aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authorisation/groups
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-02-09 16:23:03 +0300
committerFrederick Muriuki Muriithi2023-02-09 16:23:03 +0300
commit83430d7a3a853632eee880cbdd629f114e977757 (patch)
tree28c8e5e80945f32ac96f12c69b49dbd46cfae1b9 /gn3/auth/authorisation/groups
parent500141ca55c128d8ae6e237f21d7d3f9e92d4516 (diff)
downloadgenenetwork3-83430d7a3a853632eee880cbdd629f114e977757.tar.gz
auth: Reject request to join a group.
* gn3/auth/authorisation/groups/models.py: Modify function to either accept or reject join requests. * gn3/auth/authorisation/groups/views.py: Provide endpoint to reject join requests. * migrations/auth/20230207_01_r0bkZ-create-group-join-requests-table.py: Prevent user from applying to join the same group more than once.
Diffstat (limited to 'gn3/auth/authorisation/groups')
-rw-r--r--gn3/auth/authorisation/groups/models.py17
-rw-r--r--gn3/auth/authorisation/groups/views.py18
2 files changed, 25 insertions, 10 deletions
diff --git a/gn3/auth/authorisation/groups/models.py b/gn3/auth/authorisation/groups/models.py
index f78aedd..2a6f840 100644
--- a/gn3/auth/authorisation/groups/models.py
+++ b/gn3/auth/authorisation/groups/models.py
@@ -274,8 +274,10 @@ def join_requests(conn: db.DbConnection, user: User):
error_description=("You do not have the appropriate authorisation"
" to act upon the join requests."),
oauth2_scope="profile group")
-def accept_join_request(conn: db.DbConnection, request_id: UUID, user: User):
- """Accept a join request."""
+def accept_reject_join_request(
+ conn: db.DbConnection, request_id: UUID, user: User, status: str) -> dict:
+ """Accept/Reject a join request."""
+ assert status in ("ACCEPTED", "REJECTED"), f"Invalid status '{status}'."
with db.cursor(conn) as cursor:
group = user_group(cursor, user).maybe(DUMMY_GROUP, lambda grp: grp) # type: ignore[misc]
cursor.execute("SELECT * FROM group_join_requests WHERE request_id=?",
@@ -288,13 +290,14 @@ def accept_join_request(conn: db.DbConnection, request_id: UUID, user: User):
if the_user == DUMMY_USER:
raise InconsistencyError(
"Could not find user associated with join request.")
- add_user_to_group(cursor, group, the_user)
- revoke_user_role_by_name(cursor, the_user, "group-creator")
+ if status == "ACCEPTED":
+ add_user_to_group(cursor, group, the_user)
+ revoke_user_role_by_name(cursor, the_user, "group-creator")
cursor.execute(
- "UPDATE group_join_requests SET status='ACCEPTED' "
+ "UPDATE group_join_requests SET status=? "
"WHERE request_id=?",
- (str(request_id),))
- return {"request_id": request_id, "status": "ACCEPTED"}
+ (status, str(request_id)))
+ return {"request_id": request_id, "status": status}
raise AuthorisationError(
"You cannot act on other groups join requests")
raise NotFoundError(f"Could not find request with ID '{request_id}'")
diff --git a/gn3/auth/authorisation/groups/views.py b/gn3/auth/authorisation/groups/views.py
index f12c75c..d3710f6 100644
--- a/gn3/auth/authorisation/groups/views.py
+++ b/gn3/auth/authorisation/groups/views.py
@@ -10,8 +10,8 @@ from gn3.auth.dictify import dictify
from gn3.auth.db_utils import with_db_connection
from .models import (
- user_group, all_groups, join_requests, accept_join_request,
- GroupCreationError, group_users as _group_users,
+ user_group, all_groups, join_requests, GroupCreationError,
+ accept_reject_join_request, group_users as _group_users,
create_group as _create_group)
from ..errors import AuthorisationError
@@ -115,4 +115,16 @@ def accept_join_requests() -> Response:
form = request.form
request_id = uuid.UUID(form.get("request_id"))
return jsonify(with_db_connection(partial(
- accept_join_request, request_id=request_id, user=the_token.user)))
+ accept_reject_join_request, request_id=request_id,
+ user=the_token.user, status="ACCEPTED")))
+
+@groups.route("/requests/join/reject", methods=["POST"])
+@require_oauth("profile group")
+def reject_join_requests() -> Response:
+ """Reject a join request."""
+ with require_oauth.acquire("profile group") as the_token:
+ form = request.form
+ request_id = uuid.UUID(form.get("request_id"))
+ return jsonify(with_db_connection(partial(
+ accept_reject_join_request, request_id=request_id,
+ user=the_token.user, status="REJECTED")))