Skip to content

Spike - RBAC AuthZ - review content tagging legacy permissions (taxonomies) #38222

Description

@rodmgwgu

Related PR and discussion: #38173

The has_view_object_tags_access method in openedx/core/djangoapps/content_tagging/auth.py is used for validating permissions on tag exporting for courses.

However, this method not only takes into account permissions for courses, but also for other kind of objects.

As part of the AuthZ for Course Authoring project, a new check for authz permissions on courses was added, however the legacy permission check was kept as a fallback for non-course objects.

We should revisit this to fully understand this method use cases and identify next steps.

Metadata

Metadata

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
Blocked

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions