draft: add endpoints to create and modify users#38894
Conversation
|
Thanks for the pull request, @viadanna! This repository is currently maintained by Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review. 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. DetailsWhere can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources: When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
There was a problem hiding this comment.
Pull request overview
This PR introduces a new admin-only “modify user” API endpoint in user_api to support creating users (POST) and updating user attributes (PATCH) via /api/user/v1/modify.
Changes:
- Added
UserModifyViewwith JWT/Bearer/Session authentication andIsAdminUserpermission, implementing POST (create) and PATCH (update). - Wired the new endpoint into
user_apiURL routing. - Added initial HTTP-level tests covering user creation success and common validation failures.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
| openedx/core/djangoapps/user_api/views.py | Adds UserModifyView implementing POST/PATCH behavior for user creation and updates. |
| openedx/core/djangoapps/user_api/urls.py | Registers the new v1/modify route. |
| openedx/core/djangoapps/user_api/tests/test_views.py | Adds tests for the new create-user endpoint behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@viadanna could you rebase this on latest master please, and resolve the conflicts? :) |
2b862ab to
6d230bd
Compare
Done @samuelallan72 |
| BearerAuthenticationAllowInactiveUser, | ||
| SessionAuthenticationAllowInactiveUser, | ||
| ) | ||
| permission_classes = (IsAdminUser,) |
There was a problem hiding this comment.
I'm not sure what permissions we want here, but just flagging to double check since this api is pretty powerful - it can modify arbitrary users.
Also not sure how this fits with the new RBAC system?
There was a problem hiding this comment.
This was developed before the new RBCA system and will need further changes to adapt to it. But as you can see, it isn't being used by any of the user_api django app views, so it all needs updating, which falls outside the scope of the work.
samuelallan72
left a comment
There was a problem hiding this comment.
@viadanna I tested this out locally; please see comments inline 🙂
Description
This PR adds endpoints to create and modify users.
Supporting information
Private Refs:
Testing instructions
Deadline
None, still a draft