openedx_authz.rest_api package#
Subpackages#
- openedx_authz.rest_api.v1 package
- Submodules
- openedx_authz.rest_api.v1.fields module
- openedx_authz.rest_api.v1.filters module
- openedx_authz.rest_api.v1.paginators module
- openedx_authz.rest_api.v1.permissions module
- openedx_authz.rest_api.v1.serializers module
- openedx_authz.rest_api.v1.urls module
- openedx_authz.rest_api.v1.views module
- Module contents
Submodules#
openedx_authz.rest_api.data module#
Data classes and enums for the Open edX AuthZ REST API.
- class openedx_authz.rest_api.data.AssignmentSortField(*values)
Bases:
BaseEnumEnum for the role assignment fields to sort by.
- ORG = 'org'
- ROLE = 'role'
- SCOPE = 'scope'
- class openedx_authz.rest_api.data.BaseEnum(new_class_name, /, names, *, module=None, qualname=None, type=None, start=1, boundary=None)
-
Base enum class.
- classmethod values()
List the values of the enum.
- class openedx_authz.rest_api.data.RoleOperationError(*values)
Bases:
BaseEnumEnum for errors that can occur during role assignment and removal operations.
- ROLE_ASSIGNMENT_ERROR = 'role_assignment_error'
- ROLE_REMOVAL_ERROR = 'role_removal_error'
- USER_ALREADY_HAS_ROLE = 'user_already_has_role'
- USER_DOES_NOT_HAVE_ROLE = 'user_does_not_have_role'
- USER_NOT_FOUND = 'user_not_found'
- class openedx_authz.rest_api.data.RoleOperationStatus(*values)
Bases:
BaseEnumEnum for the status of role assignment and removal operations.
- ROLE_ADDED = 'role_added'
- ROLE_REMOVED = 'role_removed'
- class openedx_authz.rest_api.data.ScopesQuerySetFields(*values)
Bases:
BaseEnumEnum for the annotated fields used in the Scopes query set for the scopes endpoint
- DISPLAY_NAME_COL = 'display_name_col'
- ORG_NAME = 'org_name'
- SCOPE_ID = 'scope_id'
- SCOPE_TYPE = 'scope_type'
- class openedx_authz.rest_api.data.ScopesTypeField(*values)
Bases:
BaseEnumEnum for the scope_type query field on the scopes endpoint
- COURSE = 'course'
- LIBRARY = 'library'
- class openedx_authz.rest_api.data.SearchField(*values)
Bases:
BaseEnumEnum for the fields allowed for text search filtering.
- EMAIL = 'email'
- FULL_NAME = 'full_name'
- USERNAME = 'username'
- class openedx_authz.rest_api.data.SortField(*values)
Bases:
BaseEnumEnum for the fields to sort by.
- EMAIL = 'email'
- FULL_NAME = 'full_name'
- USERNAME = 'username'
- class openedx_authz.rest_api.data.SortOrder(*values)
Bases:
BaseEnumEnum for the order to sort by.
- ASC = 'asc'
- DESC = 'desc'
- class openedx_authz.rest_api.data.UserAssignmentSortField(*values)
Bases:
BaseEnumEnum for the user role assignment fields to sort by.
- EMAIL = 'email'
- FULL_NAME = 'full_name'
- ORG = 'org'
- ROLE = 'role'
- SCOPE = 'scope'
- USERNAME = 'username'
openedx_authz.rest_api.decorators module#
Decorators for the Open edX AuthZ REST API.
- openedx_authz.rest_api.decorators.authz_permissions(permissions: list[str])
Decorator to attach required permissions to view methods.
This decorator stores a list of permission identifiers that will be checked by MethodPermissionMixin during authorization.
- Parameters:
permissions – List of permission identifiers e.g., [“content_libraries.view_library_team”, “content_libraries.manage_library_team”])
Examples
>>> class MyView(APIView): ... @authz_permissions(["content_libraries.view_library_team"]) ... def get(self, request): ... pass ... ... @authz_permissions(["content_libraries.manage_library_team"]) ... def post(self, request): ... pass
- openedx_authz.rest_api.decorators.view_auth_classes(is_authenticated=True)
Function and class decorator that abstracts the authentication and permission checks for api views.
- Parameters:
is_authenticated – Whether the view requires authentication.
- Returns:
The decorated view or class.
Examples
>>> @view_auth_classes(is_authenticated=False) ... class MyView(APIView): ... def get(self, request): ... return Response("Hello, world!")
openedx_authz.rest_api.urls module#
Open edX AuthZ API URLs.
openedx_authz.rest_api.utils module#
Utility functions for the Open edX AuthZ REST API.
- openedx_authz.rest_api.utils.filter_users(users: list[dict], search: str | None, roles: list[str] | None) list[dict]
Filter users by a case-insensitive search string and/or by roles.
- Parameters:
- Returns:
The filtered users, preserving the original order.
- Return type:
- openedx_authz.rest_api.utils.get_generic_scope(scope: ScopeData) ScopeData
Create a generic scope from a given scope by replacing its key with a wildcard.
This function preserves the namespace of the original scope but replaces the specific key with a wildcard, allowing for broader permission checks across all scopes within the same namespace.
- Parameters:
scope (ScopeData) – The specific scope to generalize.
- Returns:
A new scope with the same namespace but a wildcard key.
- Return type:
ScopeData
Examples
>>> scope = ScopeData(namespaced_key="lib^lib:DemoX:CSPROB") >>> get_generic_scope(scope) ScopeData(namespaced_key="lib^*")
- openedx_authz.rest_api.utils.sort_assignments(assignments: list[dict], sort_by: AssignmentSortField = AssignmentSortField.ROLE, order: SortOrder = SortOrder.ASC) list[dict]
Sort role assignments by a given field and order.
- Parameters:
- Raises:
ValueError – If the sort field is invalid.
ValueError – If the sort order is invalid.
- Returns:
The sorted assignments.
- Return type:
- openedx_authz.rest_api.utils.sort_user_assignments(assignments: list[dict], sort_by: UserAssignmentSortField = UserAssignmentSortField.ROLE, order: SortOrder = SortOrder.ASC) list[dict]
Sort role assignments by a given field and order.
- Parameters:
- Raises:
ValueError – If the sort field is invalid.
ValueError – If the sort order is invalid.
- Returns:
The sorted assignments.
- Return type:
- openedx_authz.rest_api.utils.sort_users(users: list[dict], sort_by: SortField = SortField.USERNAME, order: SortOrder = SortOrder.ASC) list[dict]
Sort users by a given field and order.
- Parameters:
- Raises:
ValueError – If the sort field is invalid.
ValueError – If the sort order is invalid.
- Returns:
The sorted users.
- Return type: