Skip to content

[FC-0099] refactor: get permissions' scopes instead of role #123

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mariajgrimaldi merged 6 commits into from
Oct 29, 2025
Merged

[FC-0099] refactor: get permissions' scopes instead of role #123

mariajgrimaldi merged 6 commits into from
Oct 29, 2025

Conversation

@mariajgrimaldi
Copy link
Member

@mariajgrimaldi mariajgrimaldi commented Oct 28, 2025
edited
Loading

Description

openedx/openedx-platform#37564

Merge checklist:
Check off if complete or not applicable:

  • Version bumped
  • Changelog record added
  • Documentation updated (not only docstrings)
  • Fixup commits are squashed away
  • Unit tests added/updated
  • Manual testing instructions provided
  • Noted any: Concerns, dependencies, migration issues, deadlines, tickets

@openedx-webhooks openedx-webhooks added open-source-contribution PR author is not from Axim or 2U core contributor PR author is a Core Contributor (who may or may not have write access to this repo). labels Oct 28, 2025
@openedx-webhooks
Copy link

openedx-webhooks commented Oct 28, 2025

Thanks for the pull request, @mariajgrimaldi!

This repository is currently maintained by @openedx/committers-openedx-authz.

Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review.

🔘 Get product approval

If you haven't already, check this list to see if your contribution needs to go through the product review process.

  • If it does, you'll need to submit a product proposal for your contribution, and have it reviewed by the Product Working Group.
    • This process (including the steps you'll need to take) is documented here.
  • If it doesn't, simply proceed with the next step.
🔘 Provide context

To help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:

  • Dependencies

    This PR must be merged before / after / at the same time as ...

  • Blockers

    This PR is waiting for OEP-1234 to be accepted.

  • Timeline information

    This PR must be merged by XX date because ...

  • Partner information

    This is for a course on edx.org.

  • Supporting documentation
  • Relevant Open edX discussion forum threads
🔘 Get a green build

If one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green.

Details
Where can I find more information?

If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:

When can I expect my changes to be merged?

Our goal is to get community contributions seen and reviewed as efficiently as possible.

However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:

  • The size and impact of the changes that it introduces
  • The need for product review
  • Maintenance status of the parent repository

💡 As a result it may take up to several weeks or months to complete a review and merge your PR.

@github-project-automation github-project-automation bot moved this to Needs Triage in Contributions Oct 28, 2025
@mariajgrimaldi mariajgrimaldi moved this to In Progress in RBAC AuthZ Board Oct 28, 2025
@mariajgrimaldi mariajgrimaldi changed the title refactor: get permissions' scopes instead of role [FC-0099] refactor: get permissions' scopes instead of role Oct 28, 2025
bmtcril
bmtcril reviewed Oct 28, 2025
View reviewed changes
openedx_authz/api/data.py Outdated
>>> perm1 in [perm2] # Uses __eq__
True
"""
if not isinstance(other, PermissionData):
Copy link
Contributor

@bmtcril bmtcril Oct 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should raise an exception, can you think of a reason someone might legitimately pass in another type of object here?

Copy link
Member Author

@mariajgrimaldi mariajgrimaldi Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it's enough with the typing.

openedx_authz/api/data.py Outdated
Example:
>>> perm1 = PermissionData(action=ActionData(external_key='view'), effect='allow')
>>> perm2 = PermissionData(action=ActionData(external_key='view'), effect='deny')
>>> perm1 == perm2 # True - same action TODO: should we also consider the effect?
Copy link
Contributor

@bmtcril bmtcril Oct 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I may be missing something in the use case, but I think we should consider the effect. If the permissions have opposite effects I don't think we can say they're equal.

Copy link
Member Author

@mariajgrimaldi mariajgrimaldi Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right. If I'm getting the "view_library" scopes, I'm (at least implicitly) getting granted permissions, but not explicitly revoked. I'll also consider the effect here, I'll also add a note to the method with this specific case :)

@mariajgrimaldi mariajgrimaldi force-pushed the MJG/get-filtered-libs-authz branch from 834dbbe to 4302871 Compare October 29, 2025 12:34
bmtcril
bmtcril approved these changes Oct 29, 2025
View reviewed changes
Copy link
Contributor

@bmtcril bmtcril left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@mariajgrimaldi mariajgrimaldi moved this from In Progress to Ready for Development in RBAC AuthZ Board Oct 29, 2025
@mariajgrimaldi mariajgrimaldi moved this from Ready for Development to Ready for review in RBAC AuthZ Board Oct 29, 2025
@mariajgrimaldi mariajgrimaldi added the FC Relates to an Axim Funded Contribution project label Oct 29, 2025
rodmgwgu
rodmgwgu approved these changes Oct 29, 2025
View reviewed changes
Copy link
Contributor

@rodmgwgu rodmgwgu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks

@mariajgrimaldi mariajgrimaldi force-pushed the MJG/get-filtered-libs-authz branch from aa5374b to f9f2b64 Compare October 29, 2025 17:42
@mariajgrimaldi mariajgrimaldi merged commit 90598e7 into main Oct 29, 2025
13 of 14 checks passed
@mariajgrimaldi mariajgrimaldi deleted the MJG/get-filtered-libs-authz branch October 29, 2025 17:44
@github-project-automation github-project-automation bot moved this from Needs Triage to Done in Contributions Oct 29, 2025
@github-project-automation github-project-automation bot moved this from Ready for review to Done in RBAC AuthZ Board Oct 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bmtcril bmtcril bmtcril approved these changes

@rodmgwgu rodmgwgu rodmgwgu approved these changes

@BryanttV BryanttV Awaiting requested review from BryanttV

Assignees

No one assigned

Labels

core contributor PR author is a Core Contributor (who may or may not have write access to this repo). FC Relates to an Axim Funded Contribution project open-source-contribution PR author is not from Axim or 2U

Projects

Contributions
Status: Done
RBAC AuthZ Board
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mariajgrimaldi @openedx-webhooks @bmtcril @rodmgwgu