sr2/cloud-api
6
0
Fork 1
Code Issues 8 Pull requests 2 Projects Releases Packages Wiki Activity Actions

feat: batch add perm to org
All checks were successful
ci / lint_and_test (push) Successful in 16s
Details

Browse source
This commit is contained in:
Chris Milne 2026-06-16 16:48:32 +01:00
parent 4b384db98a
commit d6c14655c0
2 changed files with 45 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

36
src/iam/router.py
View file

@ -23,6 +23,7 @@ from sqlalchemy.exc import IntegrityError
from psycopg.errors import UniqueViolation from psycopg.errors import UniqueViolation
from src.iam.exceptions import GroupNotFoundException from src.iam.exceptions import GroupNotFoundException
from src.organisation.dependencies import org_model_body_dependency
from src.organisation.exceptions import OrgNotFoundException from src.organisation.exceptions import OrgNotFoundException
from src.schemas import GroupSummary, OrgSummary, ResourceName from src.schemas import GroupSummary, OrgSummary, ResourceName
from src.service.dependencies import service_model_body_dependency from src.service.dependencies import service_model_body_dependency
@ -82,6 +83,8 @@ from src.iam.schemas import (
IAMCAoRResponse, IAMCAoRResponse,
IAMPutGroupInvitationAcceptResponse, IAMPutGroupInvitationAcceptResponse,
IAMPutGroupInvitationResponse, IAMPutGroupInvitationResponse,
IAMPutOrgPermissionsRequest,
IAMPutOrgPermissionsResponse,
) )
from src.utils import verify_email_token from src.utils import verify_email_token
@ -672,3 +675,36 @@ async def accept_invitation(
db.commit() db.commit()
return response return response
@router.put(
path="/org/permissions",
summary="Grants an org access to permissions",
status_code=status.HTTP_200_OK,
response_model=IAMPutOrgPermissionsResponse,
responses={
status.HTTP_401_UNAUTHORIZED: {"description": "Must be super user."},
},
)
async def add_org_permissions(
db: db_dependency,
su: super_admin_dependency,
org_model: org_model_body_dependency,
request_model: IAMPutOrgPermissionsRequest,
):
"""
Grants a permission to a group. Returns a list of the permissions in the group as well as a summary for the org and group.
"""
for permission in request_model.permissions:
perm_model = db.get(Perm, permission)
if perm_model not in org_model.permission_rel:
org_model.permission_rel.append(perm_model)
db.flush()
response = IAMPutOrgPermissionsResponse(
organisation=OrgSummary(**org_model.__dict__),
permissions=org_model.permission_rel,
)
db.commit()
return response

9
src/iam/schemas.py
View file

@ -150,3 +150,12 @@ class IAMPutGroupInvitationAcceptResponse(CustomBaseModel):
organisation: OrgSummary organisation: OrgSummary
user: UserSummary user: UserSummary
group: GroupDetails group: GroupDetails
class IAMPutOrgPermissionsRequest(OrgIDMixin):
permissions: list[int]
class IAMPutOrgPermissionsResponse(CustomBaseModel):
organisation: OrgSummary
permissions: list[PermissionSchema]