From 83430d7a3a853632eee880cbdd629f114e977757 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Thu, 9 Feb 2023 16:23:03 +0300 Subject: auth: Reject request to join a group. * gn3/auth/authorisation/groups/models.py: Modify function to either accept or reject join requests. * gn3/auth/authorisation/groups/views.py: Provide endpoint to reject join requests. * migrations/auth/20230207_01_r0bkZ-create-group-join-requests-table.py: Prevent user from applying to join the same group more than once. --- gn3/auth/authorisation/groups/models.py | 17 ++++++++++------- gn3/auth/authorisation/groups/views.py | 18 +++++++++++++++--- 2 files changed, 25 insertions(+), 10 deletions(-) (limited to 'gn3/auth/authorisation/groups') diff --git a/gn3/auth/authorisation/groups/models.py b/gn3/auth/authorisation/groups/models.py index f78aedd..2a6f840 100644 --- a/gn3/auth/authorisation/groups/models.py +++ b/gn3/auth/authorisation/groups/models.py @@ -274,8 +274,10 @@ def join_requests(conn: db.DbConnection, user: User): error_description=("You do not have the appropriate authorisation" " to act upon the join requests."), oauth2_scope="profile group") -def accept_join_request(conn: db.DbConnection, request_id: UUID, user: User): - """Accept a join request.""" +def accept_reject_join_request( + conn: db.DbConnection, request_id: UUID, user: User, status: str) -> dict: + """Accept/Reject a join request.""" + assert status in ("ACCEPTED", "REJECTED"), f"Invalid status '{status}'." with db.cursor(conn) as cursor: group = user_group(cursor, user).maybe(DUMMY_GROUP, lambda grp: grp) # type: ignore[misc] cursor.execute("SELECT * FROM group_join_requests WHERE request_id=?", @@ -288,13 +290,14 @@ def accept_join_request(conn: db.DbConnection, request_id: UUID, user: User): if the_user == DUMMY_USER: raise InconsistencyError( "Could not find user associated with join request.") - add_user_to_group(cursor, group, the_user) - revoke_user_role_by_name(cursor, the_user, "group-creator") + if status == "ACCEPTED": + add_user_to_group(cursor, group, the_user) + revoke_user_role_by_name(cursor, the_user, "group-creator") cursor.execute( - "UPDATE group_join_requests SET status='ACCEPTED' " + "UPDATE group_join_requests SET status=? " "WHERE request_id=?", - (str(request_id),)) - return {"request_id": request_id, "status": "ACCEPTED"} + (status, str(request_id))) + return {"request_id": request_id, "status": status} raise AuthorisationError( "You cannot act on other groups join requests") raise NotFoundError(f"Could not find request with ID '{request_id}'") diff --git a/gn3/auth/authorisation/groups/views.py b/gn3/auth/authorisation/groups/views.py index f12c75c..d3710f6 100644 --- a/gn3/auth/authorisation/groups/views.py +++ b/gn3/auth/authorisation/groups/views.py @@ -10,8 +10,8 @@ from gn3.auth.dictify import dictify from gn3.auth.db_utils import with_db_connection from .models import ( - user_group, all_groups, join_requests, accept_join_request, - GroupCreationError, group_users as _group_users, + user_group, all_groups, join_requests, GroupCreationError, + accept_reject_join_request, group_users as _group_users, create_group as _create_group) from ..errors import AuthorisationError @@ -115,4 +115,16 @@ def accept_join_requests() -> Response: form = request.form request_id = uuid.UUID(form.get("request_id")) return jsonify(with_db_connection(partial( - accept_join_request, request_id=request_id, user=the_token.user))) + accept_reject_join_request, request_id=request_id, + user=the_token.user, status="ACCEPTED"))) + +@groups.route("/requests/join/reject", methods=["POST"]) +@require_oauth("profile group") +def reject_join_requests() -> Response: + """Reject a join request.""" + with require_oauth.acquire("profile group") as the_token: + form = request.form + request_id = uuid.UUID(form.get("request_id")) + return jsonify(with_db_connection(partial( + accept_reject_join_request, request_id=request_id, + user=the_token.user, status="REJECTED"))) -- cgit v1.2.3