diff --git a/openedx_authz/rest_api/v1/views.py b/openedx_authz/rest_api/v1/views.py index a88e0232..f938f599 100644 --- a/openedx_authz/rest_api/v1/views.py +++ b/openedx_authz/rest_api/v1/views.py @@ -442,7 +442,7 @@ class RoleListView(APIView): status.HTTP_401_UNAUTHORIZED: "The user is not authenticated or does not have the required permissions", }, ) - @authz_permissions(["manage_library_team"]) + @authz_permissions(["view_library_team"]) def get(self, request: HttpRequest) -> Response: """Retrieve all roles and their permissions for a specific scope.""" serializer = ListRolesWithScopeSerializer(data=request.query_params) diff --git a/openedx_authz/tests/rest_api/test_views.py b/openedx_authz/tests/rest_api/test_views.py index fca744a1..159e91bc 100644 --- a/openedx_authz/tests/rest_api/test_views.py +++ b/openedx_authz/tests/rest_api/test_views.py @@ -107,6 +107,21 @@ def setUpClass(cls): "role_name": "library_admin", "scope_name": "lib:Org3:LIB3", }, + { + "subject_name": "regular_6", + "role_name": "library_author", + "scope_name": "lib:Org3:LIB3", + }, + { + "subject_name": "regular_7", + "role_name": "library_collaborator", + "scope_name": "lib:Org3:LIB3", + }, + { + "subject_name": "regular_8", + "role_name": "library_user", + "scope_name": "lib:Org3:LIB3", + }, ] cls._assign_roles_to_users(assignments=assignments) @@ -127,7 +142,7 @@ def setUpTestData(cls): """Set up test fixtures once for the entire test class.""" super().setUpTestData() cls.create_admin_users(quantity=3) - cls.create_regular_users(quantity=7) + cls.create_regular_users(quantity=10) def setUp(self): """Set up test fixtures.""" @@ -692,3 +707,40 @@ def test_get_roles_pagination(self, query_params: dict, expected_count: int, has self.assertIsNotNone(response.data["next"]) else: self.assertIsNone(response.data["next"]) + + @data( + # Unauthenticated + (None, status.HTTP_401_UNAUTHORIZED), + # Admin user + ("admin_1", status.HTTP_200_OK), + # Library Admin user + ("regular_5", status.HTTP_200_OK), + # Library Author user + # ("regular_6", status.HTTP_200_OK), # TODO: uncomment this when we have the explicit permissions + # Library Collaborator user + # ("regular_7", status.HTTP_200_OK), # TODO: uncomment this when we have the explicit permissions + # Library User user + ("regular_8", status.HTTP_200_OK), + # Regular user without permission + ("regular_9", status.HTTP_403_FORBIDDEN), + # Non existent user + ("non_existent_user", status.HTTP_401_UNAUTHORIZED), + ) + @unpack + def test_get_roles_permissions(self, username: str, status_code: int): + """Test retrieving roles with permissions. + + Expected result: + - Returns 401 UNAUTHORIZED status if user is not authenticated + - Returns 403 FORBIDDEN status if user does not have permission + - Returns 200 OK status if user has permission with correct roles with permissions and user counts + """ + user = User.objects.filter(username=username).first() + self.client.force_authenticate(user=user) + + response = self.client.get(self.url, {"scope": "lib:Org3:LIB3"}) + + self.assertEqual(response.status_code, status_code) + if status_code == status.HTTP_200_OK: + self.assertIn("results", response.data) + self.assertIn("count", response.data)