Spike - RBAC AuthZ - xblock endpoint: identify use cases and match with permissions

[rodmgwgu]

Identify use cases that are covered by the xblock endpoint in edx-platorm and figure out what permissions should apply for the different use cases for the AuthZ for Course authoring project.

References:

Discovery findings on endpoints used for the different use cases on Course Authoring: https://openedx.atlassian.net/wiki/spaces/OEPM/pages/5404590081/Technical+Discovery+Notes+-+AuthZ+for+Course+Authoring#On-adding-permissions-to-existing-course-features-on-top-of-existing-API-endpoints

Proposed permissions list: https://openedx.atlassian.net/wiki/spaces/OEPM/pages/5528715266/openedx-authz+permission+list

Expected outcome:

• Document explaining which use cases are handled by the xblock endpoint, and which permission apply for each use case.
• An estimation of the work required to implement the new permissions over this endpoint (don't forget to still support old authz flow if the flag is disabled).

[wgu-taylor-payne]

I've created a document here giving an overview of which actions use the xblock endpoint and what permissions would apply. It also gives some details on how to determine which permission would apply given the request data.