From 05876827dbfdcb3b9e2f958127d2b88a7101353c Mon Sep 17 00:00:00 2001 From: Paul Marillonnet Date: Fri, 12 Jan 2018 11:27:12 +0100 Subject: [PATCH] WIP add role creation api (#20706) --- src/authentic2/api_urls.py | 2 ++ src/authentic2/api_views.py | 47 +++++++++++++++++++++++++++++++++++++++++++++ tests/test_api.py | 20 +++++++++++++++++++ 3 files changed, 69 insertions(+) diff --git a/src/authentic2/api_urls.py b/src/authentic2/api_urls.py index 61e6d9df..bb7dce4a 100644 --- a/src/authentic2/api_urls.py +++ b/src/authentic2/api_urls.py @@ -13,5 +13,7 @@ urlpatterns = patterns('', api_views.role_memberships, name='a2-api-role-member'), url(r'^check-password/$', api_views.check_password, name='a2-api-check-password'), + url(r'^ous/(?P[\w+]*)/roles/', + api_views.roles, name='a2-api-role'), ) urlpatterns += api_views.router.urls diff --git a/src/authentic2/api_views.py b/src/authentic2/api_views.py index 95fb99ee..d9d2b1c3 100644 --- a/src/authentic2/api_views.py +++ b/src/authentic2/api_views.py @@ -576,6 +576,53 @@ class UsersAPI(HookMixin, ExceptionHandlerMixin, ModelViewSet): return Response({'result': 1}) +class RolesAPI(ExceptionHandlerMixin, APIView): + queryset = get_role_model() + permission_classes = (permissions.IsAuthenticated,) + _api_fetched_fields = ['uuid', 'name', 'slug', 'admin_scope_ct', + 'admin_scope_id', 'service'] + + def post(self, request, *args, **kwargs): + logger = logging.getLogger(__name__) + + try: + Role = get_role_model() + ou_id_or_slug = kwargs['ou_id_or_slug'] + role_data = request.body['role_data'] + missing_fields = app_settings.A2_ROLES_REQUIRED_FIELDS - role_data.keys() + if missing_fields: + return Response({'result': 0, 'detail': 'Missing fields in API request: %r' % missing_fields}, + status=status.HTTP_400_BAD_REQUEST) + if count(Role.objects.filter(slug=role_data['slug'])): + return Response({'result': 0, 'detail': 'Error: role already existing in the A2 database'}, + status=status.HTTP_400_BAD_REQUEST) + if 'ou_id_or_slug' not in role_data: + return Response({'result': 0, 'detail': 'Error: no OU identifier provided, role can\'t be created'}, + status=status.HTTP_400_BAD_REQUEST) + role = Role.objects.create() + for api_field in self._api_fetched_fields: + if api_field in role_data: + setattr(self, api_field, role_data[api_field]) + OU = get_ou_model() + + # try first on the OU uuid then on its slug + try: + ou = OU.objects.get(uuid=role_data.get('ou_id_or_slug')) + except MultipleObjectsReturned: + ou = OU.objects.get(slug=role_data.get('ou_id_or_slug')) + role.ou = ou + role.save() + + except Exception as e: + logger.error('Couldn\'t create role') + return Response({'result': 0, 'detail': e}, + status=status.HTTP_400_BAD_REQUEST) + + return Response({'result': 1, 'detail': _('Role created')}, + status=status.HTTP_201_CREATED) + +roles = RolesAPI.as_view() + class RoleMembershipsAPI(ExceptionHandlerMixin, APIView): permission_classes = (permissions.IsAuthenticated,) diff --git a/tests/test_api.py b/tests/test_api.py index 96085590..85eca744 100644 --- a/tests/test_api.py +++ b/tests/test_api.py @@ -30,6 +30,26 @@ def test_api_user_simple(logged_app): assert 'username' in resp.json +def test_api_role_simple(logged_app): + resp = logged_app.post_json( + '/api/ous/epsilon/roles', + dict('role_data'={ + 'slug': 'soma-officer', + 'uuid': 'H1GH', + 'name': 'Soma Officer', + 'service': 'default', + 'admin_scope_ct': 'foo', + 'admin_scope_id': 'bar' + }) + ) + assert isinstance(resp.json, dict) + assert 'role_data' in resp.json + + Role = get_role_model() + posted_role = Role.objects.get(slug='soma-officer') + assert posted_role.uuid == 'H1GH' + + def test_api_user(client): # create an user, an ou role, a service and a service role ou = get_default_ou() -- 2.11.0