diff --git a/openedx/core/djangoapps/oauth_dispatch/admin.py b/openedx/core/djangoapps/oauth_dispatch/admin.py index 0c503f2c42..5401a81a8e 100644 --- a/openedx/core/djangoapps/oauth_dispatch/admin.py +++ b/openedx/core/djangoapps/oauth_dispatch/admin.py @@ -6,7 +6,7 @@ Override admin configuration for django-oauth-toolkit from django.contrib.admin import ModelAdmin, site from oauth2_provider import models -from .models import ApplicationAccess, ApplicationOrganization, RestrictedApplication +from .models import ApplicationAccess, RestrictedApplication def reregister(model_class): @@ -83,13 +83,6 @@ class ApplicationAccessAdmin(ModelAdmin): list_display = ['application', 'scopes', 'filters'] -class ApplicationOrganizationAdmin(ModelAdmin): - """ - ModelAdmin for ApplicationOrganization - """ - list_display = [u'application', u'organization', u'relation_type'] - - class RestrictedApplicationAdmin(ModelAdmin): """ ModelAdmin for the Restricted Application @@ -98,5 +91,4 @@ class RestrictedApplicationAdmin(ModelAdmin): site.register(ApplicationAccess, ApplicationAccessAdmin) -site.register(ApplicationOrganization, ApplicationOrganizationAdmin) site.register(RestrictedApplication, RestrictedApplicationAdmin) diff --git a/openedx/core/djangoapps/oauth_dispatch/dot_overrides/views.py b/openedx/core/djangoapps/oauth_dispatch/dot_overrides/views.py index 7e717c9b3f..5a4d9115a0 100644 --- a/openedx/core/djangoapps/oauth_dispatch/dot_overrides/views.py +++ b/openedx/core/djangoapps/oauth_dispatch/dot_overrides/views.py @@ -10,19 +10,15 @@ from oauth2_provider.scopes import get_scopes_backend from oauth2_provider.settings import oauth2_settings from oauth2_provider.views import AuthorizationView -from openedx.core.djangoapps.oauth_dispatch.models import ApplicationOrganization - -# TODO (ARCH-83) remove once we have full support of OAuth Scopes class EdxOAuth2AuthorizationView(AuthorizationView): """ Override the AuthorizationView's GET method so the user isn't prompted to approve the application if they have already in the past, even if their access token is expired. - This is a temporary override of the base implementation - in order to accommodate our Restricted Applications support - until OAuth Scopes are fully supported. + This is override of the base implementation accommodates our + Restricted Applications support and custom filters. """ def get(self, request, *args, **kwargs): # Note: This code is copied from https://github.com/evonove/django-oauth-toolkit/blob/34f3b7b3511c15686039079026165feaadb1b87d/oauth2_provider/views/base.py#L111 @@ -44,6 +40,10 @@ class EdxOAuth2AuthorizationView(AuthorizationView): kwargs["scopes_descriptions"] = [all_scopes[scope] for scope in scopes] kwargs['scopes'] = scopes + # TODO: ROBERT: + # 1. Replace the below ApplicationOrganization code using filters instead! + # 2. Search for ApplicationOrganization and remove the rest. + # at this point we know an Application instance with such client_id exists in the database application = get_application_model().objects.get(client_id=credentials['client_id']) content_orgs = ApplicationOrganization.get_related_org_names( diff --git a/openedx/core/djangoapps/oauth_dispatch/models.py b/openedx/core/djangoapps/oauth_dispatch/models.py index 5bbe14f8e7..dee7369798 100644 --- a/openedx/core/djangoapps/oauth_dispatch/models.py +++ b/openedx/core/djangoapps/oauth_dispatch/models.py @@ -114,12 +114,16 @@ class ApplicationAccess(models.Model): @python_2_unicode_compatible class ApplicationOrganization(models.Model): """ - Associates a DOT Application to an Organization. + DEPRECATED: Associates a DOT Application to an Organization. - See openedx/core/djangoapps/oauth_dispatch/docs/decisions/0007-include-organizations-in-tokens.rst - for the intended use of this model. + This model is no longer in use. - Deprecated: Use filters in ApplicationAccess instead. + TODO: BOM-1270: This model and table will be removed post-Juniper + so Open edX instances can migrate data if necessary. + + To migrate, use ApplicationAccess and add a ``filter`` of the form + ``content_org:`` (e.g. content_org:edx), for each record + in this model's table. .. no_pii: """ @@ -140,31 +144,3 @@ class ApplicationOrganization(models.Model): class Meta: app_label = 'oauth_dispatch' unique_together = ('application', 'relation_type', 'organization') - - @classmethod - def get_related_org_names(cls, application, relation_type=None): - """ - Return the names of the Organizations related to the given DOT Application. - - Filter by relation_type if provided. - """ - queryset = application.organizations.all() - if relation_type: - queryset = queryset.filter(relation_type=relation_type) - return [r.organization.name for r in queryset] - - def __str__(self): - """ - Return a unicode representation of this object. - """ - return u"{application_name}:{organization}:{relation_type}".format( - application_name=self.application.name, - organization=self.organization.short_name, - relation_type=self.relation_type, - ) - - def to_jwt_filter_claim(self): - """ - Serialize for use in JWT filter claim. - """ - return six.text_type(':'.join([self.relation_type, self.organization.short_name])) diff --git a/openedx/core/djangoapps/oauth_dispatch/tests/test_models.py b/openedx/core/djangoapps/oauth_dispatch/tests/test_models.py deleted file mode 100644 index 8601587730..0000000000 --- a/openedx/core/djangoapps/oauth_dispatch/tests/test_models.py +++ /dev/null @@ -1,23 +0,0 @@ -""" -Tests for oauth_dispatch models. -""" - - -import six -from django.test import TestCase - -from openedx.core.djangoapps.oauth_dispatch.tests.factories import ApplicationOrganizationFactory -from openedx.core.djangolib.testing.utils import skip_unless_lms - - -@skip_unless_lms -class ApplicationOrganizationTestCase(TestCase): - """ - Tests for the ApplicationOrganization model. - """ - def test_to_jwt_filter_claim(self): - """ Verify to_jwt_filter_claim returns the expected serialization of the model. """ - org_relation = ApplicationOrganizationFactory() - organization = org_relation.organization - jwt_filter_claim = org_relation.to_jwt_filter_claim() - assert jwt_filter_claim == six.text_type(':'.join([org_relation.relation_type, organization.short_name]))