❌ This issue is not open for contribution. Visit Contributing guidelines to learn about the contributing process and how to find suitable issues.

Overview

The introduction of the ability to add community channels to our community library requires us to be careful with some resources where users don't have sharing permissions. To prevent this, a license audit will be performed before users can create a submission. This license audit will collect all licenses for the current channel version and set an array of invalid licenses (which, for now, will only be "All rights reserved").

Additionally, there is a special case with resources whose license is "special permissions." These licenses have a license description that explains why the license is marked as "special permissions" (e.g., "this is all rights reserved, but can be distributed for Kolibri"). For this type of license, administrators will have to explicitly review the license descriptions of all resources with this type of license. Therefore, as part of our license audit, we will also set an array of license descriptions for a given channel version.

Technical details

License audit task

Since performing the above will require downloading the channel's stored database to review the licenses in that snapshot, this process will be carried out as an asynchronous task in the tasks module.

This task should:

1. Download the channel's most recent database snapshot (which is the channel's unversioned database).
2. Check the field included_licenses in the latest version field of the channel's "published_data" object (more details below), if it is not set yet, query its main_tree and retrieve all the different license types, and set it in the published_data object.
3. Using this array of licenses, check if any of them are "All rights reserved." If so, then set an array of "community_library_invalid_licenses" in the latest version field of the channel's "published_data" object (more details below). This field will be saved as an array for flexibility in case another license type is added as invalid in the future.
4. If the license array also contains "special permissions" licenses, then:
   4.1. Query the channel main_tree and retrieve all unique license descriptions.
   4.2. Each license description will be saved in the AuditedSpecialPermissionsLicense model if it doesn't already exist (more information below). If the license description already exists, retrieve its ID.
   4.3. Save the IDs of all license descriptions in the community_library_special_permissions array in the latest version field of the channel's published_data object (more details below).
5. Create and queue a new channel change to save the update to the published_data field. If no invalid licenses or special permissions licenses are found, then set these fields to null and create the change anyway. This will allow the frontend to know that the task has finished.
   5.1. For doing this, we will need to add the published_data field to the exposed values of the ChannelViewset for now.

The published_data object

Contentcuration channels have a published_data field that stores an object containing information about each version of the channel that has been published.
e.g.

{
  "1": { // Version 1
      ...
  },
  "2": { // Version 2
    "community_library_invalid_licenses": ["7"],
    "community_library_special_permissions": ["12131241a1234123", ...]
  }
}

The objective of this task is to ensure that the JSON object of the latest version has the fields community_library_invalid_licenses and community_library_special_permissions set.

AuditedSpecialPermissionsLicense model

In the scope of this issue a new AuditedSpecialPermissionsLicense model should be created. Este modelo solo tendrá 3 campos:

• id. A UUID ID.
• description. The special permission license description. This field will be unique and should have an index.
• distributable. Whether or not the special permission license description has been approved for distribution. Default set to false (until an admin approves a CL, then all their special licenses will be marked as distributable, but we will handle that in a follow-up issue)

Viewset

• A new detail=True, POST, action should be created in the ChannelViewset so that channel editors can invoke the license audit task from the frontend. This action should validate that the user creating the task is an editor and that the channel has already been published.

Acceptance criteria

• The license audit task has been created.
• A new AuditedSpecialPermissionsLicense has been created.
• The fields included_licenses, community_library_invalid_licenses, and community_library_special_permissions are set after the taudit license task has finished.
• A new action has been added to the ChannelViewset viewset to enqueue the job.
• Unit tests have been added for the new functionality.