feat: enable OAuth2 per View #148
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
shadinaif
force-pushed
the
shadinaif/fx-apis-oauth2
branch
2 times, most recently
from
7159f08 to
6629310
Compare
Base automatically changed from
shadinaif/fix-global-roles-do-not-have-access
to
main
November 19, 2024 10:49
shadinaif
force-pushed
the
shadinaif/fx-apis-oauth2
branch
7 times, most recently
from
aba799e to
d3d4671
Compare
shadinaif
commented
Nov 21, 2024
| :param cls: The class to register | ||
| :type cls: Any | ||
| """ | ||
| def _hacky_update_django_admin_choices(choices: list[tuple[str, str]]) -> None: |
There was a problem hiding this comment.
I had to do it like this because CourseAccessRoleForm class of edx-platform is always declared before our extension
shadinaif
commented
Nov 21, 2024
| @@ -34,6 +38,123 @@ class Meta: | |||
| unique_together = ('view_name', 'allowed_role') | |||
|
|
|||
|
|
|||
| class ViewUserMappingManager(models.Manager): # pylint: disable=too-few-public-methods | |||
There was a problem hiding this comment.
ViewUserMappingManager is needed to allow smooth UX in django-admin when sorting and filtering on column values
shadinaif
force-pushed
the
shadinaif/fx-apis-oauth2
branch
from
d3d4671 to
e43d45f
Compare
|
Thanks @shadinaif, let's discuss it tomorrow in our 1-1 |
OmarIthawi
reviewed
Nov 24, 2024
tehreem-sadat
approved these changes
Nov 25, 2024
OmarIthawi
approved these changes
Nov 25, 2024
shadinaif
force-pushed
the
shadinaif/fx-apis-oauth2
branch
from
e43d45f to
903da3f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fx_api_access_role_global: acts as a global role. It grants access to all tenants for the permitted viewfx_api_access_role: acts as a tenant-wide or course-specific role. It grants limited access to the permitted view/admin/fx_helpers/viewusermapping/usableflag that tells the admin if the record permits the related user to access the view or notBearerAuthenticationtoauthentication_classesfor all views of the extenstion. This will automatically allow OAuth2 to all views, but the extension will use the View-User-Mapping as an extra security layer to control the access per tenant or courseApplicationin django-oauth2-provider form/admin/oauth2_provider/application/(Authorization grant type: Confidential,Authorization grant type:Client Credentials)Sample screenshot of the admin page:
