Skip to content

[Backport FC-0099] feat: add openedx-authz and update libraries enforcement points #37633

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 20, 2025
Merged

[Backport FC-0099] feat: add openedx-authz and update libraries enforcement points #37633

merged 4 commits into from
Nov 20, 2025
+1,091 −43

Conversation

@MaferMazu
Copy link
Contributor

@MaferMazu MaferMazu commented Nov 13, 2025
edited
Loading

Description

Backport of #37564, #37501, #37652, and update requirements.

Other information

openedx/platform-roadmap#246 (comment)

@openedx-webhooks
Copy link

openedx-webhooks commented Nov 13, 2025
edited
Loading

Thanks for the pull request, @MaferMazu!

This repository is currently maintained by @openedx/wg-maintenance-edx-platform.

Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review.

🔘 Get product approval

If you haven't already, check this list to see if your contribution needs to go through the product review process.

  • If it does, you'll need to submit a product proposal for your contribution, and have it reviewed by the Product Working Group.
    • This process (including the steps you'll need to take) is documented here.
  • If it doesn't, simply proceed with the next step.
🔘 Provide context

To help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:

  • Dependencies

    This PR must be merged before / after / at the same time as ...

  • Blockers

    This PR is waiting for OEP-1234 to be accepted.

  • Timeline information

    This PR must be merged by XX date because ...

  • Partner information

    This is for a course on edx.org.

  • Supporting documentation
  • Relevant Open edX discussion forum threads
🔘 Get a green build

If one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green.

Where can I find more information?

If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:

When can I expect my changes to be merged?

Our goal is to get community contributions seen and reviewed as efficiently as possible.

However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:

  • The size and impact of the changes that it introduces
  • The need for product review
  • Maintenance status of the parent repository

💡 As a result it may take up to several weeks or months to complete a review and merge your PR.

@openedx-webhooks openedx-webhooks added the open-source-contribution PR author is not from Axim or 2U label Nov 13, 2025
@github-project-automation github-project-automation bot moved this to Needs Triage in Contributions Nov 13, 2025
@MaferMazu MaferMazu moved this to In Progress in RBAC AuthZ Board Nov 13, 2025
@MaferMazu MaferMazu changed the title [Backport] feat: add openedx-authz and update libraries enforcement points [Backport FC-0099] feat: add openedx-authz and update libraries enforcement points Nov 14, 2025
@MaferMazu
Copy link
Contributor Author

MaferMazu commented Nov 15, 2025

@bmtcril, this backport has the consistent Python dependencies workflow failing due to this addition in edx-lint openedx/edx-lint#504, but it is not directly related to the changes in this PR. Should we bypass this test when merging?

cc @farhaanbukhsh @mariajgrimaldi

@bmtcril
Copy link
Contributor

bmtcril commented Nov 17, 2025

Looks like you should upgrade-package package=<pypi_package_name> to make sure we get a valid dependency tree on the branch.

@mariajgrimaldi
Copy link
Member

mariajgrimaldi commented Nov 18, 2025
edited
Loading

Please ensure all of these PRs are included here: https://github.com/search?q=repo%3Aopenedx%2Fedx-platform+FC-0099++is%3Amerged&type=pullrequests. We're currently missing: #37532

@MaferMazu
Copy link
Contributor Author

MaferMazu commented Nov 18, 2025

@mariajgrimaldi that PR is already in release/ulmo 31b1e6e. But thanks, for a moment I thought I forgot.

@MaferMazu
Copy link
Contributor Author

MaferMazu commented Nov 18, 2025

Thanks @bmtcril, that fixes the consistency issue.

I'll backport the openedx-authz upgrade, but to maintain consistency, I'll run the package upgrade in this PR, and that will add Django<6.0 to requirements/common_constraints.txt as it happened in this e8f70b4; that addition is due to this change openedx/edx-lint#504

cc @farhaanbukhsh

@MaferMazu
Copy link
Contributor Author

MaferMazu commented Nov 18, 2025

To backport in this PR: #37652

@MaferMazu MaferMazu marked this pull request as ready for review November 19, 2025 19:53
@MaferMazu
Copy link
Contributor Author

MaferMazu commented Nov 19, 2025

This is ready for review @bmtcril @farhaanbukhsh @mariajgrimaldi 🙌

@mphilbrick211 mphilbrick211 added the FC Relates to an Axim Funded Contribution project label Nov 19, 2025
@mphilbrick211 mphilbrick211 moved this from Needs Triage to Ready for Review in Contributions Nov 19, 2025
@MaferMazu MaferMazu moved this from In Progress to Ready for review in RBAC AuthZ Board Nov 19, 2025
@MaferMazu MaferMazu self-assigned this Nov 19, 2025
mariajgrimaldi and others added 4 commits November 19, 2025 17:39
@mariajgrimaldi @MaferMazu
feat: filter libraries based on user-role scopes (openedx#37564)
43a7654 
(cherry picked from commit 6c6fc5d)
@MaferMazu
feat: add openedx-authz to user_can_create_library and require_permis…
c165126 
…sion_for_library_key (openedx#37501)

* feat: add the authz check to the library api function

feat: add the authz publish check in rest_api blocks and containers

feat: add the authz checks in libraries and refactor

feat: add collections checks

feat: update enforcement in serializer file

refactor: refactor the permission check functions

fix: fix value error

fix: calling the queries twice

* test: add structure for test and apply feedback

refactor: refactor the tests and apply feedback

fix: apply feedback

Revert "refactor: refactor the tests and apply feedback"

This reverts commit aa0bd52.

refactor: use constants and avoid mapping

test: fix the test to have them in order

docs: about we rely on bridgekeeper and the old check for two cases

docs: update openedx/core/djangoapps/content_libraries/api/libraries.py

Co-authored-by: Maria Grimaldi (Majo) <[email protected]>

refactor: use global scope wildcard instead of *

refactor: allow receiving PermissionData objects

refactor: do not inherit from BaseRolesTestCase to favor CL setup methods

If both BaseRolesTestCase and ContentLibrariesRestApiTest define a method
with the same name (e.g., setUp()), Python will use the one found first
in the MRO, which is the one in BaseRolesTestCase because it is
listed first in the class definition leading to unexpected behavior.

refactor: remove unnecessary imports and indent

* chore: bump openedx-authz version

(cherry picked from commit f4f14a6)
@github-actions @MaferMazu
feat: Upgrade Python dependency openedx-authz (openedx#37652)
94115d5 
* feat: Upgrade Python dependency openedx-authz

handle cache invalidation

Commit generated by workflow `openedx/edx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master`

* fix: update the num of queries in tests

---------

Co-authored-by: MaferMazu <[email protected]>
Co-authored-by: Maria Fernanda Magallanes Zubillaga <[email protected]>
(cherry picked from commit 122b4e0)
@MaferMazu
chore: update requirements to fix the inconsistency
044ac07
bmtcril
bmtcril approved these changes Nov 20, 2025
View reviewed changes
Copy link
Contributor

@bmtcril bmtcril left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

mariajgrimaldi
mariajgrimaldi approved these changes Nov 20, 2025
View reviewed changes
Copy link
Member

@mariajgrimaldi mariajgrimaldi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested this locally alongside tutor@ulmo and tutor-mfe@ulmo and it's working as expected! Thank you so much :)

@mariajgrimaldi mariajgrimaldi merged commit d9ec5be into openedx:release/ulmo Nov 20, 2025
49 checks passed
@github-project-automation github-project-automation bot moved this from Ready for Review to Done in Contributions Nov 20, 2025
@github-project-automation github-project-automation bot moved this from Ready for review to Done in RBAC AuthZ Board Nov 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mariajgrimaldi mariajgrimaldi mariajgrimaldi approved these changes

@bmtcril bmtcril bmtcril approved these changes

@farhaanbukhsh farhaanbukhsh Awaiting requested review from farhaanbukhsh

Assignees

@MaferMazu MaferMazu

Labels

FC Relates to an Axim Funded Contribution project open-source-contribution PR author is not from Axim or 2U

Projects

Contributions
Status: Done
RBAC AuthZ Board
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@MaferMazu @openedx-webhooks @bmtcril @mariajgrimaldi @mphilbrick211