Review comments

Author: tyraziel

ansible_base/rbac/api/views.py

@@ -237,17 +237,34 @@ class RoleTeamAssignmentViewSet(BaseAssignmentViewSet):
     ]
 
 
-class RoleUserAssignmentViewSet(BaseAssignmentViewSet):
-    """
-    Use this endpoint to give a user permission to a resource or an organization.
-    The needed data is the user, the role definition, and the object id.
-    The object must be of the type specified in the role definition.
-    The type given in the role definition and the provided object_id are used
-    to look up the resource.
+# Schema fragments for RoleUserAssignmentViewSet OpenAPI spec
+_USER_ACTOR_ONEOF = {
+    'oneOf': [
+        {'required': ['user'], 'not': {'required': ['user_ansible_id']}},
+        {'required': ['user_ansible_id'], 'not': {'required': ['user']}},
+    ]
+}
 
-    After creation, the assignment cannot be edited, but can be deleted to
-    remove those permissions.
-    """
+_OBJECT_ID_ONEOF = {
+    'oneOf': [
+        {'properties': {'object_id': {'oneOf': [{'type': 'integer'}, {'type': 'string', 'format': 'uuid'}]}, 'object_ansible_id': False}},
+        {'properties': {'object_ansible_id': {'type': 'string', 'format': 'uuid'}, 'object_id': False}},
+        {'not': {'anyOf': [{'required': ['object_id']}, {'required': ['object_ansible_id']}]}},
+    ]
+}
+
+_ROLE_USER_ASSIGNMENT_REQUEST_SCHEMA = {
+    'schema': {
+        'allOf': [
+            {'$ref': '#/components/schemas/RoleUserAssignment'},
+            _USER_ACTOR_ONEOF,
+            _OBJECT_ID_ONEOF,
+        ]
+    }
+}
+
+
+class RoleUserAssignmentViewSet(BaseAssignmentViewSet):
 
     resource_purpose = "RBAC role grants assigning permissions to users for specific resources"
 
@@ -260,55 +277,14 @@ class RoleUserAssignmentViewSet(BaseAssignmentViewSet):
 
     @extend_schema_if_available(
         request={
-            'application/json': {
-                'schema': {
-                    'allOf': [
-                        {'$ref': '#/components/schemas/RoleUserAssignment'},  # Keep auto-generated schema
-                        {
-                            'oneOf': [
-                                {'required': ['user'], 'not': {'required': ['user_ansible_id']}},
-                                {'required': ['user_ansible_id'], 'not': {'required': ['user']}},
-                            ]
-                        },
-                        {
-                            'oneOf': [
-                                {'properties': {'object_id': {'type': 'integer'}, 'object_ansible_id': False}},
-                                {'properties': {'object_ansible_id': {'type': 'string', 'format': 'uuid'}, 'object_id': False}},
-                                {'not': {'anyOf': [{'required': ['object_id']}, {'required': ['object_ansible_id']}]}},
-                            ]
-                        },
-                    ]
-                }
-            },
-            'application/x-www-form-urlencoded': {
-                'schema': {
-                    'allOf': [
-                        {'$ref': '#/components/schemas/RoleUserAssignment'},
-                        {
-                            'oneOf': [
-                                {'required': ['user'], 'not': {'required': ['user_ansible_id']}},
-                                {'required': ['user_ansible_id'], 'not': {'required': ['user']}},
-                            ]
-                        },
-                    ]
-                }
-            },
-            'multipart/form-data': {
-                'schema': {
-                    'allOf': [
-                        {'$ref': '#/components/schemas/RoleUserAssignment'},
-                        {
-                            'oneOf': [
-                                {'required': ['user'], 'not': {'required': ['user_ansible_id']}},
-                                {'required': ['user_ansible_id'], 'not': {'required': ['user']}},
-                            ]
-                        },
-                    ]
-                }
-            },
+            'application/json': _ROLE_USER_ASSIGNMENT_REQUEST_SCHEMA,
+            'application/x-www-form-urlencoded': _ROLE_USER_ASSIGNMENT_REQUEST_SCHEMA,
+            'multipart/form-data': _ROLE_USER_ASSIGNMENT_REQUEST_SCHEMA,
         },
-        description="Create role assignment. Must specify 'role_definition' and exactly one of 'user' or 'user_ansible_id'. "
-        "Can specify at most one of 'object_id' or 'object_ansible_id' (omit both for global roles).",
+        description="Give a user permission to a resource, an organization, or globally (when allowed). Must specify 'role_definition' and exactly one of 'user' or 'user_ansible_id'. "
+        "Can specify at most one of 'object_id' or 'object_ansible_id' (omit both for global roles)."
+        "The content_type of the role definition and the provided object_id are used to look up the resource."
+        "After creation, the assignment cannot be edited, but can be deleted to remove those permissions.",
     )
     def create(self, request, *args, **kwargs):
         return super().create(request, *args, **kwargs)