From 322cbfc3407df165f17071f471590bc1faec4ea5 Mon Sep 17 00:00:00 2001 From: Maria Fernanda Magallanes Zubillaga Date: Mon, 13 Oct 2025 20:13:16 -0500 Subject: [PATCH 1/3] docs: add the default roles and permissions documentation --- .../content_library_roles.rst | 112 ++++++++++++++++++ .../core_roles_and_permissions/index.rst | 7 ++ docs/concepts/index.rst | 5 + 3 files changed, 124 insertions(+) create mode 100644 docs/concepts/core_roles_and_permissions/content_library_roles.rst create mode 100644 docs/concepts/core_roles_and_permissions/index.rst diff --git a/docs/concepts/core_roles_and_permissions/content_library_roles.rst b/docs/concepts/core_roles_and_permissions/content_library_roles.rst new file mode 100644 index 00000000..b8c77b78 --- /dev/null +++ b/docs/concepts/core_roles_and_permissions/content_library_roles.rst @@ -0,0 +1,112 @@ +Core Roles and Permissions: Content Library +############################################# + +This document outlines the built-in roles and permissions associated with the Content Library feature in the Open edX platform. + +Index +----- + +- `Core Roles and Permissions: Content Library`_ +- `Permissions`_ + - `Library Permissions`_ + - `Library Content Permissions`_ + - `Library Team Permissions`_ + - `Library Collections Permissions`_ + - `Permissions Inheritance`_ +- `Roles`_ +- `Roles and Permissions Summary Table`_ + +Permissions +----------- + +The following permissions are associated with the content library roles: + +Library Permissions +======================= + +- **View the library** (``view_library``): Allows users to view the content library. +- **Manage library tags** (``manage_library_tags``): Allows users to manage the tags associated with library items. +- **Delete the library** (``delete_library``): Allows users to delete the entire content library. + + +Library Content Permissions +=============================== + +- **Edit library content** (``edit_library_content``): Allows users to edit existing content within the library. +- **Publish library content** (``publish_library_content``): Allows users to publish content to or from the library. +- **Reuse library content** (``reuse_library_content``): Allows users to reuse content from the library in other contexts. + + +Library Team Permissions +============================= + +- **View the library team** (``view_library_team``): Allows users to view the list of users or roles associated with the library. +- **Manage the library team** (``manage_library_team``): Allows users to add, remove, or change the roles of users in the library team. + + +Library Collections Permissions +=================================== + +- **Create library collections** (``create_library_collection``): Allows users to create new collections within the library. +- **Edit library collections** (``edit_library_collection``): Allows users to modify existing collections within the library. +- **Delete library collections** (``delete_library_collection``): Allows users to delete collections within the library. + +Permissions Inheritance +======================== + +* **Managing library tags** (``manage_library_tags``) implies **editing library content** (``edit_library_content``). +* **Deleting the library** (``delete_library``) implies **editing library content** (``edit_library_content``). +* **Publishing library content** (``publish_library_content``) implies **editing library content** (``edit_library_content``). +* **Editing library content** (``edit_library_content``) implies **viewing the library** (``view_library``). +* **Reusing library content** (``reuse_library_content``) implies **viewing the library** (``view_library``). +* **Publishing library content** (``publish_library_content``) implies **viewing the library** (``view_library``). +* **Managing the library team** (``manage_library_team``) implies **viewing the library team** (``view_library_team``). +* **Deleting a library collection** (``delete_library_collection``) implies **editing a library collection** (``edit_library_collection``). +* **Creating a library collection** (``create_library_collection``) implies **editing a library collection** (``edit_library_collection``). +* **Editing a library collection** (``edit_library_collection``) implies **viewing the library** (``view_library``). + +Roles +----- + +- The **Library Admin** has full control over the library, including managing users, modifying content, and handling publishing workflows. They ensure content is properly maintained and accessible as needed. + +- The **Library Author** is responsible for creating, editing, and publishing content within a library. They can manage tags and collections but cannot delete libraries or manage users. + +- The **Library Collaborator** can create and edit content within a library but cannot publish it. They support the authoring process while leaving final publishing to Authors or Admins. + +- The **Library User** can view and reuse content but cannot edit or delete anything. + +Roles and Permissions Summary Table +------------------------------------ + +.. table:: Matrix of Content Library Roles and Permissions + :widths: auto + + ============================= ================= ================ ====================== ============== + Permissions Library Admin Library Author Library Collaborator Library User + ============================= ================= ================ ====================== ============== + **Library** + view_library ✅ ✅ ✅ ✅ + manage_library_tags ✅ ✅ ✅ ❌ + delete_library ✅ ❌ ❌ ❌ + **Content** + edit_library_content ✅ ✅ ✅ ❌ + publish_library_content ✅ ✅ ❌ ❌ + reuse_library_content ✅ ✅ ✅ ✅ + **Team** + view_library_team ✅ ✅ ✅ ✅ + manage_library_team ✅ ❌ ❌ ❌ + **Collections** + create_library_collection ✅ ✅ ✅ ❌ + edit_library_collection ✅ ✅ ✅ ❌ + delete_library_collection ✅ ✅ ✅ ❌ + ============================= ================= ================ ====================== ============== + + +**Maintenance chart** + ++--------------+-------------------------------+----------------+--------------------------------+ +| Review Date | Working Group Reviewer | Release | Test situation | ++--------------+-------------------------------+----------------+--------------------------------+ +| 2025-10-13 | RBAC Project | Ulmo | TO DO | ++--------------+-------------------------------+----------------+--------------------------------+ diff --git a/docs/concepts/core_roles_and_permissions/index.rst b/docs/concepts/core_roles_and_permissions/index.rst new file mode 100644 index 00000000..612c4a91 --- /dev/null +++ b/docs/concepts/core_roles_and_permissions/index.rst @@ -0,0 +1,7 @@ +Core Roles and Permissions +############################ + +.. toctree:: + :maxdepth: 1 + + content_library_roles diff --git a/docs/concepts/index.rst b/docs/concepts/index.rst index 8a2b4bde..18595b81 100644 --- a/docs/concepts/index.rst +++ b/docs/concepts/index.rst @@ -1,2 +1,7 @@ Concepts ######## + +.. toctree:: + :maxdepth: 2 + + core_roles_and_permissions/index From 7a4a4c1c647161bcac2e764bb9770591220460b6 Mon Sep 17 00:00:00 2001 From: Maria Fernanda Magallanes Zubillaga Date: Mon, 20 Oct 2025 09:49:43 -0500 Subject: [PATCH 2/3] fix: apply feedback --- .../content_library_roles.rst | 37 +++++++++---------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/docs/concepts/core_roles_and_permissions/content_library_roles.rst b/docs/concepts/core_roles_and_permissions/content_library_roles.rst index b8c77b78..671199be 100644 --- a/docs/concepts/core_roles_and_permissions/content_library_roles.rst +++ b/docs/concepts/core_roles_and_permissions/content_library_roles.rst @@ -3,19 +3,28 @@ Core Roles and Permissions: Content Library This document outlines the built-in roles and permissions associated with the Content Library feature in the Open edX platform. -Index ------ - -- `Core Roles and Permissions: Content Library`_ +- `Roles`_ - `Permissions`_ - `Library Permissions`_ - `Library Content Permissions`_ - `Library Team Permissions`_ - `Library Collections Permissions`_ - `Permissions Inheritance`_ -- `Roles`_ - `Roles and Permissions Summary Table`_ +Roles +----- + +A **role** is a set of permissions that defines what actions a user can perform. When you **grant a role to a user**, you assign it within a specific scope, which determines where those permissions apply. Here is the list of default roles for Libraries. + +- The **Library Admin** has full control over the library, including managing users, modifying content, and handling publishing workflows. They ensure content is properly maintained and accessible as needed. + +- The **Library Author** is responsible for creating, editing, and publishing content within a library. They can manage tags and collections but cannot delete libraries or manage users. + +- The **Library Contributor** can create and edit content within a library but cannot publish it. They support the authoring process while leaving final publishing to Authors or Admins. + +- The **Library User** can view and reuse content but cannot edit or delete anything. + Permissions ----------- @@ -65,16 +74,6 @@ Permissions Inheritance * **Creating a library collection** (``create_library_collection``) implies **editing a library collection** (``edit_library_collection``). * **Editing a library collection** (``edit_library_collection``) implies **viewing the library** (``view_library``). -Roles ------ - -- The **Library Admin** has full control over the library, including managing users, modifying content, and handling publishing workflows. They ensure content is properly maintained and accessible as needed. - -- The **Library Author** is responsible for creating, editing, and publishing content within a library. They can manage tags and collections but cannot delete libraries or manage users. - -- The **Library Collaborator** can create and edit content within a library but cannot publish it. They support the authoring process while leaving final publishing to Authors or Admins. - -- The **Library User** can view and reuse content but cannot edit or delete anything. Roles and Permissions Summary Table ------------------------------------ @@ -82,9 +81,9 @@ Roles and Permissions Summary Table .. table:: Matrix of Content Library Roles and Permissions :widths: auto - ============================= ================= ================ ====================== ============== - Permissions Library Admin Library Author Library Collaborator Library User - ============================= ================= ================ ====================== ============== + ============================= ================= ================ ===================== ============== + Permissions Library Admin Library Author Library Contributor Library User + ============================= ================= ================ ===================== ============== **Library** view_library ✅ ✅ ✅ ✅ manage_library_tags ✅ ✅ ✅ ❌ @@ -100,7 +99,7 @@ Roles and Permissions Summary Table create_library_collection ✅ ✅ ✅ ❌ edit_library_collection ✅ ✅ ✅ ❌ delete_library_collection ✅ ✅ ✅ ❌ - ============================= ================= ================ ====================== ============== + ============================= ================= ================ ===================== ============== **Maintenance chart** From a932d7ba267f2bbd5707f34d366429b5e84cd9f4 Mon Sep 17 00:00:00 2001 From: Maria Fernanda Magallanes Zubillaga Date: Mon, 20 Oct 2025 12:39:07 -0500 Subject: [PATCH 3/3] fix: improve the contents section --- .../content_library_roles.rst | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/docs/concepts/core_roles_and_permissions/content_library_roles.rst b/docs/concepts/core_roles_and_permissions/content_library_roles.rst index 671199be..0e294be1 100644 --- a/docs/concepts/core_roles_and_permissions/content_library_roles.rst +++ b/docs/concepts/core_roles_and_permissions/content_library_roles.rst @@ -3,14 +3,9 @@ Core Roles and Permissions: Content Library This document outlines the built-in roles and permissions associated with the Content Library feature in the Open edX platform. -- `Roles`_ -- `Permissions`_ - - `Library Permissions`_ - - `Library Content Permissions`_ - - `Library Team Permissions`_ - - `Library Collections Permissions`_ - - `Permissions Inheritance`_ -- `Roles and Permissions Summary Table`_ +.. contents:: + :depth: 2 + :local: Roles -----