
         return context
 
     def _get_courses_queryset(
-        self, allowed_ids: set | None = None, allowed_orgs: set | None = None, search: str = ""
+        self,
+        allowed_ids: set | None = None,
+        allowed_orgs: set | None = None,
+        search: str = "",
+        org: str = "",
     ) -> QuerySet:
         """Return a CourseOverview queryset projected to the unified scope shape.
 
         If allowed_ids and/or allowed_orgs are provided, filter to matching courses.
         If search is provided, filter by display_name.
+        If org is provided, filter by org short_name.
         """
         qs = CourseOverview.objects
         if allowed_ids is not None or allowed_orgs is not None:
@@ -694,6 +702,8 @@ def _get_courses_queryset(
                 qs = qs.none()
             else:
                 qs = qs.filter(combined_filter)
+        if org:
+            qs = qs.filter(org=org)
         if search:
             qs = qs.filter(display_name__icontains=search)
         return qs.annotate(
@@ -704,12 +714,17 @@ def _get_courses_queryset(
         ).values("scope_id", "display_name_col", "org_name", "scope_type")
 
     def _get_libraries_queryset(
-        self, allowed_pairs: set | None = None, allowed_orgs: set | None = None, search: str = ""
+        self,
+        allowed_pairs: set | None = None,
+        allowed_orgs: set | None = None,
+        search: str = "",
+        org: str = "",
     ) -> QuerySet:
         """Return a ContentLibrary queryset projected to the unified scope shape.
 
         If allowed_pairs and/or allowed_orgs are provided, filter to matching libraries.
         If search is provided, filter by learning_package__title.
+        If org is provided, filter by org short_name.
         """
         qs = ContentLibrary.objects
         if allowed_pairs is not None or allowed_orgs is not None:
@@ -724,6 +739,8 @@ def _get_libraries_queryset(
                 qs = qs.none()
             else:
                 qs = qs.filter(combined)
+        if org:
+            qs = qs.filter(org__short_name=org)
         if search:
             qs = qs.filter(learning_package__title__icontains=search)
         return qs.annotate(
@@ -750,16 +767,17 @@ def get_queryset(self) -> QuerySet:
         user = self.request.user
 
         # Validate and parse query parameters.
-        params_serializer = ListScopesSerializer(data=self.request.query_params)
+        params_serializer = ListScopesQuerySerializer(data=self.request.query_params)
         params_serializer.is_valid(raise_exception=True)
-        scope_type = params_serializer.validated_data["type"]
+        scope_type = params_serializer.validated_data["scope_type"]
         search = params_serializer.validated_data["search"]
+        org = params_serializer.validated_data.get("org", "")
 
         # Staff and superusers can see all scopes, skip permission filtering.
         if user.is_staff or user.is_superuser:
             return self._build_queryset(
-                courses_qs=self._get_courses_queryset(search=search) if scope_type != "library" else None,
-                libraries_qs=self._get_libraries_queryset(search=search) if scope_type != "course" else None,
+                courses_qs=(self._get_courses_queryset(search=search, org=org) if scope_type != "library" else None),
+                libraries_qs=(self._get_libraries_queryset(search=search, org=org) if scope_type != "course" else None),
             )
 
         management_only = params_serializer.validated_data["management_permission_only"]
@@ -778,7 +796,12 @@ def get_permission(scope_cls):
                 s.external_key for s in allowed_course_scopes if not isinstance(s, OrgCourseOverviewGlobData)
             }
             allowed_course_orgs = {s.org for s in allowed_course_scopes if isinstance(s, OrgCourseOverviewGlobData)}
-            courses_qs = self._get_courses_queryset(allowed_course_ids, allowed_course_orgs, search=search)
+            courses_qs = self._get_courses_queryset(
+                allowed_course_ids,
+                allowed_course_orgs,
+                search=search,
+                org=org,
+            )
 
         libraries_qs = None
         if scope_type != "course":
@@ -792,7 +815,12 @@ def get_permission(scope_cls):
                 if not isinstance(s, OrgContentLibraryGlobData)
             }
             allowed_library_orgs = {s.org for s in allowed_library_scopes if isinstance(s, OrgContentLibraryGlobData)}
-            libraries_qs = self._get_libraries_queryset(allowed_library_pairs, allowed_library_orgs, search=search)
+            libraries_qs = self._get_libraries_queryset(
+                allowed_library_pairs,
+                allowed_library_orgs,
+                search=search,
+                org=org,
+            )
 
         # Union the requested querysets and sort by org at the DB level.
         return self._build_queryset(courses_qs, libraries_qs)
diff --git a/openedx_authz/tests/rest_api/test_views.py b/openedx_authz/tests/rest_api/test_views.py

Original file line number	Diff line number	Diff line change
`@@ -18,5 +18,5 @@`
`18`	`18`	`path(`
`19`	`19`	`"users/<str:username>/assignments/", views.TeamMemberAssignmentsAPIView.as_view(), name="user-assignment-list"`
`20`	`20`	`),`
`21`		`- path("scopes/", views.AdminConsoleScopesAPIView.as_view(), name="scope-list"),`
	`21`	`+ path("scopes/", views.ScopesAPIView.as_view(), name="scope-list"),`
`22`	`22`	`]`