Skip to content

[FC-0099] fix: add constants and improve test class #125

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mariajgrimaldi merged 4 commits into from
Oct 29, 2025
Merged

[FC-0099] fix: add constants and improve test class #125

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b843695
fix: add constants and improve test class
MaferMazu Oct 28, 2025
7a44fa1
refactor: use the new constants
MaferMazu Oct 28, 2025
1371d5e
docs: bumpversion
MaferMazu Oct 28, 2025
5396570
fix: apply feedback
MaferMazu Oct 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions CHANGELOG.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,14 @@ Unreleased

*

0.10.1 - 2025-10-28
********************

Fixed
=====

* Fix constants and test class to be able to use it outside this app.

0.10.0 - 2025-10-28
*******************

Expand Down
2 changes: 1 addition & 1 deletion openedx_authz/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@

import os

__version__ = "0.10.0"
__version__ = "0.10.1"

ROOT_DIRECTORY = os.path.dirname(os.path.abspath(__file__))
Empty file added openedx_authz/constants/__init__.py
View file
Open in desktop
Empty file.
51 changes: 51 additions & 0 deletions openedx_authz/constants/permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
"""
Default permission constants.
"""
from openedx_authz.api.data import ActionData, PermissionData

# Content Library Permissions
VIEW_LIBRARY = PermissionData(
action=ActionData(external_key="view_library"),
effect="allow",
)
MANAGE_LIBRARY_TAGS = PermissionData(
action=ActionData(external_key="manage_library_tags"),
effect="allow",
)
DELETE_LIBRARY = PermissionData(
action=ActionData(external_key="delete_library"),
effect="allow",
)
EDIT_LIBRARY_CONTENT = PermissionData(
action=ActionData(external_key="edit_library_content"),
effect="allow",
)
PUBLISH_LIBRARY_CONTENT = PermissionData(
action=ActionData(external_key="publish_library_content"),
effect="allow",
)
REUSE_LIBRARY_CONTENT = PermissionData(
action=ActionData(external_key="reuse_library_content"),
effect="allow",
)
VIEW_LIBRARY_TEAM = PermissionData(
action=ActionData(external_key="view_library_team"),
effect="allow",
)
MANAGE_LIBRARY_TEAM = PermissionData(
action=ActionData(external_key="manage_library_team"),
effect="allow",
)

CREATE_LIBRARY_COLLECTION = PermissionData(
action=ActionData(external_key="create_library_collection"),
effect="allow",
)
EDIT_LIBRARY_COLLECTION = PermissionData(
action=ActionData(external_key="edit_library_collection"),
effect="allow",
)
DELETE_LIBRARY_COLLECTION = PermissionData(
action=ActionData(external_key="delete_library_collection"),
effect="allow",
)
58 changes: 58 additions & 0 deletions openedx_authz/constants/roles.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
"""
Default roles and their associated permissions.
"""

from openedx_authz.api.data import RoleData
from openedx_authz.constants import permissions

# Library Roles and Permissions

# Define the associated permissions for each role

LIBRARY_ADMIN_PERMISSIONS = [
permissions.VIEW_LIBRARY,
permissions.MANAGE_LIBRARY_TAGS,
permissions.DELETE_LIBRARY,
permissions.EDIT_LIBRARY_CONTENT,
permissions.PUBLISH_LIBRARY_CONTENT,
permissions.REUSE_LIBRARY_CONTENT,
permissions.VIEW_LIBRARY_TEAM,
permissions.MANAGE_LIBRARY_TEAM,
permissions.CREATE_LIBRARY_COLLECTION,
permissions.EDIT_LIBRARY_COLLECTION,
permissions.DELETE_LIBRARY_COLLECTION,
]

LIBRARY_AUTHOR_PERMISSIONS = [
permissions.VIEW_LIBRARY,
permissions.MANAGE_LIBRARY_TAGS,
permissions.EDIT_LIBRARY_CONTENT,
permissions.PUBLISH_LIBRARY_CONTENT,
permissions.REUSE_LIBRARY_CONTENT,
permissions.VIEW_LIBRARY_TEAM,
permissions.CREATE_LIBRARY_COLLECTION,
permissions.EDIT_LIBRARY_COLLECTION,
permissions.DELETE_LIBRARY_COLLECTION,
]

LIBRARY_CONTRIBUTOR_PERMISSIONS = [
permissions.VIEW_LIBRARY,
permissions.MANAGE_LIBRARY_TAGS,
permissions.EDIT_LIBRARY_CONTENT,
permissions.REUSE_LIBRARY_CONTENT,
permissions.VIEW_LIBRARY_TEAM,
permissions.CREATE_LIBRARY_COLLECTION,
permissions.EDIT_LIBRARY_COLLECTION,
permissions.DELETE_LIBRARY_COLLECTION,
]

LIBRARY_USER_PERMISSIONS = [
permissions.VIEW_LIBRARY,
permissions.REUSE_LIBRARY_CONTENT,
permissions.VIEW_LIBRARY_TEAM,
]

LIBRARY_ADMIN = RoleData(external_key="library_admin", permissions=LIBRARY_ADMIN_PERMISSIONS)
LIBRARY_AUTHOR = RoleData(external_key="library_author", permissions=LIBRARY_AUTHOR_PERMISSIONS)
LIBRARY_CONTRIBUTOR = RoleData(external_key="library_contributor", permissions=LIBRARY_CONTRIBUTOR_PERMISSIONS)
LIBRARY_USER = RoleData(external_key="library_user", permissions=LIBRARY_USER_PERMISSIONS)
9 changes: 5 additions & 4 deletions openedx_authz/rest_api/v1/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
from rest_framework.views import APIView

from openedx_authz import api
from openedx_authz.constants import permissions
from openedx_authz.rest_api.data import RoleOperationError, RoleOperationStatus
from openedx_authz.rest_api.decorators import authz_permissions, view_auth_classes
from openedx_authz.rest_api.utils import (
Expand Down Expand Up @@ -250,7 +251,7 @@ class RoleUserAPIView(APIView):
status.HTTP_401_UNAUTHORIZED: "The user is not authenticated or does not have the required permissions",
},
)
@authz_permissions(["view_library_team"])
@authz_permissions([permissions.VIEW_LIBRARY.identifier])
def get(self, request: HttpRequest) -> Response:
"""Retrieve all users with role assignments within a specific scope."""
serializer = ListUsersInRoleWithScopeSerializer(data=request.query_params)
Expand All @@ -277,7 +278,7 @@ def get(self, request: HttpRequest) -> Response:
status.HTTP_401_UNAUTHORIZED: "The user is not authenticated or does not have the required permissions",
},
)
@authz_permissions(["manage_library_team"])
@authz_permissions([permissions.MANAGE_LIBRARY_TEAM.identifier])
def put(self, request: HttpRequest) -> Response:
"""Assign multiple users to a specific role within a scope."""
serializer = AddUsersToRoleWithScopeSerializer(data=request.data)
Expand Down Expand Up @@ -324,7 +325,7 @@ def put(self, request: HttpRequest) -> Response:
status.HTTP_401_UNAUTHORIZED: "The user is not authenticated or does not have the required permissions",
},
)
@authz_permissions(["manage_library_team"])
@authz_permissions([permissions.MANAGE_LIBRARY_TEAM.identifier])
def delete(self, request: HttpRequest) -> Response:
"""Remove multiple users from a specific role within a scope."""
serializer = RemoveUsersFromRoleWithScopeSerializer(data=request.query_params)
Expand Down Expand Up @@ -427,7 +428,7 @@ class RoleListView(APIView):
status.HTTP_401_UNAUTHORIZED: "The user is not authenticated or does not have the required permissions",
},
)
@authz_permissions(["view_library_team"])
@authz_permissions([permissions.VIEW_LIBRARY.identifier])
def get(self, request: HttpRequest) -> Response:
"""Retrieve all roles and their permissions for a specific scope."""
serializer = ListRolesWithScopeSerializer(data=request.query_params)
Expand Down
11 changes: 6 additions & 5 deletions openedx_authz/tests/api/test_data.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
SubjectData,
UserData,
)
from openedx_authz.constants import permissions, roles


@ddt
Expand Down Expand Up @@ -372,7 +373,7 @@ def test_user_data_str_and_repr(self, external_key, expected_str, expected_repr)
@data(
("read", "Read", "act^read"),
("write", "Write", "act^write"),
("delete_library", "Delete Library", "act^delete_library"),
(permissions.DELETE_LIBRARY.identifier, "Delete Library", "act^delete_library"),
("edit_content", "Edit Content", "act^edit_content"),
)
@unpack
Expand Down Expand Up @@ -413,7 +414,7 @@ def test_scope_data_str_and_repr(self, external_key, expected_str, expected_repr

@data(
("instructor", "Instructor", "role^instructor"),
("library_admin", "Library Admin", "role^library_admin"),
(roles.LIBRARY_ADMIN.external_key, "Library Admin", "role^library_admin"),
("course_staff", "Course Staff", "role^course_staff"),
)
@unpack
Expand Down Expand Up @@ -454,7 +455,7 @@ def test_role_data_str_with_permissions(self):
("read", "allow", "Read - allow", "act^read => allow"),
("write", "deny", "Write - deny", "act^write => deny"),
(
"delete_library",
permissions.DELETE_LIBRARY.identifier,
"allow",
"Delete Library - allow",
"act^delete_library => allow",
Expand Down Expand Up @@ -485,7 +486,7 @@ def test_role_assignment_data_str(self):
"""
user = UserData(external_key="john_doe")
role1 = RoleData(external_key="instructor")
role2 = RoleData(external_key="library_admin")
role2 = RoleData(external_key=roles.LIBRARY_ADMIN.external_key)
scope = ContentLibraryData(external_key="lib:DemoX:CSPROB")
assignment = RoleAssignmentData(subject=user, roles=[role1, role2], scope=scope)

Expand All @@ -502,7 +503,7 @@ def test_role_assignment_data_repr(self):
"""
user = UserData(external_key="john_doe")
role1 = RoleData(external_key="instructor")
role2 = RoleData(external_key="library_admin")
role2 = RoleData(external_key=roles.LIBRARY_ADMIN.external_key)
scope = ContentLibraryData(external_key="lib:DemoX:CSPROB")
assignment = RoleAssignmentData(subject=user, roles=[role1, role2], scope=scope)

Expand Down
Loading