feat: Implement courses roles and permissions mappings#217
feat: Implement courses roles and permissions mappings#217rodmgwgu wants to merge 3 commits intoopenedx:mainfrom
Conversation
…acy compat permissions
openedx-webhooks
added
open-source-contribution
|
Thanks for the pull request, @rodmgwgu! This repository is currently maintained by Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review. 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. DetailsWhere can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources: When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
mphilbrick211
added
the
mao-onboarding
wgu-taylor-payne
left a comment
wgu-taylor-payne
left a comment
There was a problem hiding this comment.
This looks good. Just one comment regarding the version number.
openedx_authz/__init__.py
Outdated
There was a problem hiding this comment.
I think this would be a minor bump to 0.22.0 since it is adding functionality rather than bug fixes.
dwong2708
left a comment
dwong2708
left a comment
There was a problem hiding this comment.
LGTM, just one suggestion in the legacy roles mapping.
| COURSE_BETA_TESTER = RoleData(external_key="course_beta_tester", permissions=COURSE_BETA_TESTER_PERMISSIONS) | ||
|
|
||
| # Map of legacy course role names to their equivalent new roles | ||
| LEGACY_COURSE_ROLE_EQUIVALENCES = { |
There was a problem hiding this comment.
Is it possible to reverse the mapping order?
For example:
{
COURSE_ADMIN.external_key: "instructor",
...
}
Reason: while working on the migration, during rollback (authz → legacy), I only have access to new_role.key, so I need a way to map it back to the corresponding legacy role.
There was a problem hiding this comment.
This is how I'm doing it in openedx-platform: https://github.com/WGU-Open-edX/openedx-platform/blob/5dc65a27a4cfc9f8045ab71fca19965f7127f488/common/djangoapps/student/roles.py#L39
I also need it both ways there, I did it that way to avoid having to maintain two maps, what do you think?
There was a problem hiding this comment.
Sounds good, just one consideration.
If we have a mapping like:
{
"instructor": "admin",
"staff": "admin",
}
get_legacy_role_from_authz_role would just pick the first match. Not sure if this case is expected, but maybe we should add a comment here or in the function to clarify the behavior.
There was a problem hiding this comment.
mmm where do you see that? instructor is "admin" but staff should be "staff" as documented here: https://github.com/rodmgwgu/openedx-authz/blob/385e76d4e95381bb6533df5272ecff6593e09156/docs/decisions/0011-course-authoring-migration-process.rst (Role Mapping table)
| effect="allow", | ||
| ) | ||
|
|
||
| VIEW_SCHEDULE_AND_DETAILS = PermissionData( |
There was a problem hiding this comment.
Quick question: should detail be a separate permission?
Not sure if it belongs in the same section, but the docs say view_details is used for viewing course details.
There was a problem hiding this comment.
This was a discussion I had with Guillermo, the Schedule and Details view is a single view, separating the permissions would require extra changes in frontend that are not really needed, so a single permission was proposed, the docs may not be updated
| effect="allow", | ||
| ) | ||
|
|
||
| EDIT_DETAILS = PermissionData( |
There was a problem hiding this comment.
Something else came to mind. I think that some of these constant names could be more descriptive. Since we have library related permissions, course permissions, and in the future other permissions in this file, it would be good to rename some of these like EDIT_DETAILS, VIEW_FILES, etc. to show somehow that they are course related. Another option would be to scope the various permission namespaces to their own modules (e.g. course_permissions.py, library_permissions.py).
5 participants
Implemented courses roles and permissions mappings, including legacy compatible permissions and role equivalences.
Permissions implemented as specified here: https://openedx.atlassian.net/wiki/spaces/OEPM/pages/5528715266/openedx-authz+permission+list
Roles implemented as specified here: https://openedx.atlassian.net/wiki/spaces/OEPM/pages/5638619138/Authoring+Roles+and+Permissions
Equivalent legacy roles implemented as specified here: https://github.com/rodmgwgu/openedx-authz/blob/385e76d4e95381bb6533df5272ecff6593e09156/docs/decisions/0011-course-authoring-migration-process.rst
Closes: #189
Required for: openedx/openedx-platform#38013
Merge checklist:
Check off if complete or not applicable: