feat: Implement all assignments endpoint#262
Conversation
openedx-webhooks
added
open-source-contribution
|
Thanks for the pull request, @rodmgwgu! This repository is currently maintained by Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review. 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. DetailsWhere can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources: When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
rodmgwgu
force-pushed
the
rod/all-assignments-endpoint
branch
from
fe0a514 to
7082562
Compare
feat: Implement all assignments endpoint
…s endpoints, align docs
rodmgwgu
force-pushed
the
rod/all-assignments-endpoint
branch
from
7082562 to
bf4d93d
Compare
There was a problem hiding this comment.
Pull request overview
Implements the new /api/authz/v1/assignments/ endpoint to list all visible user role assignments (including per-superadmin “global access” rows) for use by the Admin Console, and updates existing team-member endpoints to consistently enforce “view team” permissions.
Changes:
- Added
AssignmentsAPIView(+ routing, filtering, serialization) to list unpacked(user, assignment)rows with search/sort/pagination. - Extended visibility/filtering support to include role-based filtering in the API layer.
- Tightened access control on “team members” and “team member assignments” endpoints to return
403when the caller has no relevant view permissions (updated tests accordingly).
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| openedx_authz/tests/rest_api/test_views.py | Updates existing permissions expectations (200→403) and adds extensive test coverage for the new assignments endpoint (filters/search/sort/pagination/scope visibility). |
| openedx_authz/rest_api/v1/views.py | Adds AssignmentsAPIView; applies AnyScopePermission + @authz_permissions to team-member endpoints; updates OpenAPI schema responses. |
| openedx_authz/rest_api/v1/urls.py | Registers the new assignments/ route. |
| openedx_authz/rest_api/v1/serializers.py | Adds serializers for assignment listing query params and assignment rows that include user fields. |
| openedx_authz/rest_api/v1/filters.py | Adds search/ordering filter backends for the new assignments endpoint. |
| openedx_authz/rest_api/utils.py | Refactors common sorting logic and adds sorting for user-assignment rows. |
| openedx_authz/rest_api/data.py | Introduces UserAssignmentSortField for supported sort keys. |
| openedx_authz/api/utils.py | Adds filtering support for role external keys in grouped user assignments. |
| openedx_authz/api/users.py | Extends get_visible_role_assignments_for_user to accept role filters. |
| openedx_authz/api/data.py | Adds UserAssignmentData wrapper and ROLES to UserAssignmentsFilter. |
| openedx_authz/init.py | Version bump to 1.9.0. |
| CHANGELOG.rst | Documents the new endpoint and permission behavior changes. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
rodmgwgu
requested review from
bmtcril,
bra-i-am,
dwong2708,
jacobo-dominguez-wgu,
jesusbalderramawgu,
mariajgrimaldi and
wgu-taylor-payne
| # Retrieve superadmin assignments (django staff or superuser users), as they always have access to everything | ||
| user_role_assignments += get_superadmin_assignments() | ||
|
|
||
| users_with_assignments = api.get_visible_role_assignments_for_user( |
There was a problem hiding this comment.
Should we add the filter is_active=True here ?
There was a problem hiding this comment.
Good catch, implemented it in get_user_map which is used by that function, and added tests for this.
mariajgrimaldi
left a comment
mariajgrimaldi
left a comment
There was a problem hiding this comment.
Just a clarifying comment! Thanks
Description
Depends on: #248(Merged)Closes: #260
Implement the
/api/authz/v1/assignments/endpoint for listing all user role assignments, to be used in the admin console.Special case: superadmin users (Django staff or superuser) automatically have access to everything, we'll always get extra entries indicating the superadmin status for each superadmin in the system.
Deadline: Verawood
How to test
Using a local dev tutor installation, call the following endpoint with required credentials:
http://local.openedx.io:8000/api/authz/v1/assignments/The user you use to test this should have permission to at least view one course or library team.
You should see a response similar to this:
{ "count": 2, "next": null, "previous": null, "results": [ { "is_superadmin": false, "role": "course_staff", "org": "OpenedX", "scope": "course-v1:OpenedX+DemoX+DemoCourse", "permission_count": 27, "full_name": "", "username": "contributor", "email": "[email protected]" }, { "is_superadmin": true, "role": "django.superuser", "org": "*", "scope": "*", "permission_count": null, "full_name": "", "username": "admin", "email": "[email protected]" }, ] }You can also test with params, for example:
http://local.openedx.io:8000/api/authz/v1/assignments/?order=desc&sort_by=role&page=1&page_size=2&search=contOther information
Co-authored by Kiro using Claude Sonnet 4.6.
Merge checklist:
Check off if complete or not applicable: