|
6 | 6 | from django.conf import settings |
7 | 7 | from django.db.models import Q |
8 | 8 |
|
| 9 | +from openedx_authz.api.data import PermissionData |
9 | 10 | from openedx_authz.api.users import is_user_allowed, get_scopes_for_user_and_permission |
| 11 | +from openedx_authz.constants.permissions import VIEW_LIBRARY |
10 | 12 |
|
11 | 13 | from openedx.core.djangoapps.content_libraries.models import ContentLibraryPermission |
12 | 14 |
|
@@ -134,15 +136,15 @@ class HasPermissionInContentLibraryScope(Rule): |
134 | 136 | org.short_name='DemoX' and slug='CSPROB'. |
135 | 137 | """ |
136 | 138 |
|
137 | | - def __init__(self, action_external_key: str, filter_keys: list[str] | None = None): |
| 139 | + def __init__(self, permission: PermissionData, filter_keys: list[str] | None = None): |
138 | 140 | """Initialize the rule with the action and filter keys to filter on. |
139 | 141 |
|
140 | 142 | Args: |
141 | | - action_external_key (str): The action/permission to check (e.g., 'view', 'edit'). |
| 143 | + permission (PermissionData): The permission to check (e.g., 'view', 'edit'). |
142 | 144 | filter_keys (list[str]): The model fields to filter on when building QuerySet filters. |
143 | 145 | Defaults to ['org', 'slug'] for ContentLibrary. |
144 | 146 | """ |
145 | | - self.action_external_key = action_external_key |
| 147 | + self.permission = permission |
146 | 148 | self.filter_keys = filter_keys if filter_keys is not None else ["org", "slug"] |
147 | 149 |
|
148 | 150 | def query(self, user): |
@@ -179,7 +181,7 @@ def query(self, user): |
179 | 181 | """ |
180 | 182 | scopes = get_scopes_for_user_and_permission( |
181 | 183 | user.username, |
182 | | - self.action_external_key |
| 184 | + self.permission.identifier |
183 | 185 | ) |
184 | 186 |
|
185 | 187 | library_keys = [scope.library_key for scope in scopes] |
@@ -216,7 +218,7 @@ def check(self, user, instance, *args, **kwargs): # pylint: disable=arguments-d |
216 | 218 | >>> can_view = rule.check(user, library) |
217 | 219 | >>> # Checks if user has 'view' permission in scope 'lib:DemoX:CSPROB' |
218 | 220 | """ |
219 | | - return is_user_allowed(user.username, self.action_external_key, str(instance.library_key)) |
| 221 | + return is_user_allowed(user.username, self.permission.identifier, str(instance.library_key)) |
220 | 222 |
|
221 | 223 |
|
222 | 224 | ########################### Permissions ########################### |
@@ -253,7 +255,7 @@ def check(self, user, instance, *args, **kwargs): # pylint: disable=arguments-d |
253 | 255 | # Libraries with "public read" permissions can be accessed only by course creators |
254 | 256 | (Attribute('allow_public_read', True) & is_course_creator) | |
255 | 257 | # Users can access libraries within their authorized scope (via Casbin/role-based permissions) |
256 | | - HasPermissionInContentLibraryScope("view_library") | |
| 258 | + HasPermissionInContentLibraryScope(VIEW_LIBRARY) | |
257 | 259 | # Fallback to: the user must be part of the library's team (legacy permission system) |
258 | 260 | has_explicit_read_permission_for_library |
259 | 261 | ) |
|
0 commit comments