openedx-authz
#############
|pypi-badge| |ci-badge| |codecov-badge| |doc-badge| |pyversions-badge|
|license-badge| |status-badge|
Purpose
*******
Open edX AuthZ provides the architecture and foundations of the authorization framework. It implements the core machinery needed to support consistent authorization across the Open edX ecosystem.
This repository centralizes the architecture, design decisions, and reference implementation of a unified model for roles and permissions. It introduces custom roles, flexible scopes, and policy-based evaluation, aiming to replace the fragmented legacy system with a scalable, extensible, and reusable solution.
See the `Product Requirements document for Roles & Permissions`_ for detailed specifications and requirements.
.. _Product Requirements document for Roles & Permissions: https://openedx.atlassian.net/wiki/spaces/OEPM/pages/4724490259/PRD+Roles+Permissions
.. |pypi-badge| image:: https://img.shields.io/pypi/v/openedx-authz.svg
:target: https://pypi.python.org/pypi/openedx-authz/
:alt: PyPI
.. |ci-badge| image:: https://github.com/openedx/openedx-authz/actions/workflows/ci.yml/badge.svg?branch=main
:target: https://github.com/openedx/openedx-authz/actions/workflows/ci.yml
:alt: CI
.. |codecov-badge| image:: https://codecov.io/github/openedx/openedx-authz/coverage.svg?branch=main
:target: https://codecov.io/github/openedx/openedx-authz?branch=main
:alt: Codecov
.. |doc-badge| image:: https://readthedocs.org/projects/openedx-authz/badge/?version=latest
:target: https://docs.openedx.org/projects/openedx-authz
:alt: Documentation
.. |pyversions-badge| image:: https://img.shields.io/pypi/pyversions/openedx-authz.svg
:target: https://pypi.python.org/pypi/openedx-authz/
:alt: Supported Python versions
.. |license-badge| image:: https://img.shields.io/github/license/openedx/openedx-authz.svg
:target: https://github.com/openedx/openedx-authz/blob/main/LICENSE.txt
:alt: License
.. |status-badge| image:: https://img.shields.io/badge/Status-Experimental-yellow
Change Log
##########
..
All enhancements and patches to openedx_authz will be documented
in this file. It adheres to the structure of https://keepachangelog.com/ ,
but in reStructuredText instead of Markdown (for ease of incorporation into
Sphinx documentation and the PyPI description).
This project adheres to Semantic Versioning (https://semver.org/).
.. There should always be an "Unreleased" section for changes pending release.
Unreleased
**********
*
0.11.1 - 2025-10-29
********************
Changed
=======
* Refactor to get permissions' scopes instead of role.
Fixed
=====
* Use correct content library toggle to check if Content Library V2 is enabled.
0.11.0 - 2025-10-29
********************
Added
=====
* Disable auto-save and auto-load of policies if Content Library V2 is disabled.
0.10.1 - 2025-10-28
********************
Fixed
=====
* Fix constants and test class to be able to use it outside this app.
0.10.0 - 2025-10-28
*******************
Added
=====
* New ``get_object()`` method in ScopeData to retrieve underlying domain objects
* Implementation of ``get_object()`` for ContentLibraryData with canonical key validation
Changed
=======
* Refactor ``ContentLibraryData.exists()`` to use ``get_object()`` internally
0.9.1 - 2025-10-28
******************
Fixed
=====
* Fix role user count to accurately filter users assigned to roles within specific scopes instead of across all scopes.
0.9.0 - 2025-10-27
******************
Added
=====
* Function API to retrieve scopes for a given role and subject.
0.8.0 - 2025-10-24
******************
Added
=====
* Allow disabling auto-load and auto-save of policies by setting CASBIN_AUTO_LOAD_POLICY_INTERVAL to -1.
Changed
=======
* Migrate from using pycodestyle and isort to ruff for code quality checks and formatting.
* Enhance enforcement command with dual operational modes (database and file mode).
0.7.0 - 2025-10-23
******************
Added
=====
* Initial migration to establish dependency on casbin_adapter for automatic CasbinRule table creation.
0.6.0 - 2025-10-22
******************
Changed
=======
* Use a SyncedEnforcer with default auto load policy.
Removed
=======
* Remove Casbin Redis watcher from engine configuration.
0.5.0 - 2025-10-21
******************
Added
=====
* Default policy for Content Library roles and permissions.
Fixed
=====
* Add plugin_settings in test settings.
* Update permissions for RoleListView.
0.4.1 - 2025-10-16
******************
Fixed
=====
* Load policy before adding policies in the loading script to avoid duplicates.
0.4.0 - 2025-16-10
******************
Changed
=======
* Initialize enforcer when application is ready to avoid access errors.
0.3.0 - 2025-10-10
******************
Added
=====
* Implementation of REST API for roles and permissions management.
0.2.0 - 2025-10-10
******************
Added
=====
* ADRs for key design decisions.
* Casbin model (CONF) and engine layer for authorization.
* Implementation of public API for roles and permissions management.
0.1.0 - 2025-08-27
******************
Added
=====
* Basic repo structure and initial setup.
Raw data
{
"_id": null,
"home_page": "https://github.com/openedx/openedx-authz",
"name": "openedx-authz",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.11",
"maintainer_email": null,
"keywords": "Python edx",
"author": "Open edX Project",
"author_email": "oscm@openedx.org",
"download_url": "https://files.pythonhosted.org/packages/1f/8d/f0e0b8e3cecb08065ad3116e33188363e353af79eec148059e7e50cb20ea/openedx_authz-0.11.1.tar.gz",
"platform": null,
"description": "openedx-authz\n#############\n\n|pypi-badge| |ci-badge| |codecov-badge| |doc-badge| |pyversions-badge|\n|license-badge| |status-badge|\n\nPurpose\n*******\n\nOpen edX AuthZ provides the architecture and foundations of the authorization framework. It implements the core machinery needed to support consistent authorization across the Open edX ecosystem.\n\nThis repository centralizes the architecture, design decisions, and reference implementation of a unified model for roles and permissions. It introduces custom roles, flexible scopes, and policy-based evaluation, aiming to replace the fragmented legacy system with a scalable, extensible, and reusable solution.\n\nSee the `Product Requirements document for Roles & Permissions`_ for detailed specifications and requirements.\n\n.. _Product Requirements document for Roles & Permissions: https://openedx.atlassian.net/wiki/spaces/OEPM/pages/4724490259/PRD+Roles+Permissions\n\n.. |pypi-badge| image:: https://img.shields.io/pypi/v/openedx-authz.svg\n :target: https://pypi.python.org/pypi/openedx-authz/\n :alt: PyPI\n\n.. |ci-badge| image:: https://github.com/openedx/openedx-authz/actions/workflows/ci.yml/badge.svg?branch=main\n :target: https://github.com/openedx/openedx-authz/actions/workflows/ci.yml\n :alt: CI\n\n.. |codecov-badge| image:: https://codecov.io/github/openedx/openedx-authz/coverage.svg?branch=main\n :target: https://codecov.io/github/openedx/openedx-authz?branch=main\n :alt: Codecov\n\n.. |doc-badge| image:: https://readthedocs.org/projects/openedx-authz/badge/?version=latest\n :target: https://docs.openedx.org/projects/openedx-authz\n :alt: Documentation\n\n.. |pyversions-badge| image:: https://img.shields.io/pypi/pyversions/openedx-authz.svg\n :target: https://pypi.python.org/pypi/openedx-authz/\n :alt: Supported Python versions\n\n.. |license-badge| image:: https://img.shields.io/github/license/openedx/openedx-authz.svg\n :target: https://github.com/openedx/openedx-authz/blob/main/LICENSE.txt\n :alt: License\n\n.. |status-badge| image:: https://img.shields.io/badge/Status-Experimental-yellow\n\n\nChange Log\n##########\n\n..\n All enhancements and patches to openedx_authz will be documented\n in this file. It adheres to the structure of https://keepachangelog.com/ ,\n but in reStructuredText instead of Markdown (for ease of incorporation into\n Sphinx documentation and the PyPI description).\n\n This project adheres to Semantic Versioning (https://semver.org/).\n\n.. There should always be an \"Unreleased\" section for changes pending release.\n\nUnreleased\n**********\n\n*\n\n0.11.1 - 2025-10-29\n********************\n\nChanged\n=======\n\n* Refactor to get permissions' scopes instead of role.\n\nFixed\n=====\n\n* Use correct content library toggle to check if Content Library V2 is enabled.\n\n0.11.0 - 2025-10-29\n********************\n\nAdded\n=====\n\n* Disable auto-save and auto-load of policies if Content Library V2 is disabled.\n\n0.10.1 - 2025-10-28\n********************\n\nFixed\n=====\n\n* Fix constants and test class to be able to use it outside this app.\n\n0.10.0 - 2025-10-28\n*******************\n\nAdded\n=====\n\n* New ``get_object()`` method in ScopeData to retrieve underlying domain objects\n* Implementation of ``get_object()`` for ContentLibraryData with canonical key validation\n\nChanged\n=======\n\n* Refactor ``ContentLibraryData.exists()`` to use ``get_object()`` internally\n\n0.9.1 - 2025-10-28\n******************\n\nFixed\n=====\n\n* Fix role user count to accurately filter users assigned to roles within specific scopes instead of across all scopes.\n\n0.9.0 - 2025-10-27\n******************\n\nAdded\n=====\n\n* Function API to retrieve scopes for a given role and subject.\n\n0.8.0 - 2025-10-24\n******************\n\nAdded\n=====\n\n* Allow disabling auto-load and auto-save of policies by setting CASBIN_AUTO_LOAD_POLICY_INTERVAL to -1.\n\nChanged\n=======\n\n* Migrate from using pycodestyle and isort to ruff for code quality checks and formatting.\n* Enhance enforcement command with dual operational modes (database and file mode).\n\n0.7.0 - 2025-10-23\n******************\n\nAdded\n=====\n\n* Initial migration to establish dependency on casbin_adapter for automatic CasbinRule table creation.\n\n0.6.0 - 2025-10-22\n******************\n\nChanged\n=======\n\n* Use a SyncedEnforcer with default auto load policy.\n\nRemoved\n=======\n\n* Remove Casbin Redis watcher from engine configuration.\n\n0.5.0 - 2025-10-21\n******************\n\nAdded\n=====\n\n* Default policy for Content Library roles and permissions.\n\nFixed\n=====\n\n* Add plugin_settings in test settings.\n* Update permissions for RoleListView.\n\n0.4.1 - 2025-10-16\n******************\n\nFixed\n=====\n\n* Load policy before adding policies in the loading script to avoid duplicates.\n\n0.4.0 - 2025-16-10\n******************\n\nChanged\n=======\n\n* Initialize enforcer when application is ready to avoid access errors.\n\n0.3.0 - 2025-10-10\n******************\n\nAdded\n=====\n\n* Implementation of REST API for roles and permissions management.\n\n0.2.0 - 2025-10-10\n******************\n\nAdded\n=====\n\n* ADRs for key design decisions.\n* Casbin model (CONF) and engine layer for authorization.\n* Implementation of public API for roles and permissions management.\n\n0.1.0 - 2025-08-27\n******************\n\nAdded\n=====\n\n* Basic repo structure and initial setup.\n",
"bugtrack_url": null,
"license": "AGPL 3.0",
"summary": "Open edX AuthZ provides the architecture and foundations of the authorization framework.",
"version": "0.11.1",
"project_urls": {
"Homepage": "https://github.com/openedx/openedx-authz"
},
"split_keywords": [
"python",
"edx"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "6ed0ef23cce8d23b18a14d5c609a08c80f2ef4e898caa383d8d74adce3d018a5",
"md5": "5977b15ab58cff53b44603fc6b2f22db",
"sha256": "138da91eab89083e07b4894728a5daf82ccb04dbb0cb89a53805fcdc47a9e51d"
},
"downloads": -1,
"filename": "openedx_authz-0.11.1-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "5977b15ab58cff53b44603fc6b2f22db",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": ">=3.11",
"size": 81879,
"upload_time": "2025-10-29T17:45:26",
"upload_time_iso_8601": "2025-10-29T17:45:26.491428Z",
"url": "https://files.pythonhosted.org/packages/6e/d0/ef23cce8d23b18a14d5c609a08c80f2ef4e898caa383d8d74adce3d018a5/openedx_authz-0.11.1-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "1f8df0e0b8e3cecb08065ad3116e33188363e353af79eec148059e7e50cb20ea",
"md5": "4614e4dddde65ff4cb9fd9f374c19e18",
"sha256": "979f8808592be5a049c3e4fa61193cd049410115fabb2339d659aa1ca6fbeadc"
},
"downloads": -1,
"filename": "openedx_authz-0.11.1.tar.gz",
"has_sig": false,
"md5_digest": "4614e4dddde65ff4cb9fd9f374c19e18",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.11",
"size": 72921,
"upload_time": "2025-10-29T17:45:27",
"upload_time_iso_8601": "2025-10-29T17:45:27.694142Z",
"url": "https://files.pythonhosted.org/packages/1f/8d/f0e0b8e3cecb08065ad3116e33188363e353af79eec148059e7e50cb20ea/openedx_authz-0.11.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-29 17:45:27",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "openedx",
"github_project": "openedx-authz",
"travis_ci": false,
"coveralls": true,
"github_actions": true,
"tox": true,
"lcname": "openedx-authz"
}
JSON
