300 lines
14 KiB
Python
300 lines
14 KiB
Python
"""
|
|
Router endpoints for organisation module
|
|
|
|
Endpoints:
|
|
- [GET](/org/id): [root user]: Get details about an organisation(id)
|
|
- [POST](/org/): [oidc claim]: Creates an organisation, adds the current user as a user and sets them to be the root user
|
|
- [PATCH](/org/questionnaire): [root user]: Updates the org's intake questionnaire and optionally be submitted for review
|
|
- [PATCH](/org/status): [super admin]: Allows a super admin to update an org(id) status(Status enum)
|
|
- [GET](/org/users): [root user]: Gets a list of the org(id) users(email)
|
|
- [POST](/org/users): [root user]: Adds a new user(id) to the org(id)
|
|
- [DELETE](/org/): [super admin]: Deletes an organisation(id)
|
|
- [PATCH](/org/root_user): [super admin]: Updates an org(id) root user(id)
|
|
- [GET](/org/groups): [root user]: Gets a list of the org(id) groups(name)
|
|
- [DELETE](/org/user): [root user]: Removes a user(id) from an org(id)
|
|
- [GET](/org/contact): [root user]: Gets the (contact_type) contact for an org(id)
|
|
- [PATCH](/org/contact): [root user]: Updates the (contact_type) contact for an org(id). Any number of details can be changed.
|
|
"""
|
|
from typing import Annotated, Optional
|
|
|
|
from fastapi import APIRouter, status
|
|
from fastapi.params import Query
|
|
from psycopg.errors import UniqueViolation
|
|
from sqlalchemy.exc import IntegrityError
|
|
|
|
from contact.schemas import ContactModel
|
|
from src.exceptions import UnprocessableContent, Conflict
|
|
from src.contact.models import Contact
|
|
from src.contact.schemas import ContactAddress
|
|
from src.contact.exceptions import ContactNotFoundException
|
|
from src.database import db_dependency
|
|
from src.user.models import User
|
|
from user.dependencies import user_model_body_dependency, user_model_claims_dependency
|
|
from src.auth.dependencies import super_admin_dependency, org_model_root_claim_query_dependency, org_model_root_claim_body_dependency
|
|
|
|
from src.organisation.dependencies import org_model_body_dependency
|
|
from src.organisation.constants import ContactType
|
|
from src.organisation.models import Organisation as Org
|
|
from src.organisation.schemas import OrgPostOrgRequest, OrgPatchQuestionnaireRequest, OrgPatchStatusRequest, \
|
|
OrgPatchContactRequest, \
|
|
OrgPostUserRequest, OrgGetUserResponse, OrgGetContactResponse, OrgGetOrgResponse, OrgPatchRootRequest, \
|
|
OrgGetGroupResponse, OrgDeleteUserRequest, OrgDeleteOrgRequest
|
|
|
|
|
|
router = APIRouter(
|
|
prefix="/org",
|
|
tags=["Organisation"],
|
|
)
|
|
|
|
|
|
@router.get("/id",
|
|
summary="Get org details by ID.",
|
|
response_model=OrgGetOrgResponse,
|
|
status_code=status.HTTP_200_OK,
|
|
responses={
|
|
status.HTTP_200_OK: {"description": "Successful retrieval from database"},
|
|
status.HTTP_404_NOT_FOUND: {"description": "Organisation not found"},
|
|
status.HTTP_422_UNPROCESSABLE_CONTENT: {"description": "Missing or invalid org_id query parameter"},
|
|
status.HTTP_401_UNAUTHORIZED: {"description": "Not authorised. Must be org root user."},
|
|
})
|
|
async def get_org_by_id(org_model: org_model_root_claim_query_dependency):
|
|
response = {
|
|
"name": org_model.name,
|
|
"status": org_model.status,
|
|
"owner_contact": org_model.owner_contact_rel.email,
|
|
"billing_contact": org_model.billing_contact_rel.email,
|
|
"security_contact": org_model.security_contact_rel.email,
|
|
"root_user": org_model.root_user_email
|
|
}
|
|
|
|
return response
|
|
|
|
|
|
@router.post("/",
|
|
summary="Create new organisation.",
|
|
status_code=status.HTTP_201_CREATED,
|
|
responses={
|
|
status.HTTP_201_CREATED: {"description": "Successfully created organisation."},
|
|
status.HTTP_422_UNPROCESSABLE_CONTENT: {"description": "Invalid data in request."},
|
|
status.HTTP_401_UNAUTHORIZED: {"description": "User must be logged in with OIDC to create organisation."},
|
|
status.HTTP_409_CONFLICT: {"description": "Organisation with this name already exists."},
|
|
})
|
|
async def create_org(db: db_dependency, user_model: user_model_claims_dependency, request_model: OrgPostOrgRequest):
|
|
# TODO: Response model
|
|
if request_model.intake_questionnaire:
|
|
intake_questionnaire = request_model.intake_questionnaire.model_dump()
|
|
else:
|
|
intake_questionnaire = None
|
|
org_model = Org(name=request_model.name, intake_questionnaire=intake_questionnaire)
|
|
|
|
org_model.status = "partial" # Status is always set to partial at first, see update_questionnaire() doc
|
|
|
|
db.add(org_model)
|
|
try:
|
|
db.flush()
|
|
except IntegrityError as e:
|
|
if isinstance(e.orig, UniqueViolation):
|
|
raise Conflict(message="Organisation with this name already exists")
|
|
# Adds currently logged-in user to org users list and sets them as root_user
|
|
org_model.user_rel.append(user_model)
|
|
org_model.root_user_rel = user_model
|
|
for contact_type in ["billing_contact_id", "security_contact_id", "owner_contact_id"]:
|
|
contact_model = Contact(org_id=org_model.id)
|
|
db.add(contact_model)
|
|
db.flush()
|
|
org_model.__setattr__(contact_type, contact_model.id)
|
|
db.commit()
|
|
|
|
|
|
@router.patch("/questionnaire",
|
|
summary="Update questionnaire.",
|
|
status_code=status.HTTP_200_OK,
|
|
responses={
|
|
status.HTTP_200_OK: {"description": "Successfully updated questionnaire."},
|
|
status.HTTP_422_UNPROCESSABLE_CONTENT: {"description": "Invalid data in request."},
|
|
status.HTTP_401_UNAUTHORIZED: {"description": "Not authorised. Must be org root user."},
|
|
})
|
|
async def update_questionnaire(db: db_dependency, org_model: org_model_root_claim_query_dependency, request_model: OrgPatchQuestionnaireRequest):
|
|
"""
|
|
Route for updating questionnaire.
|
|
The partial bool allows for submission of partially completed questionnaire and/or
|
|
final "are you sure" check before setting the org to be in "submitted" status, awaiting admin approval.
|
|
"""
|
|
# TODO: Response model
|
|
org_model.intake_questionnaire = request_model.intake_questionnaire.model_dump()
|
|
|
|
# Allows for partially completed questionnaires to be saved without being submitted for review
|
|
if not request_model.partial:
|
|
org_model.status = "submitted"
|
|
|
|
db.commit()
|
|
|
|
|
|
@router.patch("/status",
|
|
summary="Update status of organisation.",
|
|
status_code=status.HTTP_200_OK,
|
|
responses={
|
|
status.HTTP_200_OK: {"description": "Successfully updated organisation status."},
|
|
status.HTTP_422_UNPROCESSABLE_CONTENT: {"description": "Invalid data in request."},
|
|
status.HTTP_401_UNAUTHORIZED: {"description": "Not authorised. Must be super admin."},
|
|
})
|
|
async def update_status(db: db_dependency, org_model: org_model_body_dependency, su: super_admin_dependency, request_model: OrgPatchStatusRequest):
|
|
# TODO: Response model
|
|
org_model.status = request_model.status
|
|
|
|
db.commit()
|
|
|
|
|
|
@router.get("/users",
|
|
summary="Get email addresses of users of the organisation.",
|
|
status_code=status.HTTP_200_OK,
|
|
response_model=OrgGetUserResponse,
|
|
responses={
|
|
status.HTTP_200_OK: {"description": "Successful retrieval of users."},
|
|
status.HTTP_422_UNPROCESSABLE_CONTENT: {"description": "Org ID missing or invalid."},
|
|
status.HTTP_401_UNAUTHORIZED: {"description": "Not authorised. Must be org root user."},
|
|
})
|
|
async def get_users(org_model: org_model_root_claim_query_dependency):
|
|
return {"users": [user.email for user in org_model.user_rel]}
|
|
|
|
|
|
@router.post("/users",
|
|
summary="All user to the organisation.",
|
|
status_code=status.HTTP_200_OK,
|
|
responses={
|
|
status.HTTP_200_OK: {"description": "Successfully added user to the organisation."},
|
|
status.HTTP_401_UNAUTHORIZED: {"description": "Not authorised. Must be org root user."},
|
|
status.HTTP_422_UNPROCESSABLE_CONTENT: {"description": "Invalid data in request."},
|
|
status.HTTP_409_CONFLICT: {"description": "User is already a member of the organisation."},
|
|
})
|
|
async def add_user_to_org(db: db_dependency, org_model: org_model_root_claim_body_dependency, user_model: user_model_body_dependency, request_model: OrgPostUserRequest):
|
|
# TODO: response model
|
|
if user_model in org_model.user_rel:
|
|
raise Conflict(message="User already a part of this organisation")
|
|
org_model.user_rel.append(user_model)
|
|
db.commit()
|
|
|
|
|
|
@router.delete("/",
|
|
summary="Delete organisation from the hub.",
|
|
status_code=status.HTTP_204_NO_CONTENT,
|
|
responses={
|
|
status.HTTP_204_NO_CONTENT: {"description": "Successfully deleted organisation."},
|
|
status.HTTP_401_UNAUTHORIZED: {"description": "Not authorised. Must be super admin."},
|
|
status.HTTP_422_UNPROCESSABLE_CONTENT: {"description": "Org ID missing or invalid."},
|
|
})
|
|
async def delete_organisation_by_id(db: db_dependency, org_model: org_model_body_dependency, su: super_admin_dependency, request_model: OrgDeleteOrgRequest):
|
|
db.delete(org_model)
|
|
db.commit()
|
|
|
|
|
|
@router.patch("/root_user",
|
|
summary="Update the root user of the organisation.",
|
|
status_code=status.HTTP_200_OK,
|
|
responses={
|
|
status.HTTP_200_OK: {"description": "Successfully updated root user."},
|
|
status.HTTP_422_UNPROCESSABLE_CONTENT: {"description": "Invalid data in request."},
|
|
status.HTTP_401_UNAUTHORIZED: {"description": "Not authorised. Must be super admin."},
|
|
})
|
|
async def update_root_user(db: db_dependency, org_model: org_model_body_dependency, user_model: user_model_body_dependency, su: super_admin_dependency, request_model: OrgPatchRootRequest):
|
|
# TODO: response model
|
|
org_model.root_user_rel = user_model
|
|
db.commit()
|
|
|
|
|
|
@router.get("/groups",
|
|
summary="Get all organisation IAM groups.",
|
|
status_code=status.HTTP_200_OK,
|
|
response_model=OrgGetGroupResponse,
|
|
responses={
|
|
status.HTTP_200_OK: {"description": "Successful retrieval of IAM groups."},
|
|
status.HTTP_422_UNPROCESSABLE_CONTENT: {"description": "Org ID missing or invalid."},
|
|
status.HTTP_401_UNAUTHORIZED: {"description": "Not authorised. Must be org root user."},
|
|
})
|
|
async def get_org_groups(org_model: org_model_root_claim_query_dependency):
|
|
return {"groups": [group.name for group in org_model.group_rel]}
|
|
|
|
|
|
@router.delete("/user",
|
|
summary="Remove user from organisation.",
|
|
status_code=status.HTTP_204_NO_CONTENT,
|
|
responses={
|
|
status.HTTP_204_NO_CONTENT: {"description": "Successfully removed user."},
|
|
status.HTTP_401_UNAUTHORIZED: {"description": "Not authorised. Must be org root user."},
|
|
status.HTTP_422_UNPROCESSABLE_CONTENT: {"description": "Invalid data in request."},
|
|
})
|
|
async def remove_user_from_org(db: db_dependency, org_model: org_model_root_claim_body_dependency, user_model: user_model_body_dependency, request_model: OrgDeleteUserRequest):
|
|
# TODO: response model
|
|
if user_model not in org_model.user_rel:
|
|
return
|
|
|
|
org_model.user_rel.remove(user_model)
|
|
db.commit()
|
|
|
|
|
|
@router.get("/contact",
|
|
summary="Get contact for organisation.",
|
|
status_code=status.HTTP_200_OK,
|
|
response_model=OrgGetContactResponse,
|
|
responses={
|
|
status.HTTP_200_OK: {"description": "Successful retrieval of contact."},
|
|
status.HTTP_422_UNPROCESSABLE_CONTENT: {"description": "Invalid data in request."},
|
|
status.HTTP_401_UNAUTHORIZED: {"description": "Not authorised. Must be org root user."},
|
|
})
|
|
async def get_contact(org_model: org_model_root_claim_query_dependency, contact_type: Annotated[ContactType, Query()]):
|
|
match contact_type:
|
|
case "billing":
|
|
contact_model = org_model.billing_contact_rel
|
|
case "security":
|
|
contact_model = org_model.security_contact_rel
|
|
case "owner":
|
|
contact_model = org_model.owner_contact_rel
|
|
case _:
|
|
raise UnprocessableContent("Invalid contact type")
|
|
|
|
if contact_model is None:
|
|
raise ContactNotFoundException()
|
|
|
|
address = ContactAddress.model_validate(contact_model)
|
|
contact_response = ContactModel.model_construct(**contact_model.__dict__, address=address)
|
|
|
|
return {"contact": contact_response}
|
|
|
|
|
|
@router.patch("/contact",
|
|
summary="Update contact for organisation.",
|
|
status_code=status.HTTP_200_OK,
|
|
response_model=OrgGetContactResponse,
|
|
responses={
|
|
status.HTTP_200_OK: {"description": "Successfully updated contact."},
|
|
status.HTTP_422_UNPROCESSABLE_CONTENT: {"description": "Invalid data in request."},
|
|
status.HTTP_401_UNAUTHORIZED: {"description": "Not authorised. Must be org root user."},
|
|
})
|
|
async def update_contact(db: db_dependency, org_model: org_model_root_claim_body_dependency, request_model: OrgPatchContactRequest):
|
|
match request_model.contact_type:
|
|
case "billing":
|
|
contact_model = org_model.billing_contact_rel
|
|
case "security":
|
|
contact_model = org_model.security_contact_rel
|
|
case "owner":
|
|
contact_model = org_model.owner_contact_rel
|
|
case _:
|
|
raise UnprocessableContent("Invalid contact type")
|
|
|
|
if contact_model is None:
|
|
raise ContactNotFoundException()
|
|
|
|
update_data = request_model.model_dump(exclude_none=True)
|
|
for key, value in update_data.items():
|
|
if hasattr(contact_model, key):
|
|
setattr(contact_model, key, value)
|
|
else:
|
|
raise UnprocessableContent("Invalid keys in update request")
|
|
db.flush()
|
|
|
|
address = ContactAddress.model_validate(contact_model)
|
|
contact_response = ContactModel.model_construct(**contact_model.__dict__, address=address)
|
|
|
|
db.commit()
|
|
|
|
return {"contact": contact_response}
|