From 98602d24c64ffafe2c4af150236b72f77709f8de Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 6 Mar 2023 14:59:30 +0300
Subject: oauth2: resources: assign role to user on resource.

---
 wqflask/wqflask/oauth2/resources.py                | 63 ++++++++++++++++++++--
 .../wqflask/templates/oauth2/view-resource.html    | 46 ++++++++++++++++
 2 files changed, 105 insertions(+), 4 deletions(-)

diff --git a/wqflask/wqflask/oauth2/resources.py b/wqflask/wqflask/oauth2/resources.py
index be0cb475..e3501835 100644
--- a/wqflask/wqflask/oauth2/resources.py
+++ b/wqflask/wqflask/oauth2/resources.py
@@ -1,6 +1,7 @@
 import uuid
 
-from flask import flash, request, url_for, redirect, Blueprint, render_template
+from flask import (
+    flash, request, url_for, redirect, Response, Blueprint, render_template)
 
 from .checks import require_oauth2
 from .client import oauth2_get, oauth2_post
@@ -51,11 +52,34 @@ def create_resource():
 @require_oauth2
 def view_resource(resource_id: uuid.UUID):
     """View the given resource."""
-    def __this_user_success__(resource, unlinked_data, users_n_roles, user):
+    def __users_success__(
+            resource, unlinked_data, users_n_roles, this_user, group_roles,
+            users):
         return render_template(
             "oauth2/view-resource.html", resource=resource,
             unlinked_data=unlinked_data, users_n_roles=users_n_roles,
-            this_user=user)
+            this_user=this_user, group_roles=group_roles, users=users)
+
+    def __group_roles_success__(
+            resource, unlinked_data, users_n_roles, this_user, group_roles):
+        return oauth2_get("oauth2/user/list").either(
+            lambda err: render_template(
+                "oauth2/view-resource.html", resource=resource,
+                unlinked_data=unlinked_data, users_n_roles=users_n_roles,
+                this_user=this_user, group_roles=group_roles,
+                users_error=process_error(err)),
+            lambda users: __users_success__(
+                resource, unlinked_data, users_n_roles, this_user, group_roles,
+                users))
+
+    def __this_user_success__(resource, unlinked_data, users_n_roles, this_user):
+        return oauth2_get("oauth2/group/roles").either(
+            lambda err: render_template(
+                "oauth2/view-resources.html", resource=resource,
+                unlinked_data=unlinked_data, users_n_roles=users_n_roles,
+                this_user=this_user, group_roles_error=process_error(err)),
+            lambda groles: __group_roles_success__(
+                resource, unlinked_data, users_n_roles, this_user, groles))
 
     def __users_n_roles_success__(resource, unlinked_data, users_n_roles):
         return oauth2_get("oauth2/user").either(
@@ -66,7 +90,7 @@ def view_resource(resource_id: uuid.UUID):
                 resource, unlinked_data, users_n_roles, usr_dets))
 
     def __unlinked_success__(resource, unlinked_data):
-        return oauth2_get(f"oauth2/resource/{resource_id}/users").either(
+        return oauth2_get(f"oauth2/resource/{resource_id}/user/list").either(
             lambda err: render_template(
                 "oauth2/view-resource.html", resource=resource,
                 unlinked_data=unlinked_data,
@@ -149,6 +173,37 @@ def unlink_data_from_resource():
         return redirect(url_for(
             "oauth2.resource.view_resource", resource_id=form["resource_id"]))
 
+@resources.route("<uuid:resource_id>/user/assign", methods=["POST"])
+@require_oauth2
+def assign_role(resource_id: uuid.UUID) -> Response:
+    form = request.form
+    group_role_id = form.get("group_role_id", "")
+    user_email = form.get("user_email", "")
+    try:
+        assert bool(group_role_id), "The role must be provided."
+        assert bool(user_email), "The user email must be provided."
+
+        def __assign_error__(error):
+            err = process_error(error)
+            flash(f"{err['error']}: {err['error_description']}", "alert-danger")
+            return redirect(url_for(
+                "oauth2.resource.view_resource", resource_id=resource_id))
+
+        def __assign_success__(success):
+            flash(success["description"], "alert-success")
+            return redirect(url_for(
+                "oauth2.resource.view_resource", resource_id=resource_id))
+
+        return oauth2_post(
+            f"oauth2/resource/{resource_id}/user/assign",
+            data={
+                "group_role_id": group_role_id,
+                "user_email": user_email
+            }).either(__assign_error__, __assign_success__)
+    except AssertionError as aserr:
+        flash(aserr.args[0], "alert-danger")
+        return redirect(url_for("oauth2.resources.view_resource", resource_id=resource_id))
+
 @resources.route("/edit/<uuid:resource_id>", methods=["GET"])
 @require_oauth2
 def edit_resource(resource_id: uuid.UUID):
diff --git a/wqflask/wqflask/templates/oauth2/view-resource.html b/wqflask/wqflask/templates/oauth2/view-resource.html
index e8a3d8cb..6563d2fa 100644
--- a/wqflask/wqflask/templates/oauth2/view-resource.html
+++ b/wqflask/wqflask/templates/oauth2/view-resource.html
@@ -206,6 +206,52 @@
       {%endif%}
     </div>
 
+    <div class="row">
+      <h3>Assign</h3>
+      {%if group_roles_error is defined%}
+      {{display_error("Group Roles", group_roles_error)}}
+      {%elif users_error is defined%}
+      {{display_error("Users", users_error)}}
+      {%else%}
+      <form action="{{url_for(
+		    'oauth2.resource.assign_role',
+		    resource_id=resource.resource_id)}}"
+	    method="POST" autocomplete="off">
+	<input type="hidden" name="resource_id" value="{{resource_id}}" />
+	<div class="form-group">
+	  <label for="group_role_id" class="form-label">Role</label>
+	  <select class="form-control" name="group_role_id"
+		  id="group_role_id" required="required">
+	    <option value="">Select role</option>
+	    {%for grole in group_roles%}
+	    <option value="{{grole.group_role_id}}">
+	      {{grole.role.role_name}}
+	    </option>
+	    {%endfor%}
+	  </select>
+	</div>
+	<div class="form-group">
+	  <label for="user-email" class="form-label">User Email</label>
+	  <input list="users-list" name="user_email" class="form-control"
+		 {%if users | length == 0%}
+		 disabled="disabled"
+		 {%endif%}
+		 required="required" />
+	  <datalist id="users-list">
+	    {%for user in users%}
+	    <option value="{{user.email}}">{{user.email}} - {{user.name}}</option>
+	    {%endfor%}
+	  </datalist>
+	</div>
+
+	<input type="submit" class="btn btn-primary" value="Assign"
+	       {%if users | length == 0%}
+	       disabled="disabled"
+	       {%endif%} />
+      </form>
+      {%endif%}
+    </div>
+
   </div>
 
 </div>
-- 
cgit v1.2.3