Root and User defaults made more generic and merged. Root user group assignment merged with org default perm assignment. Root user granted all default org permissions at org creation.
This commit is contained in:
parent
2c5edd1b0f
commit
d5854cc2c4
4 changed files with 104 additions and 57 deletions
|
|
@ -8,11 +8,15 @@ Exports:
|
|||
from typing import Annotated
|
||||
from datetime import datetime, timedelta, timezone
|
||||
from fastapi import Request, Depends
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from src.database import db_dependency
|
||||
from src.exceptions import UnauthorizedException
|
||||
from src.utils import send_email, generate_jwt
|
||||
from src.iam.models import Group
|
||||
from src.organisation.models import Organisation as Org
|
||||
from src.user.models import User
|
||||
from src.iam.models import Permission as Perm
|
||||
|
||||
from src.service.models import Service
|
||||
from src.service.schemas import HasServiceName
|
||||
|
|
@ -66,47 +70,43 @@ async def send_user_group_invitation(
|
|||
)
|
||||
|
||||
|
||||
async def create_default_user_group(db: db_dependency, org_model):
|
||||
new_group = Group(name="Default Users", org_id=org_model.id)
|
||||
async def create_group_and_assign_perms(
|
||||
db: Session, org_model: Org, group_name: str, perm_list: list[int]
|
||||
):
|
||||
new_group = Group(name=group_name, org_id=org_model.id)
|
||||
db.add(new_group)
|
||||
db.flush()
|
||||
# Grant default permissions here
|
||||
db.flush()
|
||||
|
||||
for permission in perm_list:
|
||||
perm_model = db.get(Perm, permission)
|
||||
|
||||
if perm_model is None:
|
||||
continue
|
||||
|
||||
new_group.permission_rel.append(perm_model)
|
||||
db.flush()
|
||||
|
||||
return new_group
|
||||
|
||||
|
||||
async def assign_default_user_group(db: db_dependency, org_model, user_model):
|
||||
group_model = None
|
||||
for group in org_model.group_rel:
|
||||
if group.name == "Default Users":
|
||||
group_model = group
|
||||
break
|
||||
async def assign_default_group(
|
||||
db: db_dependency,
|
||||
org_model: Org,
|
||||
user_model: User,
|
||||
group_name: str,
|
||||
perm_list: list[int],
|
||||
):
|
||||
group_model = (
|
||||
db.query(Group)
|
||||
.filter(Group.org_id == org_model.id)
|
||||
.filter(Group.name == group_name)
|
||||
.first()
|
||||
)
|
||||
|
||||
if group_model is None:
|
||||
group_model = await create_default_user_group(db=db, org_model=org_model)
|
||||
|
||||
user_model.group_rel.append(group_model)
|
||||
db.flush()
|
||||
|
||||
|
||||
async def create_default_root_group(db: db_dependency, org_model):
|
||||
new_group = Group(name="Root User", org_id=org_model.id)
|
||||
db.add(new_group)
|
||||
db.flush()
|
||||
# Grant default permissions here
|
||||
db.flush()
|
||||
return new_group
|
||||
|
||||
|
||||
async def assign_default_root_group(db: db_dependency, org_model, user_model):
|
||||
group_model = None
|
||||
for group in org_model.group_rel:
|
||||
if group.name == "Root User":
|
||||
group_model = group
|
||||
break
|
||||
|
||||
if group_model is None:
|
||||
group_model = await create_default_root_group(db=db, org_model=org_model)
|
||||
group_model = await create_group_and_assign_perms(
|
||||
db=db, group_name=group_name, org_model=org_model, perm_list=perm_list
|
||||
)
|
||||
|
||||
user_model.group_rel.append(group_model)
|
||||
db.flush()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue