edx / edx-arch-experiments

A plugin to include applications under development by the architecture team at edx
GNU Affero General Public License v3.0
0 stars 3 forks source link

Refactor authorization checks #451

Open jmbowman opened 1 year ago

jmbowman commented 1 year ago

The Roles and Permissions squad has been doing some work to clean up and enhance the use of authorization in Open edX, resulting in:

We would like to start the unfinished followup from OEP-9 of starting to switch over existing authorization checks in the Open edX code to follow the recommended pattern (basically "Django authorization API using bridgekeeper as the backend)."

A/C:

iamsobanjaved commented 1 year ago

bridgekeeper had last commit 2 years ago, and last release 3 years ago

jmbowman commented 1 year ago

The topic of bridgekeeper maintenance status came up in https://twou.slack.com/archives/C04B987KHK5/p1694531725289039 . rules is more actively maintained, but isn't really getting any new features; bridgekeeper is ahead in terms of useful features, but behind on routine maintenance. I think our first preference right now is help the bridgekeeper maintainer catch up on Python & Django version testing, with forking as a fallback if that doesn't work out. Sticking with rules would leave us with less maintenance overhead but a feature gap that we'd have to figure out how to plug (and the rules maintainer has been opposed to adding those features; see https://github.com/dfunckt/django-rules/issues/40 for context).