❌ This issue is not open for contribution. Visit Contributing guidelines to learn about the contributing process and how to find suitable issues.
Overview
The introduction of the ability to add community channels to our community library requires us to be careful with some resources where users don't have sharing permissions. To prevent this, a license audit will be performed before users can create a submission. This license audit will collect all licenses for the current channel version and set an array of invalid licenses (which, for now, will only be "All rights reserved").
Additionally, there is a special case with resources whose license is "special permissions." These licenses have a license description that explains why the license is marked as "special permissions" (e.g., "this is all rights reserved, but can be distributed for Kolibri"). For this type of license, administrators will have to explicitly review the license descriptions of all resources with this type of license. Therefore, as part of our license audit, we will also set an array of license descriptions for a given channel version.
Technical details
License audit task
Since performing the above will require downloading the channel's stored database to review the licenses in that snapshot, this process will be carried out as an asynchronous task in the tasks module.
This task should:
- Download the channel's most recent database snapshot (which is the channel's unversioned database).
- Check the field
included_licenses in the latest version field of the channel's "published_data" object (more details below), if it is not set yet, query its main_tree and retrieve all the different license types, and set it in the published_data object.
- Using this array of licenses, check if any of them are "All rights reserved." If so, then set an array of "community_library_invalid_licenses" in the latest version field of the channel's "published_data" object (more details below). This field will be saved as an array for flexibility in case another license type is added as invalid in the future.
- If the license array also contains "special permissions" licenses, then:
4.1. Query the channel main_tree and retrieve all unique license descriptions.
4.2. Each license description will be saved in the AuditedSpecialPermissionsLicense model if it doesn't already exist (more information below). If the license description already exists, retrieve its ID.
4.3. Save the IDs of all license descriptions in the community_library_special_permissions array in the latest version field of the channel's published_data object (more details below).
- Create and queue a new channel change to save the update to the
published_data field. If no invalid licenses or special permissions licenses are found, then set these fields to null and create the change anyway. This will allow the frontend to know that the task has finished.
5.1. For doing this, we will need to add the published_data field to the exposed values of the ChannelViewset for now.
The published_data object
Contentcuration channels have a published_data field that stores an object containing information about each version of the channel that has been published.
e.g.
{
"1": { // Version 1
...
},
"2": { // Version 2
"community_library_invalid_licenses": ["7"],
"community_library_special_permissions": ["12131241a1234123", ...]
}
}The objective of this task is to ensure that the JSON object of the latest version has the fields community_library_invalid_licenses and community_library_special_permissions set.
AuditedSpecialPermissionsLicense model
In the scope of this issue a new AuditedSpecialPermissionsLicense model should be created. Este modelo solo tendrá 3 campos:
- id. A UUID ID.
- description. The special permission license description. This field will be unique and should have an index.
- distributable. Whether or not the special permission license description has been approved for distribution. Default set to
false (until an admin approves a CL, then all their special licenses will be marked as distributable, but we will handle that in a follow-up issue)
Viewset
- A new detail=True, POST, action should be created in the
ChannelViewset so that channel editors can invoke the license audit task from the frontend. This action should validate that the user creating the task is an editor and that the channel has already been published.
Acceptance criteria
❌ This issue is not open for contribution. Visit Contributing guidelines to learn about the contributing process and how to find suitable issues.
Overview
The introduction of the ability to add community channels to our community library requires us to be careful with some resources where users don't have sharing permissions. To prevent this, a license audit will be performed before users can create a submission. This license audit will collect all licenses for the current channel version and set an array of invalid licenses (which, for now, will only be "All rights reserved").
Additionally, there is a special case with resources whose license is "special permissions." These licenses have a license description that explains why the license is marked as "special permissions" (e.g., "this is all rights reserved, but can be distributed for Kolibri"). For this type of license, administrators will have to explicitly review the license descriptions of all resources with this type of license. Therefore, as part of our license audit, we will also set an array of license descriptions for a given channel version.
Technical details
License audit task
Since performing the above will require downloading the channel's stored database to review the licenses in that snapshot, this process will be carried out as an asynchronous task in the tasks module.
This task should:
included_licensesin the latest version field of the channel's "published_data" object (more details below), if it is not set yet, query its main_tree and retrieve all the different license types, and set it in thepublished_dataobject.4.1. Query the channel
main_treeand retrieve all unique license descriptions.4.2. Each license description will be saved in the
AuditedSpecialPermissionsLicensemodel if it doesn't already exist (more information below). If the license description already exists, retrieve its ID.4.3. Save the IDs of all license descriptions in the
community_library_special_permissionsarray in the latest version field of the channel'spublished_dataobject (more details below).published_datafield. If no invalid licenses or special permissions licenses are found, then set these fields tonulland create the change anyway. This will allow the frontend to know that the task has finished.5.1. For doing this, we will need to add the
published_datafield to the exposed values of the ChannelViewset for now.The
published_dataobjectContentcuration channels have a
published_datafield that stores an object containing information about each version of the channel that has been published.e.g.
The objective of this task is to ensure that the JSON object of the latest version has the fields
community_library_invalid_licensesandcommunity_library_special_permissionsset.AuditedSpecialPermissionsLicense model
In the scope of this issue a new
AuditedSpecialPermissionsLicensemodel should be created. Este modelo solo tendrá 3 campos:false(until an admin approves a CL, then all their special licenses will be marked as distributable, but we will handle that in a follow-up issue)Viewset
ChannelViewsetso that channel editors can invoke the license audit task from the frontend. This action should validate that the user creating the task is an editor and that the channel has already been published.Acceptance criteria
AuditedSpecialPermissionsLicensehas been created.included_licenses,community_library_invalid_licenses, andcommunity_library_special_permissionsare set after the taudit license task has finished.ChannelViewsetviewset to enqueue the job.