remove Group endpoints as they don't seem required

2025-04-18 10:19:05 +02:00 · 2025-04-18 10:19:05 +02:00 · a8d36d40b5
commit a8d36d40b5
parent 6bee490312
2 changed files with 0 additions and 376 deletions
--- a/ee/api/chalicelib/core/roles.py
+++ b/ee/api/chalicelib/core/roles.py
@ -1,4 +1,3 @@
 import json
 from typing import Optional
 from fastapi import HTTPException, status
@ -79,21 +78,6 @@ def update(tenant_id, user_id, role_id, data: schemas.RolePayloadSchema):
    return helper.dict_to_camel_case(row)
 def update_group_name(tenant_id, group_id, name):
    with pg_client.PostgresClient() as cur:
        query = cur.mogrify("""UPDATE public.roles 
                                SET name= %(name)s
                                WHERE roles.data->>'group_id' = %(group_id)s
                                    AND tenant_id = %(tenant_id)s
                                    AND deleted_at ISNULL
                                    AND protected = FALSE
                                RETURNING *;""",
                            {"tenant_id": tenant_id, "group_id": group_id, "name": name })
        cur.execute(query=query)
        row = cur.fetchone()
    return helper.dict_to_camel_case(row)
 def create(tenant_id, user_id, data: schemas.RolePayloadSchema):
    admin = users.get(user_id=user_id, tenant_id=tenant_id)
@ -128,35 +112,6 @@ def create(tenant_id, user_id, data: schemas.RolePayloadSchema):
            row["projects"] = [r["project_id"] for r in cur.fetchall()]
    return helper.dict_to_camel_case(row)
 def create_as_admin(tenant_id, group_id, data: schemas.RolePayloadSchema):
    if __exists_by_name(tenant_id=tenant_id, name=data.name, exclude_id=None):
        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=f"name already exists.")
    if not data.all_projects and (data.projects is None or len(data.projects) == 0):
        return {"errors": ["must specify a project or all projects"]}
    if data.projects is not None and len(data.projects) > 0 and not data.all_projects:
        data.projects = projects.is_authorized_batch(project_ids=data.projects, tenant_id=tenant_id)
    with pg_client.PostgresClient() as cur:
        query = cur.mogrify("""INSERT INTO roles(tenant_id, name, description, permissions, all_projects, data)
                               VALUES (%(tenant_id)s, %(name)s, %(description)s, %(permissions)s::text[], %(all_projects)s, %(data)s)
                               RETURNING *;""",
                            {"tenant_id": tenant_id, "name": data.name, "description": data.description,
                             "permissions": data.permissions, "all_projects": data.all_projects, "data": json.dumps({ "group_id": group_id })})
        cur.execute(query=query)
        row = cur.fetchone()
        row["created_at"] = TimeUTC.datetime_to_timestamp(row["created_at"])
        row["projects"] = []
        if not data.all_projects:
            role_id = row["role_id"]
            query = cur.mogrify(f"""INSERT INTO roles_projects(role_id, project_id)
                                    VALUES {",".join(f"(%(role_id)s,%(project_id_{i})s)" for i in range(len(data.projects)))}
                                    RETURNING project_id;""",
                                {"role_id": role_id, **{f"project_id_{i}": p for i, p in enumerate(data.projects)}})
            cur.execute(query=query)
            row["projects"] = [r["project_id"] for r in cur.fetchall()]
    return helper.dict_to_camel_case(row)
 def get_roles(tenant_id):
    with pg_client.PostgresClient() as cur:
@ -178,52 +133,8 @@ def get_roles(tenant_id):
            r["created_at"] = TimeUTC.datetime_to_timestamp(r["created_at"])
    return helper.list_to_camel_case(rows)
 def get_roles_with_uuid(tenant_id):
    with pg_client.PostgresClient() as cur:
        query = cur.mogrify("""SELECT roles.*, COALESCE(projects, '{}') AS projects
                               FROM public.roles
                                    LEFT JOIN LATERAL (SELECT array_agg(project_id) AS projects
                                                       FROM roles_projects
                                                         INNER JOIN projects USING (project_id)
                                                       WHERE roles_projects.role_id = roles.role_id
                                                          AND projects.deleted_at ISNULL ) AS role_projects ON (TRUE)
                               WHERE tenant_id =%(tenant_id)s
                                    AND data ? 'group_id'
                                    AND deleted_at IS NULL
                                    AND not service_role
                               ORDER BY role_id;""",
                            {"tenant_id": tenant_id})
        cur.execute(query=query)
        rows = cur.fetchall()
        for r in rows:
            r["created_at"] = TimeUTC.datetime_to_timestamp(r["created_at"])
    return helper.list_to_camel_case(rows)
 def get_roles_with_uuid_paginated(tenant_id, start_index, count=None, name=None):
    with pg_client.PostgresClient() as cur:
        query = cur.mogrify("""SELECT roles.*, COALESCE(projects, '{}') AS projects
                               FROM public.roles
                                    LEFT JOIN LATERAL (SELECT array_agg(project_id) AS projects
                                                       FROM roles_projects
                                                         INNER JOIN projects USING (project_id)
                                                       WHERE roles_projects.role_id = roles.role_id
                                                          AND projects.deleted_at ISNULL ) AS role_projects ON (TRUE)
                               WHERE tenant_id =%(tenant_id)s
                                    AND data ? 'group_id'
                                    AND deleted_at IS NULL
                                    AND not service_role
                                    AND name = COALESCE(%(name)s, name)
                               ORDER BY role_id
                               LIMIT %(count)s
                               OFFSET %(startIndex)s;""",
                            {"tenant_id": tenant_id, "name": name, "startIndex": start_index - 1, "count": count})
        cur.execute(query=query)
        rows = cur.fetchall()
    return helper.list_to_camel_case(rows)
 def get_role_by_name(tenant_id, name):
    ### "name" isn't unique in database
    with pg_client.PostgresClient() as cur:
        query = cur.mogrify("""SELECT *
                               FROM public.roles
@ -272,29 +183,6 @@ def delete(tenant_id, user_id, role_id):
        cur.execute(query=query)
    return get_roles(tenant_id=tenant_id)
 def delete_scim_group(tenant_id, group_uuid):
    with pg_client.PostgresClient() as cur:
        query = cur.mogrify("""SELECT 1
                               FROM public.roles 
                               WHERE data->>'group_id' = %(group_uuid)s
                                    AND tenant_id = %(tenant_id)s
                                    AND protected = TRUE
                               LIMIT 1;""",
                            {"tenant_id": tenant_id, "group_uuid": group_uuid})
        cur.execute(query)
        if cur.fetchone() is not None:
            return {"errors": ["this role is protected"]}
        query = cur.mogrify(
            f"""DELETE FROM public.roles
                WHERE roles.data->>'group_id' = %(group_uuid)s;""",  # removed this: AND users.deleted_at IS NOT NULL 
            {"group_uuid": group_uuid})
        cur.execute(query)
    return get_roles(tenant_id=tenant_id)
 def get_role(tenant_id, role_id):
    with pg_client.PostgresClient() as cur:
@ -311,72 +199,3 @@ def get_role(tenant_id, role_id):
        if row is not None:
            row["created_at"] = TimeUTC.datetime_to_timestamp(row["created_at"])
    return helper.dict_to_camel_case(row)
 def get_role_by_group_id(tenant_id, group_id):
    with pg_client.PostgresClient() as cur:
        query = cur.mogrify("""SELECT roles.*
                               FROM public.roles
                               WHERE tenant_id =%(tenant_id)s
                                    AND deleted_at IS NULL
                                    AND not service_role
                                    AND data->>'group_id' = %(group_id)s
                               LIMIT 1;""",
                            {"tenant_id": tenant_id, "group_id": group_id})
        cur.execute(query=query)
        row = cur.fetchone()
        if row is not None:
            row["created_at"] = TimeUTC.datetime_to_timestamp(row["created_at"])
    return helper.dict_to_camel_case(row)
 def get_users_by_group_uuid(tenant_id, group_id):
    with pg_client.PostgresClient() as cur:
        query = cur.mogrify("""SELECT 
                                    u.user_id,
                                    u.name,
                                    u.data
                               FROM public.roles r
                               LEFT JOIN public.users u USING (role_id, tenant_id)
                               WHERE u.tenant_id = %(tenant_id)s
                                    AND u.deleted_at IS NULL
                                    AND r.data->>'group_id' = %(group_id)s
                            """,
                            {"tenant_id": tenant_id, "group_id": group_id})
        cur.execute(query=query)
        rows = cur.fetchall()
    return helper.list_to_camel_case(rows)
 def get_member_permissions(tenant_id):
    with pg_client.PostgresClient() as cur:
        query = cur.mogrify("""SELECT 
                                    r.permissions
                                FROM public.roles r
                                WHERE r.tenant_id = %(tenant_id)s
                                    AND r.name = 'Member'
                                    AND r.deleted_at IS NULL
                            """,
                            {"tenant_id": tenant_id})
        cur.execute(query=query)
        row = cur.fetchone()
    return helper.dict_to_camel_case(row)
 def remove_group_membership(tenant_id, group_id, user_id):
    with pg_client.PostgresClient() as cur:
        query = cur.mogrify("""WITH r AS (
                                SELECT role_id 
                                FROM public.roles
                                WHERE data->>'group_id' = %(group_id)s
                                LIMIT 1
                            )
                            UPDATE public.users u
                                SET role_id= NULL
                                FROM r
                                WHERE u.data->>'user_id' = %(user_id)s
                                    AND u.role_id = r.role_id
                                    AND u.tenant_id = %(tenant_id)s
                                    AND u.deleted_at IS NULL
                                RETURNING *;""",
                            {"tenant_id": tenant_id, "group_id": group_id, "user_id": user_id})
        cur.execute(query=query)
        row = cur.fetchone()
    return helper.dict_to_camel_case(row)
--- a/ee/api/routers/scim.py
+++ b/ee/api/routers/scim.py
@ -377,198 +377,3 @@ def delete_user(user_id: str, tenant_id = Depends(auth_required)):
        return _not_found_error_response(user_id)
    users.soft_delete_scim_user_by_id(user_id, tenant_id)
    return Response(status_code=204, content="")
 """
 Group endpoints
 """
 class Operation(BaseModel):
    op: str
    path: str = Field(default=None)
    value: list[dict] | dict = Field(default=None)
 class GroupGetResponse(BaseModel):
    schemas: list[str] = Field(default=["urn:ietf:params:scim:api:messages:2.0:ListResponse"])
    totalResults: int
    startIndex: int
    itemsPerPage: int
    resources: list = Field(alias="Resources")
 class GroupRequest(BaseModel):
    schemas: list[str] = Field(default=["urn:ietf:params:scim:schemas:core:2.0:Group"])
    displayName: str = Field(default=None)
    members: list = Field(default=None)
    operations: list[Operation] = Field(default=None, alias="Operations")
 class GroupPatchRequest(BaseModel):
    schemas: list[str] = Field(default=["urn:ietf:params:scim:api:messages:2.0:PatchOp"])
    operations: list[Operation] = Field(alias="Operations")
 class GroupResponse(BaseModel):
    schemas: list[str] = Field(default=["urn:ietf:params:scim:schemas:core:2.0:Group"])
    id: str
    displayName: str
    members: list
    meta: dict = Field(default={"resourceType": "Group"})
@public_app.get("/Groups", dependencies=[Depends(auth_required)])
 def get_groups(
    start_index: int = Query(1, alias="startIndex"),
    count: Optional[int] = Query(None, alias="count"),
    group_name: Optional[str] = Query(None, alias="filter"),
    ):
    """Get groups"""
    tenant_id = 1
    res = []
    if group_name:
        group_name = group_name.split(" ")[2].strip('"')
    groups = roles.get_roles_with_uuid_paginated(tenant_id, start_index, count, group_name)
    res = [{
            "id": group["data"]["groupId"],
            "meta": {
                "created": group["createdAt"],
                "lastModified": "", # not currently a field
                "version": "v1.0"
            },
            "displayName": group["name"]
        } for group in groups
    ]
    return JSONResponse(
        status_code=200,
        content=GroupGetResponse(
            totalResults=len(groups),
            startIndex=start_index,
            itemsPerPage=len(groups),
            Resources=res
        ).model_dump(mode='json'))
@public_app.get("/Groups/{group_id}", dependencies=[Depends(auth_required)])
 def get_group(group_id: str):
    """Get a group by id"""
    tenant_id = 1
    group = roles.get_role_by_group_id(tenant_id, group_id)
    if not group:
        raise HTTPException(status_code=404, detail="Group not found")
    members = roles.get_users_by_group_uuid(tenant_id, group["data"]["groupId"])
    members = [{"value": member["data"]["userId"], "display": member["name"]} for member in members]
    return JSONResponse(
        status_code=200,
        content=GroupResponse(
            id=group["data"]["groupId"],
            displayName=group["name"],
            members=members,
    ).model_dump(mode='json'))
@public_app.post("/Groups", dependencies=[Depends(auth_required)])
 def create_group(r: GroupRequest):
    """Create a group"""
    tenant_id = 1
    member_role = roles.get_member_permissions(tenant_id)
    try:
        data = schemas.RolePayloadSchema(name=r.displayName, permissions=member_role["permissions"]) # permissions by default are same as for member role
        group = roles.create_as_admin(tenant_id, uuid.uuid4().hex, data)
    except Exception as e:
        raise HTTPException(status_code=500, detail=str(e))
    added_members = []
    for member in r.members:
        user = users.get_by_uuid(member["value"], tenant_id)
        if user:
            users.update(tenant_id, user["userId"], {"role_id": group["roleId"]})
            added_members.append({
                "value": user["data"]["userId"],
                "display": user["name"]
            })
    return JSONResponse(
        status_code=200,
        content=GroupResponse(
            id=group["data"]["groupId"],
            displayName=group["name"],
            members=added_members,
    ).model_dump(mode='json'))
@public_app.put("/Groups/{group_id}", dependencies=[Depends(auth_required)])
 def update_put_group(group_id: str, r: GroupRequest):
    """Update a group or members of the group (not used by anything yet)"""
    tenant_id = 1
    group = roles.get_role_by_group_id(tenant_id, group_id)
    if not group:
        raise HTTPException(status_code=404, detail="Group not found")
    if r.operations and r.operations[0].op == "replace" and r.operations[0].path is None:
        roles.update_group_name(tenant_id, group["data"]["groupId"], r.operations[0].value["displayName"])
        return Response(status_code=200, content="")
    members = r.members
    modified_members = []
    for member in members:
        user = users.get_by_uuid(member["value"], tenant_id)
        if user:
            users.update(tenant_id, user["userId"], {"role_id": group["roleId"]})
            modified_members.append({
                "value": user["data"]["userId"],
                "display": user["name"]
            })
    return JSONResponse(
        status_code=200,
        content=GroupResponse(
            id=group_id,
            displayName=group["name"],
            members=modified_members,
    ).model_dump(mode='json'))
@public_app.patch("/Groups/{group_id}", dependencies=[Depends(auth_required)])
 def update_patch_group(group_id: str, r: GroupPatchRequest):
    """Update a group or members of the group, used by AIW"""
    tenant_id = 1
    group = roles.get_role_by_group_id(tenant_id, group_id)
    if not group:
        raise HTTPException(status_code=404, detail="Group not found")
    if r.operations[0].op == "replace" and r.operations[0].path is None:
        roles.update_group_name(tenant_id, group["data"]["groupId"], r.operations[0].value["displayName"])
        return Response(status_code=200, content="")
    modified_members = []
    for op in r.operations:
        if op.op == "add" or op.op == "replace":
            # Both methods work as "replace"
            for u in op.value:
                user = users.get_by_uuid(u["value"], tenant_id)
                if user:
                    users.update(tenant_id, user["userId"], {"role_id": group["roleId"]})
                    modified_members.append({
                        "value": user["data"]["userId"],
                        "display": user["name"]
                    })
        elif op.op == "remove":
            user_id = re.search(r'\[value eq \"([a-f0-9]+)\"\]', op.path).group(1)
            roles.remove_group_membership(tenant_id, group_id, user_id)
    return JSONResponse(
        status_code=200,
        content=GroupResponse(
            id=group_id,
            displayName=group["name"],
            members=modified_members,
    ).model_dump(mode='json'))
@public_app.delete("/Groups/{group_id}", dependencies=[Depends(auth_required)])
 def delete_group(group_id: str):
    """Delete a group, hard-delete"""
    # possibly need to set the user's roles to default member role, instead of null
    tenant_id = 1
    group = roles.get_role_by_group_id(tenant_id, group_id)
    if not group:
        raise HTTPException(status_code=404, detail="Group not found")
    roles.delete_scim_group(tenant_id, group["data"]["groupId"])
    return Response(status_code=200, content="")