feat: adding permission validations from authz for course updates for view and manage

Author: jacobo-dominguez-wgu

src/authz/constants.ts

@@ -17,4 +17,7 @@ export const CONTENT_LIBRARY_PERMISSIONS = {
 
 export const COURSE_PERMISSIONS = {
   MANAGE_ADVANCED_SETTINGS: 'courses.manage_advanced_settings',
+
+  VIEW_COURSE_UPDATES: 'courses.view_course_updates',
+  MANAGE_COURSE_UPDATES: 'courses.manage_course_updates',
 };

src/authz/hooks.test.tsx

@@ -0,0 +1,132 @@
+import React from 'react';
+import { renderHook, waitFor } from '@testing-library/react';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+
+import * as authzApi from '@src/authz/data/api';
+import { PermissionValidationQuery } from '@src/authz/types';
+import { mockWaffleFlags } from '@src/data/apiHooks.mock';
+import { useUserPermissionsWithAuthzCourse } from './hooks';
+
+jest.mock('@src/data/api');
+jest.mock('@src/authz/data/api');
+
+const mockedAuthzApi = jest.mocked(authzApi);
+
+describe('useUserPermissionsWithAuthzCourse', () => {
+  let queryClient: QueryClient;
+
+  const createWrapper = () => function TestWrapper({ children }: { children: React.ReactNode }) {
+    return (
+      <QueryClientProvider client={queryClient}>
+        {children}
+      </QueryClientProvider>
+    );
+  };
+
+  const mockPermissions: PermissionValidationQuery = {
+    canViewFiles: {
+      action: 'course.view_files',
+      scope: 'course-v1:Test+101+2023',
+    },
+    canManageFiles: {
+      action: 'course.manage_files',
+      scope: 'course-v1:Test+101+2023',
+    },
+  };
+
+  beforeEach(() => {
+    queryClient = new QueryClient({
+      defaultOptions: {
+        queries: { retry: false },
+      },
+    });
+    jest.clearAllMocks();
+  });
+
+  it('returns all permissions as true when authz is disabled', async () => {
+    mockWaffleFlags({
+      enableAuthzCourseAuthoring: false,
+    });
+
+    const { result } = renderHook(
+      () => useUserPermissionsWithAuthzCourse('course-v1:Test+101+2023', mockPermissions),
+      { wrapper: createWrapper() },
+    );
+
+    await waitFor(() => {
+      expect(result.current.isLoading).toBe(false);
+    });
+
+    expect(result.current.isAuthzEnabled).toBe(false);
+    expect(result.current.permissions.canViewFiles).toBe(true);
+    expect(result.current.permissions.canManageFiles).toBe(true);
+  });
+
+  it('returns loading state when authz is enabled and permissions are loading', async () => {
+    mockWaffleFlags({
+      enableAuthzCourseAuthoring: true,
+    });
+
+    mockedAuthzApi.validateUserPermissions.mockImplementation(
+      () => new Promise(() => {}),
+    );
+
+    const { result } = renderHook(
+      () => useUserPermissionsWithAuthzCourse('course-v1:Test+101+2023', mockPermissions),
+      { wrapper: createWrapper() },
+    );
+
+    await waitFor(() => {
+      expect(result.current.isAuthzEnabled).toBe(true);
+    });
+
+    expect(result.current.isLoading).toBe(true);
+  });
+
+  it('returns actual permission values when authz is enabled and permissions loaded', async () => {
+    mockWaffleFlags({
+      enableAuthzCourseAuthoring: true,
+    });
+
+    mockedAuthzApi.validateUserPermissions.mockResolvedValue({
+      canViewFiles: true,
+      canManageFiles: false,
+    });
+
+    const { result } = renderHook(
+      () => useUserPermissionsWithAuthzCourse('course-v1:Test+101+2023', mockPermissions),
+      { wrapper: createWrapper() },
+    );
+
+    await waitFor(() => {
+      expect(result.current.isLoading).toBe(false);
+    });
+
+    expect(result.current.isAuthzEnabled).toBe(true);
+    expect(result.current.permissions.canViewFiles).toBe(true);
+    expect(result.current.permissions.canManageFiles).toBe(false);
+  });
+
+  it('falls back to false for undefined permissions when authz is enabled', async () => {
+    mockWaffleFlags({
+      enableAuthzCourseAuthoring: true,
+    });
+
+    mockedAuthzApi.validateUserPermissions.mockResolvedValue({
+      canViewFiles: true,
+    });
+
+    const { result } = renderHook(
+      () => useUserPermissionsWithAuthzCourse('course-v1:Test+101+2023', mockPermissions),
+      { wrapper: createWrapper() },
+    );
+
+    await waitFor(() => {
+      expect(result.current.isLoading).toBe(false);
+    });
+
+    expect(result.current.isAuthzEnabled).toBe(true);
+    expect(result.current.permissions.canViewFiles).toBe(true);
+    expect(result.current.permissions.canManageFiles).toBe(false);
+  });
+});

src/authz/hooks.tsx

@@ -0,0 +1,82 @@
+// src/authz/hooks/useUserPermissionsWithAuthz.ts
+import { useWaffleFlags } from '@src/data/apiHooks';
+import { useUserPermissions } from '@src/authz/data/apiHooks';
+import { PermissionValidationQuery, PermissionValidationAnswer } from '@src/authz/types';
+
+/**
+ * Return type for the useUserCoursePermissionsWithAuthz hook
+ */
+interface UseUserPermissionsWithAuthzCourseReturn {
+  /** Whether permissions are currently loading */
+  isLoading: boolean;
+  /** Object containing permission results with boolean values */
+  permissions: PermissionValidationAnswer;
+  /** Whether authorization is enabled for the course */
+  isAuthzEnabled: boolean;
+}
+
+/**
+ * Custom hook to handle user permissions with course authorization waffle flag
+ *
+ * This hook abstracts the common pattern of:
+ * 1. Checking if authz is enabled via waffle flag
+ * 2. Fetching user permissions when authz is enabled
+ * 3. Defaulting all permissions to true when authz is disabled
+ * 4. Providing fallback values for undefined permissions
+ *
+ * @param courseId - The course ID to check permissions for
+ * @param permissions - Object mapping permission names to their action/scope definitions
+ * @returns Object containing loading state, permissions results, and authz status
+ *
+ * @example
+ * ```tsx
+ * const { isLoading, permissions, isAuthzEnabled } = useUserPermissionsWithAuthzCourse(
+ *   courseId,
+ *   {
+ *     canViewFiles: {
+ *       action: COURSE_PERMISSIONS.VIEW_FILES,
+ *       scope: courseId,
+ *     },
+ *     canManageFiles: {
+ *       action: COURSE_PERMISSIONS.MANAGE_FILES,
+ *       scope: courseId,
+ *     },
+ *   }
+ * );
+ *
+ * const { canViewFiles, canManageFiles } = permissions;
+ * ```
+ */
+export const useUserPermissionsWithAuthzCourse = (
+  courseId: string,
+  permissions: PermissionValidationQuery,
+): UseUserPermissionsWithAuthzCourseReturn => {
+  const waffleFlags = useWaffleFlags(courseId);
+  const isAuthzEnabled: boolean = waffleFlags?.enableAuthzCourseAuthoring ?? false;
+
+  const {
+    isLoading: isLoadingUserPermissions,
+    data: userPermissions,
+  } = useUserPermissions(permissions, isAuthzEnabled);
+
+  // Build permission results object
+  const permissionResults: PermissionValidationAnswer = {};
+
+  if (isAuthzEnabled && !isLoadingUserPermissions) {
+    // Authz is enabled and permissions loaded, use actual permission values with fallback to false
+    Object.keys(permissions).forEach((permissionKey: string) => {
+      permissionResults[permissionKey] = userPermissions?.[permissionKey] ?? false;
+    });
+  } else if (!isLoadingUserPermissions) {
+    // Authz is disabled or permissions still loading, default all to true
+    Object.keys(permissions).forEach((permissionKey: string) => {
+      permissionResults[permissionKey] = true;
+    });
+  }
+
+  return {
+    isLoading: isAuthzEnabled ? isLoadingUserPermissions : false,
+    permissions: permissionResults,
+    isAuthzEnabled,
+  };
+};

src/authz/permissionHelpers.test.ts

@@ -0,0 +1,32 @@
+import { getCourseUpdatesPermissions } from './permissionHelpers';
+import { COURSE_PERMISSIONS } from './constants';
+
+describe('permissionHelpers', () => {
+  describe('getCourseUpdatesPermissions', () => {
+    const mockCourseId = 'course-v1:edX+DemoX+Demo_Course';
+
+    it('should return correct permission structure for course updates operations', () => {
+      const result = getCourseUpdatesPermissions(mockCourseId);
+
+      expect(result).toEqual({
+        canViewCourseUpdates: {
+          action: COURSE_PERMISSIONS.VIEW_COURSE_UPDATES,
+          scope: mockCourseId,
+        },
+        canManageCourseUpdates: {
+          action: COURSE_PERMISSIONS.MANAGE_COURSE_UPDATES,
+          scope: mockCourseId,
+        },
+      });
+    });
+
+    it('should use the provided courseId as scope for all permissions', () => {
+      const customCourseId = 'course-v1:TestOrg+TestCourse+2024';
+      const result = getCourseUpdatesPermissions(customCourseId);
+
+      Object.values(result).forEach(permission => {
+        expect(permission.scope).toBe(customCourseId);
+      });
+    });
+  });
+});

src/authz/permissionHelpers.ts

@@ -0,0 +1,12 @@
+import { COURSE_PERMISSIONS } from './constants';
+
+export const getCourseUpdatesPermissions = (courseId: string) => ({
+  canViewCourseUpdates: {
+    action: COURSE_PERMISSIONS.VIEW_COURSE_UPDATES,
+    scope: courseId,
+  },
+  canManageCourseUpdates: {
+    action: COURSE_PERMISSIONS.MANAGE_COURSE_UPDATES,
+    scope: courseId,
+  },
+});