US: View available library roles

[MaferMazu]

As a Library Member, I want to view the roles available for libraries with their descriptions and permissions, so that I can understand each role's capabilities.

Figma: https://www.figma.com/design/q3Knq0BKoVTBbtaxb81n9R/RBAC---Console---Wireframes?node-id=2750-9652&t=71PeX22gyABqxnHu-4

Acceptance criteria

• Placement
  Integrated as a tab named Roles in the Library Team Management view, alongside Team Members and Permissions.

• Access
  Any user with a role in the library can view this tab.
  Non members cannot access this panel.

• Header context
  Shows library name and library ID in the header.

• Content
  List of Role Cards.
  Each card shows the role name followed by the number of users on it, and a short description. Descriptions are WIP.
  Each card includes a collapsible list of permissions grouped by category, Library, Content, Team, Collections.
  Permissions are displayed as chips indicating whether that permission is included for the role.

• States
  Loading uses skeleton blocks.
  Error shows a message with a Retry action.

Notes, out of scope for this card

• Sorting and filters are separate stories.

• There is an API GET endpoint to retrieve all the roles and associated permissions for the current scope.

• API and error views are defined in a separate card. 401 and 403 use the same auth error view. 404 and general server errors use a not found or generic error view with a Retry.

[jmakowski1123]

@gviedma-aulasneo

We are missing one bit of nuance in the Library Author role - there should be two versions of this role. 1) Library Author with content publishing permissions. 2) Library Author role with no content publishing permissions.

I think the easiest way to handle this is to just duplicate the Library Author role card and switch that one permission in the second iteration of it. So the requirements would be something like:

AC:

There are two Library Author cards in the Roles tab.

Header title: Library Author, with Publishing Permissions
Permission pills: (as designed)

Header title: Library Author, without Publishing Permissions
Permission pills: (as designed, but without the "publish" permission in the Content row

(Open to feedback on the titles of these two roles.)

Hoping this is a simple enough tweak that we don't need to re-do any designs, if the AC is clear in written specs.

[dcoa]

That distinction is also important for the role assignment and delete actions. Although it doesn't block frontend development, it should still be considered in the backend definitions (Casbin). I’ll tag @MaferMazu for visibility.

[gviedma-aulasneo]

@jmakowski1123 On the “Author with and without publishing” idea, you raised this a few weeks ago, and we created the Collaborator role, an author who cannot publish. It is defined in the doc and shown in the designs.
Doc: https://openedx.atlassian.net/wiki/spaces/OEPM/pages/4840095745/Library+Roles+and+Permissions

Figma: https://www.figma.com/design/q3Knq0BKoVTBbtaxb81n9R/RBAC---Console---Wireframes?node-id=2750-9652&t=71PeX22gyABqxnHu-4

Are you alright with the name Library Collaborator?

PS: I will use this opportunity to update the Creator role, removing the create permission from Library Admin, as we discussed. Please check the doc when you review it. CC @MaferMazu

[dcoa]

Mock data for the creation of the UI

GET /api/authz/v1/roles?scope=libraryId
Response 200

[
  {
    "role": "library_admin",
    "description": "Has full administrative privileges over the library, including managing users, content, and settings.",
    "user_count": 3,
    "objects": [
      {
        "object": "library",
        "description": "Entire library-level permissions",
        "actions": [
          "create_library",
          "delete_library",
          "edit_library",
          "publish_library"
        ]
      },
      {
        "object": "library_team",
        "description": "Manage and view the team members of the library",
        "actions": [
          "manage_library_team",
          "view_library_team"
        ]
      },
      {
        "object": "library_tags",
        "description": "Manage tags associated with the library",
        "actions": [
          "manage_library_tags",
          "view_library_tags"
        ]
      },
      {
        "object": "library_content",
        "description": "Manage library content including publishing and deletion",
        "actions": [
          "delete_library_content",
          "publish_library_content",
          "edit_library_content",
          "view_library_content",
          "reuse_library_content"
        ]
      },
      {
        "object": "library_collection",
        "description": "Handle creation, editing, and deletion of collections",
        "actions": [
          "create_library_collection",
          "edit_library_collection",
          "delete_library_collection",
          "view_library_collection"
        ]
      }
    ]
  },
  {
    "role": "library_author",
    "description": "Can author content and manage library structure; inherits collaborator and user permissions.",
    "user_count": 12,
    "objects": [
      {
        "object": "library",
        "description": "Edit permissions for library settings",
        "actions": [
          "edit_library",
          "create_library"
        ]
      },
      {
        "object": "library_tags",
        "description": "Manage tags associated with the library",
        "actions": [
          "manage_library_tags",
          "view_library_tags"
        ]
      },
      {
        "object": "library_content",
        "description": "Author and manage content",
        "actions": [
          "delete_library_content",
          "publish_library_content",
          "edit_library_content",
          "view_library_content",
          "reuse_library_content"
        ]
      },
      {
        "object": "library_collection",
        "description": "Manage collections",
        "actions": [
          "create_library_collection",
          "edit_library_collection",
          "delete_library_collection",
          "view_library_collection"
        ]
      }
    ]
  },
  {
    "role": "library_collaborator",
    "description": "Can edit library content and manage collections and tags; inherits user permissions.",
    "user_count": 25,
    "objects": [
      {
        "object": "library",
        "description": "Edit permissions for library settings",
        "actions": [
          "edit_library",
          "create_library"
        ]
      },
      {
        "object": "library_tags",
        "description": "Manage tags associated with the library",
        "actions": [
          "manage_library_tags",
          "view_library_tags"
        ]
      },
      {
        "object": "library_content",
        "description": "Edit and delete content",
        "actions": [
          "delete_library_content",
          "edit_library_content",
          "view_library_content",
          "reuse_library_content"
        ]
      },
      {
        "object": "library_collection",
        "description": "Manage collections",
        "actions": [
          "create_library_collection",
          "edit_library_collection",
          "delete_library_collection",
          "view_library_collection"
        ]
      }
    ]
  },
  {
    "role": "library_user",
    "description": "Has read-only access to view content and reuse it.",
    "user_count": 104,
    "objects": [
      {
        "object": "library",
        "description": "View library structure",
        "actions": [
          "view_library"
        ]
      },
      {
        "object": "library_team",
        "description": "View the team members of the library",
        "actions": [
          "view_library_team"
        ]
      },
      {
        "object": "library_content",
        "description": "Read and reuse content",
        "actions": [
          "view_library_content",
          "reuse_library_content"
        ]
      }
    ]
  }
]

[jmakowski1123]

@jmakowski1123 On the “Author with and without publishing” idea, you raised this a few weeks ago, and we created the Collaborator role, an author who cannot publish. It is defined in the doc and shown in the designs. Doc: https://openedx.atlassian.net/wiki/spaces/OEPM/pages/4840095745/Library+Roles+and+Permissions

Figma: https://www.figma.com/design/q3Knq0BKoVTBbtaxb81n9R/RBAC---Console---Wireframes?node-id=2750-9652&t=71PeX22gyABqxnHu-4

Are you alright with the name Library Collaborator?

PS: I will use this opportunity to update the Creator role, removing the create permission from Library Admin, as we discussed. Please check the doc when you review it. CC @MaferMazu

I don't think Library Collaborator is clear enough. Let's discuss today.

[dcoa]

I will work in this tab with the information that is available now and I will update the descriptions later. if needed @gviedma-aulasneo