Moving openedx.core.lib.api to edx-drf-extensions

Rationale:

Currently edx-platform contains openedx.core.lib.api which are building blocks for creating APIs through DRF such as serializers, permission decorators and error handlers. These building blocks could be used across multiple projects at edX, ensuring that we are consistent across our APIs, but because they are in the edx-platform it makes their reuse difficult. I'm proposing we move all classes to the edx-drf-extensions repo, which already gets built as a package and installed into edx-platform.



FileClass / MethodDescriptionStatusStatus Explanation
authentication.py
SessionAuthenticationAllowInactiveUser
Ensure that the user is logged in, but do not require the account to be active



OAuth2AuthenticationAllowInactiveUser
This is a temporary workaround while the is_active field on the user is coupled
with whether or not the user has verified ownership of their claimed email address


fields.py
ExpandableField
Field that can dynamically use a more detailed serializer based on a user-provided "expand" parameter


mixins.py
AbsoluteURLField
Field that serializes values to absolute URLs based on the current request



PutAsCreateMixin
Backwards compatibility with Django Rest Framework v2, which allowed
creation of a new resource using PUT


parsers.py
TypedFileUploadParser
Handles upload of files, ensuring that the media type is supported, and
that the uploaded filename matches the Content-type



MergePatchParser
Custom parser to be used with the "merge patch" implementation (https://tools.ietf.org/html/rfc7396).


permissions.py
ApiKeyHeaderPermission
Django REST Framework permissions class used to manage API Key integrations
NOT DOINGApiKey is deprecated.

ApiKeyHeaderPermissionIsAuthenticated
Allow someone to access the view if they have the API key OR they are authenticated
NOT DOINGApiKey is deprecated.

IsUserInUrl
Permission that checks to see if the request user matches the user in the URL

DONE

Moved to edx-drf-extensions

IsCourseStaffInstructor
Permission to check that user is a course instructor or staff of
a master course given a course object or the user is a coach of
the course itself



IsMasterCourseStaffInstructor
Permission to check that user is instructor or staff of the master course



IsStaff
Permission that checks to see if the request user has is_staff access

DONE

Moved to edx-drf-extensions

IsUserInUrlOrStaff
Permission that checks to see if the request user matches the user in the URL or has is_staff access

NOT DOING


Use rest_condition instead.

IsStaffOrReadOnly
Permission that checks to see if the user is global or course
staff, permitting only read-only access if they are not



IsStaffOrOwner
Permission that allows access to admin users or the owner of an object.
The owner is considered the User object represented by obj.user


serializers.py
CollapsedReferenceSerializer
Serializes arbitrary models in a collapsed format, with just an id and url



CourseKeyField
Serializer field for a model CourseKey field
DONEMoved to opaque-keys
test_utils.py
ApiTestCase
Parent test case for API workflow coverage


view_utils.py
DeveloperErrorViewMixin
A view mixin to handle common error cases other than validation failure
(auth failure, method not allowed, etc.) by generating an error response
conforming to our API conventions with a developer message



ExpandableFieldViewMixin
A view mixin to add expansion information to the serializer context for later use by an ExpandableField



view_auth_classes
Function and class decorator that abstracts the authentication and permission checks for api views.



add_serializer_errors
Adds errors from serializer validation to field_errors. data is the original data to deserialize



build_api_error
Build an error dict corresponding to edX API conventions



RetrievePatchAPIView
Concrete view for retrieving and updating a model instance