feat: init roles & user reengineering

src/services/roles/roles.py

@@ -0,0 +1,112 @@
+import json
+from typing import List, Literal
+from uuid import uuid4
+from pydantic import BaseModel
+from src.services.roles.schemas.roles import Role, RoleInDB
+from src.services.users.schemas.users import PublicUser, User
+from src.services.security import *
+from src.services.houses import House
+from fastapi import HTTPException, status, Request
+from datetime import datetime
+
+
+async def create_role(request: Request, role_object: Role, current_user: PublicUser):
+    roles = request.app.db["roles"]
+
+    await verify_user_permissions_on_roles(request, current_user, "create", None)
+
+    
+    # create the role object in the database and return the object
+    role_id = "role_" + str(uuid4())
+
+    role = RoleInDB(
+        role_id=role_id,
+        created_at=str(datetime.now()),
+        updated_at=str(datetime.now()),
+        **role_object.dict()
+    )
+
+    await roles.insert_one(role.dict())
+
+    return role
+
+async def read_role(request: Request, role_id: str, current_user: PublicUser):
+    roles = request.app.db["roles"]
+
+    await verify_user_permissions_on_roles(request, current_user, "read", role_id)
+
+    role = RoleInDB(**await roles.find_one({"role_id": role_id}))
+
+    return role
+
+async def update_role(request: Request, role_id: str, role_object: Role, current_user: PublicUser):
+    roles = request.app.db["roles"]
+
+    await verify_user_permissions_on_roles(request, current_user, "update", role_id)
+
+    role_object.updated_at = datetime.now()
+
+    # Update the role object in the database and return the object
+    updated_role = RoleInDB(**await roles.find_one_and_update({"role_id": role_id}, {"$set": role_object.dict()}, return_document=True))
+
+    return updated_role
+
+async def delete_role(request: Request, role_id: str, current_user: PublicUser):
+    roles = request.app.db["roles"]
+
+    await verify_user_permissions_on_roles(request, current_user, "delete", role_id)
+
+    # Delete the role object in the database and return the object
+    deleted_role = RoleInDB(**await roles.find_one_and_delete({"role_id": role_id}))
+
+    return deleted_role
+
+#### Security ####################################################
+
+async def verify_user_permissions_on_roles(request: Request, current_user: PublicUser, action: Literal["create", "read", "update", "delete"], role_id: str | None):
+    users = request.app.db["users"]
+    roles = request.app.db["roles"]
+
+    # If current user is not authenticated
+
+    if not current_user:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED, detail="Roles : Not authenticated")
+
+    if action == "create":
+        if "owner" in [org.org_role for org in current_user.orgs]:
+            return True
+
+    if role_id is not None:
+        role = RoleInDB(**await roles.find_one({"role_id": role_id}))
+
+        if action == "read":
+            if "owner" in [org.org_role for org in current_user.orgs]:
+                return True
+
+            for org in current_user.orgs:
+                if org.org_id == role.org_id:
+                    return True
+
+        if action == "update":
+            for org in current_user.orgs:
+                # If the user is an owner of the organization
+                if org.org_id == role.org_id:
+                    if org.org_role == "owner" or org.org_role == "editor":
+                        return True
+                # Can't update a global role
+                if role.org_id == "*":
+                    return False
+
+        if action == "delete":
+            for org in current_user.orgs:
+                # If the user is an owner of the organization
+                if org.org_id == role.org_id:
+                    if org.org_role == "owner":
+                        return True
+                # Can't delete a global role
+                if role.org_id == "*":
+                    return False
+
+
+#### Security ####################################################