Merge pull request #105 from Ouranosinc/fix-assign-to-group

Fix assigning a user to a group in api and ui
Ouranosinc · Sep 28, 2018 · 57854b3 · 57854b3
2 parents 81546e2 + ff4121c
commit 57854b3
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 9 deletions.
diff --git a/magpie/api/api_rest_schemas.py b/magpie/api/api_rest_schemas.py
@@ -1318,6 +1318,18 @@ class UserGroups_POST_CreatedResponseSchema(colander.MappingSchema):
     body = UserGroups_POST_ResponseBodySchema(code=HTTPCreated.code, description=description)
 
 
+class UserGroups_POST_GroupNotFoundResponseSchema(colander.MappingSchema):
+    description = "Can't find the group to assign to."
+    header = HeaderResponseSchema()
+    body = BaseBodySchema(code=HTTPNotFound.code, description=description)
+
+
+class UserGroups_POST_ForbiddenResponseSchema(colander.MappingSchema):
+    description = "Group query by name refused by db."
+    header = HeaderResponseSchema()
+    body = BaseBodySchema(code=HTTPForbidden.code, description=description)
+
+
 class UserGroups_POST_ConflictResponseSchema(colander.MappingSchema):
     description = "User already belongs to this group."
     header = HeaderResponseSchema()

diff --git a/magpie/api/management/user/user_views.py b/magpie/api/management/user/user_views.py
@@ -4,6 +4,7 @@
 from magpie.api.api_rest_schemas import *
 from magpie.api.management.user.user_formats import *
 from magpie.api.management.user.user_utils import *
+from magpie.api.management.group.group_utils import *
 from magpie.api.management.service.service_formats import format_service, format_service_resources
 
 
@@ -99,7 +100,14 @@ def assign_user_group(request):
     """Assign a user to a group."""
     db = request.db
     user = get_user_matchdict_checked_or_logged(request)
-    group = get_group_matchdict_checked(request)
+
+    group_name = get_value_multiformat_post_checked(request, 'group_name')
+    group = evaluate_call(lambda: zig.GroupService.by_group_name(group_name, db_session=request.db),
+                          fallback=lambda: request.db.rollback(),
+                          httpError=HTTPForbidden, msgOnFail=UserGroups_POST_ForbiddenResponseSchema.description)
+    verify_param(group, notNone=True, httpError=HTTPNotFound,
+                 msgOnFail=UserGroups_POST_GroupNotFoundResponseSchema.description)
+
     new_user_group = models.UserGroup(group_id=group.id, user_id=user.id)
 
     evaluate_call(lambda: db.add(new_user_group), fallback=lambda: db.rollback(),

diff --git a/magpie/ui/management/views.py b/magpie/ui/management/views.py
@@ -294,11 +294,13 @@ def edit_user(self):
                 selected_groups = self.request.POST.getall('member')
                 removed_groups = list(set(own_groups) - set(selected_groups))
                 new_groups = list(set(selected_groups) - set(own_groups))
-                url_group = '{url}/users/{usr}/groups/{grp}'.format(url=self.magpie_url, usr=user_name, grp='{grp}')
                 for group in removed_groups:
-                    check_response(requests.delete(url_group.format(grp=group), cookies=self.request.cookies))
+                    url_group = '{url}/users/{usr}/groups/{grp}'.format(url=self.magpie_url, usr=user_name, grp=group)
+                    check_response(requests.delete(url_group, cookies=self.request.cookies))
                 for group in new_groups:
-                    check_response(requests.post(url_group.format(grp=group), cookies=self.request.cookies))
+                    url_group = '{url}/users/{usr}/groups'.format(url=self.magpie_url, usr=user_name)
+                    data = {'group_name': group}
+                    check_response(requests.post(url_group, data=data, cookies=self.request.cookies))
                 user_info[u'own_groups'] = self.get_user_groups(user_name)
 
         # display resources permissions per service type tab
@@ -382,11 +384,13 @@ def edit_group_users(self, group_name):
         removed_members = list(set(current_members) - set(selected_members))
         new_members = list(set(selected_members) - set(current_members))
 
-        url_base = '{url}/users/{usr}/groups/{grp}'.format(url=self.magpie_url, usr='{usr}', grp=group_name)
-        for user in removed_members:
-            check_response(requests.delete(url_base.format(usr=user), cookies=self.request.cookies))
-        for user in new_members:
-            check_response(requests.post(url_base.format(usr=user), cookies=self.request.cookies))
+        for user_name in removed_members:
+            url_group = '{url}/users/{usr}/groups/{grp}'.format(url=self.magpie_url, usr=user_name, grp=group_name)
+            check_response(requests.delete(url_group, cookies=self.request.cookies))
+        for user_name in new_members:
+            url_group = '{url}/users/{usr}/groups'.format(url=self.magpie_url, usr=user_name)
+            data = {'group_name': group_name}
+            check_response(requests.post(url_group, data=data, cookies=self.request.cookies))
 
     def edit_user_or_group_resource_permissions(self, user_or_group_name, resource_id, is_user=False):
         usr_grp_type = 'users' if is_user else 'groups'

diff --git a/tests/interfaces.py b/tests/interfaces.py
@@ -334,6 +334,30 @@ def test_GetCurrentUser(self):
         else:
             utils.check_val_equal(json_body['user_name'], self.usr)
 
+    @pytest.mark.groups
+    @unittest.skipUnless(runner.MAGPIE_TEST_GROUPS, reason=runner.MAGPIE_TEST_DISABLED_MESSAGE('groups'))
+    def test_PostUserGroup_assign(self):
+        route = '/users/{usr}/groups'.format(usr=get_constant('MAGPIE_ADMIN_USER'))
+        data = {'group_name': get_constant('MAGPIE_ANONYMOUS_GROUP')}
+        resp = utils.test_request(self.url, 'POST', route, headers=self.json_headers, cookies=self.cookies, data=data)
+        utils.check_response_basic_info(resp, 201)
+
+    @pytest.mark.groups
+    @unittest.skipUnless(runner.MAGPIE_TEST_GROUPS, reason=runner.MAGPIE_TEST_DISABLED_MESSAGE('groups'))
+    def test_PostUserGroup_not_found(self):
+        route = '/users/{usr}/groups'.format(usr=get_constant('MAGPIE_ADMIN_USER'))
+        data = {'group_name': 'not_found'}
+        resp = utils.test_request(self.url, 'POST', route, headers=self.json_headers, cookies=self.cookies, data=data)
+        utils.check_response_basic_info(resp, 404)
+
+    @pytest.mark.groups
+    @unittest.skipUnless(runner.MAGPIE_TEST_GROUPS, reason=runner.MAGPIE_TEST_DISABLED_MESSAGE('groups'))
+    def test_PostUserGroup_conflict(self):
+        route = '/users/{usr}/groups'.format(usr=get_constant('MAGPIE_ADMIN_USER'))
+        data = {'group_name': get_constant('MAGPIE_ADMIN_GROUP')}
+        resp = utils.test_request(self.url, 'POST', route, headers=self.json_headers, cookies=self.cookies, data=data)
+        utils.check_response_basic_info(resp, 409)
+
     @pytest.mark.groups
     @unittest.skipUnless(runner.MAGPIE_TEST_GROUPS, reason=runner.MAGPIE_TEST_DISABLED_MESSAGE('groups'))
     def test_GetGroupUsers(self):