Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: override permissions for exporting a taxonomy (#33483)

Browse Source
This commit is contained in:
Rômulo Penido
2023-10-16 16:30:52 -03:00
committed by GitHub
parent 9bf042b239
commit bbb7ef8aaf
7 changed files with 69 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
openedx/core/djangoapps/content_tagging/rest_api/v1/tests/test_views.py
View File

@@ -270,18 +270,18 @@ class TestTaxonomyViewSet(TestTaxonomyObjectsMixin, APITestCase):
assert response.status_code == status.HTTP_404_NOT_FOUND
@ddt.data(
(None, "ot1", status.HTTP_403_FORBIDDEN),
(None, "ot2", status.HTTP_403_FORBIDDEN),
(None, "st1", status.HTTP_403_FORBIDDEN),
(None, "st2", status.HTTP_403_FORBIDDEN),
(None, "t1", status.HTTP_403_FORBIDDEN),
(None, "t2", status.HTTP_403_FORBIDDEN),
(None, "tA1", status.HTTP_403_FORBIDDEN),
(None, "tA2", status.HTTP_403_FORBIDDEN),
(None, "tB1", status.HTTP_403_FORBIDDEN),
(None, "tB2", status.HTTP_403_FORBIDDEN),
(None, "tC1", status.HTTP_403_FORBIDDEN),
(None, "tC2", status.HTTP_403_FORBIDDEN),
(None, "ot1", status.HTTP_401_UNAUTHORIZED),
(None, "ot2", status.HTTP_401_UNAUTHORIZED),
(None, "st1", status.HTTP_401_UNAUTHORIZED),
(None, "st2", status.HTTP_401_UNAUTHORIZED),
(None, "t1", status.HTTP_401_UNAUTHORIZED),
(None, "t2", status.HTTP_401_UNAUTHORIZED),
(None, "tA1", status.HTTP_401_UNAUTHORIZED),
(None, "tA2", status.HTTP_401_UNAUTHORIZED),
(None, "tB1", status.HTTP_401_UNAUTHORIZED),
(None, "tB2", status.HTTP_401_UNAUTHORIZED),
(None, "tC1", status.HTTP_401_UNAUTHORIZED),
(None, "tC2", status.HTTP_401_UNAUTHORIZED),
("user", "ot1", status.HTTP_200_OK),
("user", "ot2", status.HTTP_404_NOT_FOUND),
("user", "st1", status.HTTP_200_OK),
@@ -336,7 +336,7 @@ class TestTaxonomyViewSet(TestTaxonomyObjectsMixin, APITestCase):
check_taxonomy(response.data, taxonomy.pk, **(TaxonomySerializer(taxonomy.cast()).data))
@ddt.data(
(None, status.HTTP_403_FORBIDDEN),
(None, status.HTTP_401_UNAUTHORIZED),
("user", status.HTTP_403_FORBIDDEN),
("userA", status.HTTP_403_FORBIDDEN),
("userS", status.HTTP_201_CREATED),
@@ -368,18 +368,18 @@ class TestTaxonomyViewSet(TestTaxonomyObjectsMixin, APITestCase):
check_taxonomy(response.data, response.data["id"], **create_data)
@ddt.data(
(None, "ot1", status.HTTP_403_FORBIDDEN),
(None, "ot2", status.HTTP_403_FORBIDDEN),
(None, "st1", status.HTTP_403_FORBIDDEN),
(None, "st2", status.HTTP_403_FORBIDDEN),
(None, "t1", status.HTTP_403_FORBIDDEN),
(None, "t2", status.HTTP_403_FORBIDDEN),
(None, "tA1", status.HTTP_403_FORBIDDEN),
(None, "tA2", status.HTTP_403_FORBIDDEN),
(None, "tB1", status.HTTP_403_FORBIDDEN),
(None, "tB2", status.HTTP_403_FORBIDDEN),
(None, "tC1", status.HTTP_403_FORBIDDEN),
(None, "tC2", status.HTTP_403_FORBIDDEN),
(None, "ot1", status.HTTP_401_UNAUTHORIZED),
(None, "ot2", status.HTTP_401_UNAUTHORIZED),
(None, "st1", status.HTTP_401_UNAUTHORIZED),
(None, "st2", status.HTTP_401_UNAUTHORIZED),
(None, "t1", status.HTTP_401_UNAUTHORIZED),
(None, "t2", status.HTTP_401_UNAUTHORIZED),
(None, "tA1", status.HTTP_401_UNAUTHORIZED),
(None, "tA2", status.HTTP_401_UNAUTHORIZED),
(None, "tB1", status.HTTP_401_UNAUTHORIZED),
(None, "tB2", status.HTTP_401_UNAUTHORIZED),
(None, "tC1", status.HTTP_401_UNAUTHORIZED),
(None, "tC2", status.HTTP_401_UNAUTHORIZED),
("user", "ot1", status.HTTP_403_FORBIDDEN),
("user", "ot2", status.HTTP_403_FORBIDDEN),
("user", "st1", status.HTTP_403_FORBIDDEN),
@@ -465,18 +465,18 @@ class TestTaxonomyViewSet(TestTaxonomyObjectsMixin, APITestCase):
assert response.data["system_defined"] is True
@ddt.data(
(None, "ot1", status.HTTP_403_FORBIDDEN),
(None, "ot2", status.HTTP_403_FORBIDDEN),
(None, "st1", status.HTTP_403_FORBIDDEN),
(None, "st2", status.HTTP_403_FORBIDDEN),
(None, "t1", status.HTTP_403_FORBIDDEN),
(None, "t2", status.HTTP_403_FORBIDDEN),
(None, "tA1", status.HTTP_403_FORBIDDEN),
(None, "tA2", status.HTTP_403_FORBIDDEN),
(None, "tB1", status.HTTP_403_FORBIDDEN),
(None, "tB2", status.HTTP_403_FORBIDDEN),
(None, "tC1", status.HTTP_403_FORBIDDEN),
(None, "tC2", status.HTTP_403_FORBIDDEN),
(None, "ot1", status.HTTP_401_UNAUTHORIZED),
(None, "ot2", status.HTTP_401_UNAUTHORIZED),
(None, "st1", status.HTTP_401_UNAUTHORIZED),
(None, "st2", status.HTTP_401_UNAUTHORIZED),
(None, "t1", status.HTTP_401_UNAUTHORIZED),
(None, "t2", status.HTTP_401_UNAUTHORIZED),
(None, "tA1", status.HTTP_401_UNAUTHORIZED),
(None, "tA2", status.HTTP_401_UNAUTHORIZED),
(None, "tB1", status.HTTP_401_UNAUTHORIZED),
(None, "tB2", status.HTTP_401_UNAUTHORIZED),
(None, "tC1", status.HTTP_401_UNAUTHORIZED),
(None, "tC2", status.HTTP_401_UNAUTHORIZED),
("user", "ot1", status.HTTP_403_FORBIDDEN),
("user", "ot2", status.HTTP_403_FORBIDDEN),
("user", "st1", status.HTTP_403_FORBIDDEN),
@@ -560,18 +560,18 @@ class TestTaxonomyViewSet(TestTaxonomyObjectsMixin, APITestCase):
assert response.data["system_defined"] is True
@ddt.data(
(None, "ot1", status.HTTP_403_FORBIDDEN),
(None, "ot2", status.HTTP_403_FORBIDDEN),
(None, "st1", status.HTTP_403_FORBIDDEN),
(None, "st2", status.HTTP_403_FORBIDDEN),
(None, "t1", status.HTTP_403_FORBIDDEN),
(None, "t2", status.HTTP_403_FORBIDDEN),
(None, "tA1", status.HTTP_403_FORBIDDEN),
(None, "tA2", status.HTTP_403_FORBIDDEN),
(None, "tB1", status.HTTP_403_FORBIDDEN),
(None, "tB2", status.HTTP_403_FORBIDDEN),
(None, "tC1", status.HTTP_403_FORBIDDEN),
(None, "tC2", status.HTTP_403_FORBIDDEN),
(None, "ot1", status.HTTP_401_UNAUTHORIZED),
(None, "ot2", status.HTTP_401_UNAUTHORIZED),
(None, "st1", status.HTTP_401_UNAUTHORIZED),
(None, "st2", status.HTTP_401_UNAUTHORIZED),
(None, "t1", status.HTTP_401_UNAUTHORIZED),
(None, "t2", status.HTTP_401_UNAUTHORIZED),
(None, "tA1", status.HTTP_401_UNAUTHORIZED),
(None, "tA2", status.HTTP_401_UNAUTHORIZED),
(None, "tB1", status.HTTP_401_UNAUTHORIZED),
(None, "tB2", status.HTTP_401_UNAUTHORIZED),
(None, "tC1", status.HTTP_401_UNAUTHORIZED),
(None, "tC2", status.HTTP_401_UNAUTHORIZED),
("user", "ot1", status.HTTP_403_FORBIDDEN),
("user", "ot2", status.HTTP_403_FORBIDDEN),
("user", "st1", status.HTTP_403_FORBIDDEN),
@@ -695,24 +695,24 @@ class TestObjectTagViewSet(TestTaxonomyObjectsMixin, APITestCase):
@ddt.data(
# userA and userS are staff in courseA and can tag using enabled taxonomies
(None, "tA1", ["Tag 1"], status.HTTP_403_FORBIDDEN),
(None, "tA1", ["Tag 1"], status.HTTP_401_UNAUTHORIZED),
("user", "tA1", ["Tag 1"], status.HTTP_403_FORBIDDEN),
("userA", "tA1", ["Tag 1"], status.HTTP_200_OK),
("userS", "tA1", ["Tag 1"], status.HTTP_200_OK),
(None, "tA1", [], status.HTTP_403_FORBIDDEN),
(None, "tA1", [], status.HTTP_401_UNAUTHORIZED),
("user", "tA1", [], status.HTTP_403_FORBIDDEN),
("userA", "tA1", [], status.HTTP_200_OK),
("userS", "tA1", [], status.HTTP_200_OK),
(None, "multiple_taxonomy", ["Tag 1", "Tag 2"], status.HTTP_403_FORBIDDEN),
(None, "multiple_taxonomy", ["Tag 1", "Tag 2"], status.HTTP_401_UNAUTHORIZED),
("user", "multiple_taxonomy", ["Tag 1", "Tag 2"], status.HTTP_403_FORBIDDEN),
("userA", "multiple_taxonomy", ["Tag 1", "Tag 2"], status.HTTP_200_OK),
("userS", "multiple_taxonomy", ["Tag 1", "Tag 2"], status.HTTP_200_OK),
(None, "open_taxonomy", ["tag1"], status.HTTP_403_FORBIDDEN),
(None, "open_taxonomy", ["tag1"], status.HTTP_401_UNAUTHORIZED),
("user", "open_taxonomy", ["tag1"], status.HTTP_403_FORBIDDEN),
("userA", "open_taxonomy", ["tag1"], status.HTTP_200_OK),
("userS", "open_taxonomy", ["tag1"], status.HTTP_200_OK),
# Only userS is Tagging Admin and can tag objects using disabled taxonomies
(None, "tA2", ["Tag 1"], status.HTTP_403_FORBIDDEN),
(None, "tA2", ["Tag 1"], status.HTTP_401_UNAUTHORIZED),
("user", "tA2", ["Tag 1"], status.HTTP_403_FORBIDDEN),
("userA", "tA2", ["Tag 1"], status.HTTP_403_FORBIDDEN),
("userS", "tA2", ["Tag 1"], status.HTTP_200_OK),
@@ -736,11 +736,11 @@ class TestObjectTagViewSet(TestTaxonomyObjectsMixin, APITestCase):
@ddt.data(
# Can't add invalid tags to a object using a closed taxonomy
(None, "tA1", ["invalid"], status.HTTP_403_FORBIDDEN),
(None, "tA1", ["invalid"], status.HTTP_401_UNAUTHORIZED),
("user", "tA1", ["invalid"], status.HTTP_403_FORBIDDEN),
("userA", "tA1", ["invalid"], status.HTTP_400_BAD_REQUEST),
("userS", "tA1", ["invalid"], status.HTTP_400_BAD_REQUEST),
(None, "multiple_taxonomy", ["invalid"], status.HTTP_403_FORBIDDEN),
(None, "multiple_taxonomy", ["invalid"], status.HTTP_401_UNAUTHORIZED),
("user", "multiple_taxonomy", ["invalid"], status.HTTP_403_FORBIDDEN),
("userA", "multiple_taxonomy", ["invalid"], status.HTTP_400_BAD_REQUEST),
("userS", "multiple_taxonomy", ["invalid"], status.HTTP_400_BAD_REQUEST),
@@ -763,24 +763,24 @@ class TestObjectTagViewSet(TestTaxonomyObjectsMixin, APITestCase):
@ddt.data(
# userA and userS are staff in courseA (owner of xblockA) and can tag using enabled taxonomies
(None, "tA1", ["Tag 1"], status.HTTP_403_FORBIDDEN),
(None, "tA1", ["Tag 1"], status.HTTP_401_UNAUTHORIZED),
("user", "tA1", ["Tag 1"], status.HTTP_403_FORBIDDEN),
("userA", "tA1", ["Tag 1"], status.HTTP_200_OK),
("userS", "tA1", ["Tag 1"], status.HTTP_200_OK),
(None, "tA1", [], status.HTTP_403_FORBIDDEN),
(None, "tA1", [], status.HTTP_401_UNAUTHORIZED),
("user", "tA1", [], status.HTTP_403_FORBIDDEN),
("userA", "tA1", [], status.HTTP_200_OK),
("userS", "tA1", [], status.HTTP_200_OK),
(None, "multiple_taxonomy", ["Tag 1", "Tag 2"], status.HTTP_403_FORBIDDEN),
(None, "multiple_taxonomy", ["Tag 1", "Tag 2"], status.HTTP_401_UNAUTHORIZED),
("user", "multiple_taxonomy", ["Tag 1", "Tag 2"], status.HTTP_403_FORBIDDEN),
("userA", "multiple_taxonomy", ["Tag 1", "Tag 2"], status.HTTP_200_OK),
("userS", "multiple_taxonomy", ["Tag 1", "Tag 2"], status.HTTP_200_OK),
(None, "open_taxonomy", ["tag1"], status.HTTP_403_FORBIDDEN),
(None, "open_taxonomy", ["tag1"], status.HTTP_401_UNAUTHORIZED),
("user", "open_taxonomy", ["tag1"], status.HTTP_403_FORBIDDEN),
("userA", "open_taxonomy", ["tag1"], status.HTTP_200_OK),
("userS", "open_taxonomy", ["tag1"], status.HTTP_200_OK),
# Only userS is Tagging Admin and can tag objects using disabled taxonomies
(None, "tA2", ["Tag 1"], status.HTTP_403_FORBIDDEN),
(None, "tA2", ["Tag 1"], status.HTTP_401_UNAUTHORIZED),
("user", "tA2", ["Tag 1"], status.HTTP_403_FORBIDDEN),
("userA", "tA2", ["Tag 1"], status.HTTP_403_FORBIDDEN),
("userS", "tA2", ["Tag 1"], status.HTTP_200_OK),
@@ -804,11 +804,11 @@ class TestObjectTagViewSet(TestTaxonomyObjectsMixin, APITestCase):
@ddt.data(
# Can't add invalid tags to a object using a closed taxonomy
(None, "tA1", ["invalid"], status.HTTP_403_FORBIDDEN),
(None, "tA1", ["invalid"], status.HTTP_401_UNAUTHORIZED),
("user", "tA1", ["invalid"], status.HTTP_403_FORBIDDEN),
("userA", "tA1", ["invalid"], status.HTTP_400_BAD_REQUEST),
("userS", "tA1", ["invalid"], status.HTTP_400_BAD_REQUEST),
(None, "multiple_taxonomy", ["invalid"], status.HTTP_403_FORBIDDEN),
(None, "multiple_taxonomy", ["invalid"], status.HTTP_401_UNAUTHORIZED),
("user", "multiple_taxonomy", ["invalid"], status.HTTP_403_FORBIDDEN),
("userA", "multiple_taxonomy", ["invalid"], status.HTTP_400_BAD_REQUEST),
("userS", "multiple_taxonomy", ["invalid"], status.HTTP_400_BAD_REQUEST),

1
openedx/core/djangoapps/content_tagging/rules.py
View File

@@ -86,6 +86,7 @@ rules.set_perm("oel_tagging.add_taxonomy", oel_tagging.is_taxonomy_admin)
rules.set_perm("oel_tagging.change_taxonomy", oel_tagging.can_change_taxonomy)
rules.set_perm("oel_tagging.delete_taxonomy", oel_tagging.can_change_taxonomy)
rules.set_perm("oel_tagging.view_taxonomy", oel_tagging.can_view_taxonomy)
rules.set_perm("oel_tagging.export_taxonomy", oel_tagging.can_view_taxonomy)
# Tag
rules.set_perm("oel_tagging.add_tag", can_change_taxonomy_tag)