feat: auth requirements to iam endpoints
This commit is contained in:
parent
51bb48372c
commit
7e8ec08283
1 changed files with 41 additions and 35 deletions
|
|
@ -7,24 +7,26 @@ Endpoints:
|
||||||
"""
|
"""
|
||||||
from fastapi import APIRouter, status
|
from fastapi import APIRouter, status
|
||||||
|
|
||||||
from auth.exceptions import UnauthorizedException
|
|
||||||
from src.database import db_dependency
|
from src.database import db_dependency
|
||||||
|
from src.schemas import ResourceName
|
||||||
|
from src.auth.exceptions import UnauthorizedException
|
||||||
|
from src.auth.service import claims_dependency
|
||||||
|
from src.auth.dependencies import org_model_root_claim_query_dependency, org_model_root_claim_body_dependency, \
|
||||||
|
super_admin_dependency
|
||||||
|
from src.user.models import User
|
||||||
|
from src.user.dependencies import user_model_body_dependency
|
||||||
|
from src.organisation.models import Organisation as Org
|
||||||
|
from src.service.models import Service
|
||||||
|
|
||||||
|
from src.iam.service import service_key_dependency
|
||||||
|
from src.iam.models import Permission as Perm, GroupPermissions as GPerms, Group, UserGroups
|
||||||
|
from src.iam.dependencies import group_model_query_dependency, group_model_body_dependency, perm_model_body_dependency
|
||||||
from src.iam.schemas import IAMGetGroupPermissionsResponse, IAMGetGroupUsersResponse, IAMPostGroupRequest, \
|
from src.iam.schemas import IAMGetGroupPermissionsResponse, IAMGetGroupUsersResponse, IAMPostGroupRequest, \
|
||||||
GroupResponse, IAMPostGroupResponse, IAMPutGroupPermissionRequest, IAMPutGroupPermissionResponse, \
|
GroupResponse, IAMPostGroupResponse, IAMPutGroupPermissionRequest, IAMPutGroupPermissionResponse, \
|
||||||
IAMPutGroupUserRequest, IAMPutGroupUserResponse, IAMDeleteGroupPermissionRequest, IAMDeleteGroupPermissionResponse, \
|
IAMPutGroupUserRequest, IAMPutGroupUserResponse, IAMDeleteGroupPermissionRequest, IAMDeleteGroupPermissionResponse, \
|
||||||
IAMDeleteGroupUserRequest, IAMDeleteGroupUserResponse, IAMGetPermissionsResponse, IAMPostPermissionRequest, \
|
IAMDeleteGroupUserRequest, IAMDeleteGroupUserResponse, IAMGetPermissionsResponse, IAMPostPermissionRequest, \
|
||||||
IAMPostPermissionResponse, PermissionResponse, IAMDeletePermissionRequest, IAMGetPermissionsSearchRequest, IAMGetPermissionsSearchResponse
|
IAMPostPermissionResponse, PermissionResponse, IAMDeletePermissionRequest, IAMGetPermissionsSearchRequest, IAMGetPermissionsSearchResponse
|
||||||
from src.schemas import ResourceName
|
|
||||||
from src.auth.service import claims_dependency
|
|
||||||
from src.user.models import User
|
|
||||||
from src.user.dependencies import user_model_body_dependency
|
|
||||||
from src.organisation.models import Organisation as Org
|
|
||||||
from src.service.models import Service
|
|
||||||
from src.organisation.dependencies import org_model_body_dependency
|
|
||||||
|
|
||||||
from src.iam.service import service_key_dependency
|
|
||||||
from src.iam.models import Permission as Perm, GroupPermissions as GPerms, Group, UserGroups
|
|
||||||
from src.iam.dependencies import group_model_query_dependency, group_model_body_dependency, perm_model_body_dependency
|
|
||||||
|
|
||||||
router = APIRouter(
|
router = APIRouter(
|
||||||
tags=["IAM"],
|
tags=["IAM"],
|
||||||
|
|
@ -64,21 +66,21 @@ async def can_act_on_resource(valid_key: service_key_dependency, db: db_dependen
|
||||||
|
|
||||||
|
|
||||||
@router.get("/group/permissions", response_model=IAMGetGroupPermissionsResponse)
|
@router.get("/group/permissions", response_model=IAMGetGroupPermissionsResponse)
|
||||||
async def get_group_permissions(group_model: group_model_query_dependency):
|
async def get_group_permissions(group_model: group_model_query_dependency, org_model: org_model_root_claim_query_dependency):
|
||||||
# TODO: root_user_dependency
|
if group_model.org_id != org_model.id:
|
||||||
|
raise UnauthorizedException()
|
||||||
return {"permissions": group_model.permission_rel}
|
return {"permissions": group_model.permission_rel}
|
||||||
|
|
||||||
|
|
||||||
@router.get("/group/users", response_model=IAMGetGroupUsersResponse)
|
@router.get("/group/users", response_model=IAMGetGroupUsersResponse)
|
||||||
async def get_group_users(group_model: group_model_query_dependency):
|
async def get_group_users(group_model: group_model_query_dependency, org_model: org_model_root_claim_query_dependency):
|
||||||
# TODO: root_user_dependency
|
if group_model.org_id == org_model.id:
|
||||||
|
raise UnauthorizedException()
|
||||||
return {"users": group_model.user_rel}
|
return {"users": group_model.user_rel}
|
||||||
|
|
||||||
|
|
||||||
@router.post("/group", response_model=IAMPostGroupResponse)
|
@router.post("/group", response_model=IAMPostGroupResponse)
|
||||||
async def create_group(db: db_dependency, request_model: IAMPostGroupRequest, org_model: org_model_body_dependency):
|
async def create_group(db: db_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPostGroupRequest):
|
||||||
# TODO: root_user_dependency
|
|
||||||
# TODO: get org ID from dependency instead of query (needs updated dep first)
|
|
||||||
group_model = Group(name=request_model.name, org_id=org_model.id)
|
group_model = Group(name=request_model.name, org_id=org_model.id)
|
||||||
|
|
||||||
db.add(group_model)
|
db.add(group_model)
|
||||||
|
|
@ -89,8 +91,10 @@ async def create_group(db: db_dependency, request_model: IAMPostGroupRequest, or
|
||||||
|
|
||||||
|
|
||||||
@router.put("/group/permission", response_model=IAMPutGroupPermissionResponse)
|
@router.put("/group/permission", response_model=IAMPutGroupPermissionResponse)
|
||||||
async def add_group_permission(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, request_model: IAMPutGroupPermissionRequest):
|
async def add_group_permission(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPutGroupPermissionRequest):
|
||||||
# TODO: root_user_dependency
|
if group_model.org_id == org_model.id:
|
||||||
|
raise UnauthorizedException()
|
||||||
|
|
||||||
group_model.permission_rel.append(perm_model)
|
group_model.permission_rel.append(perm_model)
|
||||||
|
|
||||||
db.flush()
|
db.flush()
|
||||||
|
|
@ -100,8 +104,10 @@ async def add_group_permission(db: db_dependency, group_model: group_model_body_
|
||||||
|
|
||||||
|
|
||||||
@router.put("/group/user")
|
@router.put("/group/user")
|
||||||
async def add_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, request_model: IAMPutGroupUserRequest):
|
async def add_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPutGroupUserRequest):
|
||||||
# TODO: root_user_dependency
|
if group_model.org_id == org_model.id:
|
||||||
|
raise UnauthorizedException()
|
||||||
|
|
||||||
group_model.user_rel.append(user_model)
|
group_model.user_rel.append(user_model)
|
||||||
db.flush()
|
db.flush()
|
||||||
response = IAMPutGroupUserResponse(group=GroupResponse(**group_model.__dict__), users=group_model.user_rel)
|
response = IAMPutGroupUserResponse(group=GroupResponse(**group_model.__dict__), users=group_model.user_rel)
|
||||||
|
|
@ -110,8 +116,10 @@ async def add_group_user(db: db_dependency, group_model: group_model_body_depend
|
||||||
|
|
||||||
|
|
||||||
@router.delete("/group/permissions")
|
@router.delete("/group/permissions")
|
||||||
async def remove_group_permissions(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, request_model: IAMDeleteGroupPermissionRequest):
|
async def remove_group_permissions(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMDeleteGroupPermissionRequest):
|
||||||
# TODO: root_user_dependency
|
if group_model.org_id == org_model.id:
|
||||||
|
raise UnauthorizedException()
|
||||||
|
|
||||||
group_model.permission_rel.remove(perm_model)
|
group_model.permission_rel.remove(perm_model)
|
||||||
db.flush()
|
db.flush()
|
||||||
response = IAMDeleteGroupPermissionResponse(group=GroupResponse(**group_model.__dict__),
|
response = IAMDeleteGroupPermissionResponse(group=GroupResponse(**group_model.__dict__),
|
||||||
|
|
@ -121,8 +129,10 @@ async def remove_group_permissions(db: db_dependency, group_model: group_model_b
|
||||||
|
|
||||||
|
|
||||||
@router.delete("/group/user")
|
@router.delete("/group/user")
|
||||||
async def remove_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, request_model: IAMDeleteGroupUserRequest):
|
async def remove_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMDeleteGroupUserRequest):
|
||||||
# TODO: root_user_dependency
|
if group_model.org_id == org_model.id:
|
||||||
|
raise UnauthorizedException()
|
||||||
|
|
||||||
user_model.group_rel.remove(group_model)
|
user_model.group_rel.remove(group_model)
|
||||||
db.flush()
|
db.flush()
|
||||||
response = IAMDeleteGroupUserResponse(group=GroupResponse(**group_model.__dict__), users=group_model.user_rel)
|
response = IAMDeleteGroupUserResponse(group=GroupResponse(**group_model.__dict__), users=group_model.user_rel)
|
||||||
|
|
@ -132,16 +142,14 @@ async def remove_group_user(db: db_dependency, group_model: group_model_body_dep
|
||||||
|
|
||||||
|
|
||||||
@router.get("/permissions", response_model=IAMGetPermissionsResponse)
|
@router.get("/permissions", response_model=IAMGetPermissionsResponse)
|
||||||
async def get_permissions(db: db_dependency):
|
async def get_permissions(db: db_dependency, org_model: org_model_root_claim_body_dependency):
|
||||||
# TODO: root_user_dependency
|
|
||||||
permission_models = db.query(Perm).all()
|
permission_models = db.query(Perm).all()
|
||||||
|
|
||||||
return {"permissions": permission_models}
|
return {"permissions": permission_models}
|
||||||
|
|
||||||
|
|
||||||
@router.post("/permission")
|
@router.post("/permission")
|
||||||
async def create_new_permission(db: db_dependency, request_mode: IAMPostPermissionRequest):
|
async def create_new_permission(db: db_dependency, su: super_admin_dependency, request_mode: IAMPostPermissionRequest):
|
||||||
# TODO: super_admin_dependency
|
|
||||||
perm_model = Perm(**request_mode.__dict__)
|
perm_model = Perm(**request_mode.__dict__)
|
||||||
|
|
||||||
db.add(perm_model)
|
db.add(perm_model)
|
||||||
|
|
@ -152,15 +160,13 @@ async def create_new_permission(db: db_dependency, request_mode: IAMPostPermissi
|
||||||
|
|
||||||
|
|
||||||
@router.delete("/permission", status_code=status.HTTP_204_NO_CONTENT)
|
@router.delete("/permission", status_code=status.HTTP_204_NO_CONTENT)
|
||||||
async def delete_permission(db: db_dependency, perm_model: perm_model_body_dependency, request_model: IAMDeletePermissionRequest):
|
async def delete_permission(db: db_dependency, su: super_admin_dependency, perm_model: perm_model_body_dependency, request_model: IAMDeletePermissionRequest):
|
||||||
# TODO: super_admin_dependency
|
|
||||||
db.delete(perm_model)
|
db.delete(perm_model)
|
||||||
db.commit()
|
db.commit()
|
||||||
|
|
||||||
|
|
||||||
@router.get("/permissions/search", response_model=IAMGetPermissionsSearchResponse)
|
@router.get("/permissions/search", response_model=IAMGetPermissionsSearchResponse)
|
||||||
async def get_permissions(db: db_dependency, search: IAMGetPermissionsSearchRequest):
|
async def get_permissions(db: db_dependency, org_model: org_model_root_claim_body_dependency, search: IAMGetPermissionsSearchRequest):
|
||||||
# TODO: root_user_dependency
|
|
||||||
permission_query = db.query(Perm)
|
permission_query = db.query(Perm)
|
||||||
|
|
||||||
if search.service_id is not None:
|
if search.service_id is not None:
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue