feat: add new content library enforcement points#38071
feat: add new content library enforcement points#38071BryanttV wants to merge 5 commits intoopenedx:masterfrom
Conversation
openedx-webhooks
added
open-source-contribution
|
Thanks for the pull request, @BryanttV! This repository is currently maintained by Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review. 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. DetailsWhere can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources: When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
BryanttV
force-pushed
the
bav/add-missing-library-enforcement-points
branch
from
3c811b1 to
20ab0d2
Compare
BryanttV
changed the title
BryanttV
force-pushed
the
bav/add-missing-library-enforcement-points
branch
5 times, most recently
from
d976851 to
a12343b
Compare
BryanttV
force-pushed
the
bav/add-missing-library-enforcement-points
branch
from
a12343b to
d9f2892
Compare
2 participants
Description
This PR adds missing authorization enforcement points for Content Libraries v2, aligning tagging and reuse operations with the new granular authz permissions (notably
MANAGE_LIBRARY_TAGSandREUSE_LIBRARY_CONTENT). Currently, some operations on Content Libraries v2 rely on generic edit/view permissions instead of the more specific g2 authz permissionsWhat This PR Changes
New helper for library tagging access
has_library_tagging_access(user, library_key). This helper looks up theContentLibraryobject and checksMANAGE_LIBRARY_TAGSviauser_has_permission_across_lib_authz_systems.Updated tagging rules for library content
can_change_object_tag_objectid. If the context is aLibraryLocatorV2, it now useshas_library_tagging_accessand therefore requiresMANAGE_LIBRARY_TAGS. For other contexts (courses, XBlocks, etc.), it still falls back tohas_studio_write_accessas before.New enforcement for content reuse flows
LibraryPasteClipboardViewnow requiresauthz_permissions.REUSE_LIBRARY_CONTENTinstead of the legacyCAN_EDIT_THIS_CONTENT_LIBRARYpermission.ClipboardEndpointnow also requiresREUSE_LIBRARY_CONTENT(rather thanCAN_VIEW_THIS_CONTENT_LIBRARY) when bringing content from a library into a course.Authz-to-legacy permission mapping updates
_transform_authz_permission_to_legacy_lib_permissionis extended so that:MANAGE_LIBRARY_TAGS→CAN_EDIT_THIS_CONTENT_LIBRARYREUSE_LIBRARY_CONTENT→CAN_VIEW_THIS_CONTENT_LIBRARYSupporting information
Testing instructions
You can test the following endpoints:
REUSE_LIBRARY_CONTENTAll library roles (Library Admin, Library Author, Library Contributor, and Library User) can reuse library content:
{studio_domain}/api/content-staging/v1/clipboard/: Copy content to the clipboard.{studio_domain}/api/libraries/v2/{library_key}/paste_clipboard/: Paste content from the clipboard into a library.MANAGE_LIBRARY_TAGSAll library roles (except Library User) can manage (add or remove) tags for content in a library:
{studio_domain}/api/content_tagging/v1/object_tags/{object_key}/: Add or remove tags from library content.You can use the following Postman Collection.
Deadline
None