From ce35eff4b2eb20ed4d58fbc8020970c900bed247 Mon Sep 17 00:00:00 2001
From: Paul Marillonnet <pmarillonnet@entrouvert.com>
Date: Thu, 4 Jan 2018 09:18:54 +0100
Subject: [PATCH] WIP add role creation api (#20706)

---
 src/authentic2/api_urls.py  |  7 +++--
 src/authentic2/api_views.py | 67 +++++++++++++++++++++++++++++++++++++++++++--
 2 files changed, 69 insertions(+), 5 deletions(-)

diff --git a/src/authentic2/api_urls.py b/src/authentic2/api_urls.py
index 7175e148..bb1abeee 100644
--- a/src/authentic2/api_urls.py
+++ b/src/authentic2/api_urls.py
@@ -9,9 +9,12 @@ urlpatterns = patterns('',
                            name='a2-api-password-change'),
                        url(r'^user/$', api_views.user,
                            name='a2-api-user'),
-                       url(r'^roles/(?P<role_uuid>[\w+]*)/members/(?P<member_uuid>[^/]+)/$', api_views.roles,
-                           name='a2-api-role-member'),
+                       url(r'^roles/(?P<role_uuid>[\w+]*)/members/(?P<member_uuid>[^/]+)/$',
+                           api_views.role_memberships, name='a2-api-role-member'),
                        url(r'^check-password/$', api_views.check_password,
                            name='a2-api-check-password'),
+                       url(r'^ous/(?P<ou_id_or_ou_slug>[\w+]*)/roles/',
+                           api_views.roles_in_ou, name='a2-api-role'),
 )
+
 urlpatterns += api_views.router.urls
diff --git a/src/authentic2/api_views.py b/src/authentic2/api_views.py
index 928cb8e4..8f50d543 100644
--- a/src/authentic2/api_views.py
+++ b/src/authentic2/api_views.py
@@ -306,6 +306,16 @@ def attributes_hash(attributes):
     return hash(tuple((at.name, at.required) for at in attributes))
 
 
+class RoleSerializer(serializers.ModelSerializer):
+    ou = serializers.SlugRelatedField(
+        queryset=get_ou_model().objects.all(),
+        slug_field='ou__slug',
+        required=True, default=get_default_ou)
+
+    class Meta:
+        model = get_role_model()
+
+
 class BaseUserSerializer(serializers.ModelSerializer):
     ou = serializers.SlugRelatedField(
         queryset=get_ou_model().objects.all(),
@@ -576,11 +586,61 @@ class UsersAPI(HookMixin, ExceptionHandlerMixin, ModelViewSet):
         return Response({'result': 1})
 
 
-class RolesAPI(ExceptionHandlerMixin, APIView):
+class RolesInOuAPI(ExceptionHandlerMixin, APIView, ModelViewSet):
+
+    def initial(self, request, *args, **kwargs):
+        super(RolesInOuAPI, self).initial(request, *args, **kwargs)
+        Role = get_role_model()
+        try:
+            self.role = get_object(Role, ou__slug=kwargs['ou_id_or_ou_slug'])
+        except MultipleObjectsReturned:
+            try:
+                self.role = get_object(Role, ou__id=kwargs['ou_id_or_ou_slug'])
+            except MultipleObjectsReturned:
+                pass
+
+    def post(self, request, *args, **kwargs):
+        logger = logging.getLogger(__name__)
+
+        Role = get_role_model()
+        try:
+            ou_id_or_ou_slug = kwargs['ou_id_or_ou_slug']
+            role_data = request.body.get('role_data')
+            slug = role_data['slug']
+            name = role_data['name']
+            # TODO create role...
+        except Exception as e:
+            logger.error('Couldn\'t create role')
+            return Response({'result': 0, 'detail': e},
+                            status=status.HTTP_400_BAD_REQUEST)
+
+        return Response({'result': 1, 'detail': _('Role created')},
+                        status=status.HTTP_201_CREATED)
+
+    def delete(self, request, *args, **kwargs):
+        logger = logging.getLogger(__name__)
+        Role = get_role_model()
+        try:
+            self.role.members.clear()
+        except:
+            logger.error('Couldn\'t unregister users in role %r',
+                    self.role)
+        try:
+            Role.objects.filter(slug=self.role.slug).delete()
+        except:
+            logger.error('Couldn\'t achieve clean deletion for role %r',
+                    self.role)
+        else:
+            logger.info('Successfully removed role %r', self.role)
+
+roles_in_ou = RolesInOuAPI.as_view()
+
+
+class RoleMembershipsAPI(ExceptionHandlerMixin, APIView):
     permission_classes = (permissions.IsAuthenticated,)
 
     def initial(self, request, *args, **kwargs):
-        super(RolesAPI, self).initial(request, *args, **kwargs)
+        super(RoleMembershipsAPI, self).initial(request, *args, **kwargs)
         Role = get_role_model()
         User = get_user_model()
         self.role = get_object_or_404(Role, uuid=kwargs['role_uuid'])
@@ -601,7 +661,7 @@ class RolesAPI(ExceptionHandlerMixin, APIView):
         return Response({'result': 1, 'detail': _('User successfully removed from role')},
                         status=status.HTTP_200_OK)
 
-roles = RolesAPI.as_view()
+role_memberships = RoleMembershipsAPI.as_view()
 
 
 class BaseOrganizationalUnitSerializer(serializers.ModelSerializer):
@@ -620,6 +680,7 @@ class OrganizationalUnitAPI(ExceptionHandlerMixin, ModelViewSet):
 router = SimpleRouter()
 router.register(r'users', UsersAPI, base_name='a2-api-users')
 router.register(r'ous', OrganizationalUnitAPI, base_name='a2-api-ous')
+# router.register(r'roles', RolesAPO, base_name='a2-api-roles')
 
 
 class CheckPasswordSerializer(serializers.Serializer):
-- 
2.11.0