docs: iam router (incomplete)
All checks were successful
ci / lint_and_test (push) Successful in 13s
All checks were successful
ci / lint_and_test (push) Successful in 13s
Issue: #13
This commit is contained in:
parent
ec41d1ed05
commit
61e186a727
2 changed files with 63 additions and 8 deletions
|
|
@ -102,9 +102,9 @@ async def can_act_on_resource(
|
|||
request_model: IAMCAoRRequest,
|
||||
):
|
||||
"""
|
||||
This endpoint is not meant for the Hub frontend to interact with.
|
||||
Services accessing this endpoint must be already registered within the Hub and been issued an API key.
|
||||
Resource Names have an instance property but permissions do not presently have that level of granularity.
|
||||
This endpoint is not meant for the Hub frontend to interact with.\n
|
||||
Services accessing this endpoint must be already registered within the Hub and been issued an API key.\n
|
||||
Resource Names have an instance property but permissions do not presently have that level of granularity.\n
|
||||
"""
|
||||
response = {
|
||||
"allowed": False,
|
||||
|
|
@ -150,11 +150,24 @@ async def can_act_on_resource(
|
|||
return response
|
||||
|
||||
|
||||
@router.get("/group/permissions", response_model=IAMGetGroupPermissionsResponse)
|
||||
@router.get(
|
||||
path="/group/permissions",
|
||||
summary="Gets a list of permissions granted to a group",
|
||||
status_code=status.HTTP_200_OK,
|
||||
response_model=IAMGetGroupPermissionsResponse,
|
||||
responses={
|
||||
status.HTTP_401_UNAUTHORIZED: {
|
||||
"description": "Group does not belong to this organisation"
|
||||
}
|
||||
},
|
||||
)
|
||||
async def get_group_permissions(
|
||||
group_model: group_model_query_dependency,
|
||||
org_model: org_model_root_claim_query_dependency,
|
||||
):
|
||||
"""
|
||||
Gets a list of permissions granted to the group. Also returns a summary for the org and group.
|
||||
"""
|
||||
if group_model.org_id != org_model.id:
|
||||
raise UnauthorizedException("Group does not belong to this organization")
|
||||
return {
|
||||
|
|
@ -164,11 +177,24 @@ async def get_group_permissions(
|
|||
}
|
||||
|
||||
|
||||
@router.get("/group/users", response_model=IAMGetGroupUsersResponse)
|
||||
@router.get(
|
||||
path="/group/users",
|
||||
summary="Gets a list of users assigned to a group",
|
||||
status_code=status.HTTP_200_OK,
|
||||
response_model=IAMGetGroupUsersResponse,
|
||||
responses={
|
||||
status.HTTP_401_UNAUTHORIZED: {
|
||||
"description": "Group does not belong to this organization"
|
||||
},
|
||||
},
|
||||
)
|
||||
async def get_group_users(
|
||||
group_model: group_model_query_dependency,
|
||||
org_model: org_model_root_claim_query_dependency,
|
||||
):
|
||||
"""
|
||||
Gets a list of users assigned to the group. Also returns a summary for the org and group.
|
||||
"""
|
||||
if group_model.org_id != org_model.id:
|
||||
raise UnauthorizedException("Group does not belong to this organization")
|
||||
return {
|
||||
|
|
@ -178,12 +204,25 @@ async def get_group_users(
|
|||
}
|
||||
|
||||
|
||||
@router.post("/group", response_model=IAMPostGroupResponse)
|
||||
@router.post(
|
||||
path="/group",
|
||||
summary="Creates a new group",
|
||||
status_code=status.HTTP_201_CREATED,
|
||||
response_model=IAMPostGroupResponse,
|
||||
responses={
|
||||
status.HTTP_409_CONFLICT: {
|
||||
"description": "Group with this name already exists"
|
||||
},
|
||||
},
|
||||
)
|
||||
async def create_group(
|
||||
db: db_dependency,
|
||||
org_model: org_model_root_claim_body_dependency,
|
||||
request_model: IAMPostGroupRequest,
|
||||
):
|
||||
"""
|
||||
Creates a new IAM group.
|
||||
"""
|
||||
group_model = Group(name=request_model.name, org_id=org_model.id)
|
||||
|
||||
db.add(group_model)
|
||||
|
|
@ -200,7 +239,20 @@ async def create_group(
|
|||
return {"group": response}
|
||||
|
||||
|
||||
@router.put("/group/permission", response_model=IAMPutGroupPermissionResponse)
|
||||
@router.put(
|
||||
path="/group/permission",
|
||||
summary="Grants a permission to a group",
|
||||
status_code=status.HTTP_200_OK,
|
||||
response_model=IAMPutGroupPermissionResponse,
|
||||
responses={
|
||||
status.HTTP_401_UNAUTHORIZED: {
|
||||
"description": "Group does not belong to this organization"
|
||||
},
|
||||
status.HTTP_409_CONFLICT: {
|
||||
"description": "This permission is already granted to this group"
|
||||
},
|
||||
},
|
||||
)
|
||||
async def add_group_permission(
|
||||
db: db_dependency,
|
||||
group_model: group_model_body_dependency,
|
||||
|
|
@ -208,6 +260,9 @@ async def add_group_permission(
|
|||
org_model: org_model_root_claim_body_dependency,
|
||||
request_model: IAMPutGroupPermissionRequest,
|
||||
):
|
||||
"""
|
||||
Grants a permission to a group. Returns a list of the permissions in the group as well as a summary for the org and group.
|
||||
"""
|
||||
if group_model.org_id != org_model.id:
|
||||
raise UnauthorizedException("Group does not belong to this organization")
|
||||
|
||||
|
|
|
|||
|
|
@ -280,7 +280,7 @@ async def test_post_group_success(default_client: AsyncClient):
|
|||
resp = await default_client.post(
|
||||
"/iam/group", json={"name": "New Group", "organisation_id": 1}
|
||||
)
|
||||
assert resp.status_code == 200
|
||||
assert resp.status_code == 201
|
||||
|
||||
data = resp.json()
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue