rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-19 04:19:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: adapt UGs to roles

Browse source
This commit is contained in:
swve 2024-03-28 11:20:42 +00:00
parent 0df250c729
commit a6152ef1f5
9 changed files with 265 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

175
apps/api/src/services/users/usergroups.py
View file

@ -1,9 +1,15 @@
from datetime import datetime
import logging
from typing import Literal
from uuid import uuid4
from fastapi import HTTPException, Request
from sqlmodel import Session, select
from src.db.usergroup_ressources import UserGroupRessource
from src.security.rbac.rbac import (
authorization_verify_based_on_roles_and_authorship_and_usergroups,
authorization_verify_if_element_is_public,
authorization_verify_if_user_is_anon,
)
from src.db.usergroup_resources import UserGroupResource
from src.db.usergroup_user import UserGroupUser
from src.db.organizations import Organization
from src.db.usergroups import UserGroup, UserGroupCreate, UserGroupRead, UserGroupUpdate
@ -19,6 +25,15 @@ async def create_usergroup(
usergroup = UserGroup.from_orm(usergroup_create)
# RBAC check
await rbac_check(
request,
usergroup_uuid="usergroup_X",
current_user=current_user,
action="create",
db_session=db_session,
)
# Check if Organization exists
statement = select(Organization).where(Organization.id == usergroup_create.org_id)
result = db_session.exec(statement)
@ -60,11 +75,50 @@ async def read_usergroup_by_id(
detail="UserGroup not found",
)
# RBAC check
await rbac_check(
request,
usergroup_uuid=usergroup.usergroup_uuid,
current_user=current_user,
action="read",
db_session=db_session,
)
usergroup = UserGroupRead.from_orm(usergroup)
return usergroup
async def read_usergroups_by_org_id(
request: Request,
db_session: Session,
current_user: PublicUser | AnonymousUser,
org_id: int,
) -> list[UserGroupRead]:
statement = select(UserGroup).where(UserGroup.org_id == org_id)
usergroups = db_session.exec(statement).all()
if not usergroups:
raise HTTPException(
status_code=404,
detail="UserGroups not found",
)
# RBAC check
await rbac_check(
request,
usergroup_uuid="usergroup_X",
current_user=current_user,
action="read",
db_session=db_session,
)
usergroups = [UserGroupRead.from_orm(usergroup) for usergroup in usergroups]
return usergroups
async def update_usergroup_by_id(
request: Request,
db_session: Session,
@ -82,6 +136,15 @@ async def update_usergroup_by_id(
detail="UserGroup not found",
)
# RBAC check
await rbac_check(
request,
usergroup_uuid=usergroup.usergroup_uuid,
current_user=current_user,
action="update",
db_session=db_session,
)
usergroup.name = usergroup_update.name
usergroup.description = usergroup_update.description
usergroup.update_date = str(datetime.now())
@ -111,6 +174,15 @@ async def delete_usergroup_by_id(
detail="UserGroup not found",
)
# RBAC check
await rbac_check(
request,
usergroup_uuid=usergroup.usergroup_uuid,
current_user=current_user,
action="delete",
db_session=db_session,
)
db_session.delete(usergroup)
db_session.commit()
@ -134,6 +206,15 @@ async def add_users_to_usergroup(
detail="UserGroup not found",
)
# RBAC check
await rbac_check(
request,
usergroup_uuid=usergroup.usergroup_uuid,
current_user=current_user,
action="create",
db_session=db_session,
)
user_ids_array = user_ids.split(",")
for user_id in user_ids_array:
@ -177,6 +258,16 @@ async def remove_users_from_usergroup(
detail="UserGroup not found",
)
# RBAC check
# RBAC check
await rbac_check(
request,
usergroup_uuid=usergroup.usergroup_uuid,
current_user=current_user,
action="delete",
db_session=db_session,
)
user_ids_array = user_ids.split(",")
for user_id in user_ids_array:
@ -192,12 +283,12 @@ async def remove_users_from_usergroup(
return "Users removed from UserGroup successfully"
async def add_ressources_to_usergroup(
async def add_resources_to_usergroup(
request: Request,
db_session: Session,
current_user: PublicUser | AnonymousUser,
usergroup_id: int,
ressources_uuids: str,
resources_uuids: str,
) -> str:
statement = select(UserGroup).where(UserGroup.id == usergroup_id)
@ -209,14 +300,23 @@ async def add_ressources_to_usergroup(
detail="UserGroup not found",
)
ressources_uuids_array = ressources_uuids.split(",")
# RBAC check
await rbac_check(
request,
usergroup_uuid=usergroup.usergroup_uuid,
current_user=current_user,
action="create",
db_session=db_session,
)
for ressource_uuid in ressources_uuids_array:
# TODO : Find a way to check if ressource exists
resources_uuids_array = resources_uuids.split(",")
usergroup_obj = UserGroupRessource(
for resource_uuid in resources_uuids_array:
# TODO : Find a way to check if resource exists
usergroup_obj = UserGroupResource(
usergroup_id=usergroup_id,
ressource_uuid=ressource_uuid,
resource_uuid=resource_uuid,
org_id=usergroup.org_id,
creation_date=str(datetime.now()),
update_date=str(datetime.now()),
@ -226,15 +326,15 @@ async def add_ressources_to_usergroup(
db_session.commit()
db_session.refresh(usergroup_obj)
return "Ressources added to UserGroup successfully"
return "Resources added to UserGroup successfully"
async def remove_ressources_from_usergroup(
async def remove_resources_from_usergroup(
request: Request,
db_session: Session,
current_user: PublicUser | AnonymousUser,
usergroup_id: int,
ressources_uuids: str,
resources_uuids: str,
) -> str:
statement = select(UserGroup).where(UserGroup.id == usergroup_id)
@ -246,20 +346,51 @@ async def remove_ressources_from_usergroup(
detail="UserGroup not found",
)
ressources_uuids_array = ressources_uuids.split(",")
# RBAC check
await rbac_check(
request,
usergroup_uuid=usergroup.usergroup_uuid,
current_user=current_user,
action="delete",
db_session=db_session,
)
for ressource_uuid in ressources_uuids_array:
statement = select(UserGroupRessource).where(
UserGroupRessource.ressource_uuid == ressource_uuid
resources_uuids_array = resources_uuids.split(",")
for resource_uuid in resources_uuids_array:
statement = select(UserGroupResource).where(
UserGroupResource.resource_uuid == resource_uuid
)
usergroup_ressource = db_session.exec(statement).first()
usergroup_resource = db_session.exec(statement).first()
if usergroup_ressource:
db_session.delete(usergroup_ressource)
if usergroup_resource:
db_session.delete(usergroup_resource)
db_session.commit()
else:
logging.error(
f"Ressource with uuid {ressource_uuid} not found in UserGroup"
)
logging.error(f"resource with uuid {resource_uuid} not found in UserGroup")
return "Ressources removed from UserGroup successfully"
return "Resources removed from UserGroup successfully"
## 🔒 RBAC Utils ##
async def rbac_check(
request: Request,
usergroup_uuid: str,
current_user: PublicUser | AnonymousUser,
action: Literal["create", "read", "update", "delete"],
db_session: Session,
):
await authorization_verify_if_user_is_anon(current_user.id)
await authorization_verify_based_on_roles_and_authorship_and_usergroups(
request,
current_user.id,
action,
usergroup_uuid,
db_session,
)
## 🔒 RBAC Utils ##