Merge pull request #138 from mekanix/feature/separate-sql-ldap

Reorganize LDAP and SQL implementation
freenit-framework · Apr 17, 2024 · 3e3637e · 3e3637e
2 parents bdd551e + a26e1d1
commit 3e3637e
Show file tree

Hide file tree

Showing 21 changed files with 426 additions and 360 deletions.
diff --git a/freenit/api/auth.py → freenit/api/auth/__init__.py b/freenit/api/auth.py → freenit/api/auth/__init__.py
@@ -58,7 +58,7 @@ async def login(credentials: LoginInput, response: Response):
     }
 
 
-async def register_ormar(credentials: LoginInput) -> User:
+async def register_sql(credentials: LoginInput) -> User:
     import ormar.exceptions
     try:
         user = await User.objects.get(email=credentials.email)
@@ -74,18 +74,18 @@ async def register_ormar(credentials: LoginInput) -> User:
     return user
 
 
-async def register_bonsai(credentials: LoginInput) -> User:
+async def register_ldap(credentials: LoginInput) -> User:
     user = await User.register(credentials)
     await user.save()
     return user
 
 
 @api.post("/auth/register", tags=["auth"])
 async def register(credentials: LoginInput, host=Header(default="")):
-    if User.dbtype() == "ormar":
-        user = await register_ormar(credentials)
+    if User.dbtype() == "sql":
+        user = await register_sql(credentials)
     else:
-        user = await register_bonsai(credentials)
+        user = await register_ldap(credentials)
     token = encode(user)
     print(token)
     mail = config.mail

diff --git a/freenit/api/role.py b/freenit/api/role.py
diff --git a/freenit/api/role/__init__.py b/freenit/api/role/__init__.py
@@ -0,0 +1,6 @@
+from freenit.models.role import Role
+
+if Role.dbtype() == "sql":
+    from .sql import RoleListAPI, RoleDetailAPI, RoleUserAPI
+elif Role.dbtype() == "ldap":
+    from .ldap import RoleListAPI, RoleDetailAPI, RoleUserAPI
diff --git a/freenit/api/role/ldap.py b/freenit/api/role/ldap.py
@@ -0,0 +1,86 @@
+import bonsai
+from fastapi import Depends, Header, HTTPException
+
+from freenit.api.router import route
+from freenit.decorators import description
+from freenit.models.ldap.base import get_client
+from freenit.models.pagination import Page
+from freenit.models.role import Role
+from freenit.models.safe import RoleSafe, UserSafe
+from freenit.models.user import User
+from freenit.permissions import role_perms
+
+tags = ["role"]
+
+
+@route("/roles", tags=tags)
+class RoleListAPI:
+    @staticmethod
+    @description("Get roles")
+    async def get(
+        page: int = Header(default=1),
+        _: int = Header(default=10),
+        user: User = Depends(role_perms),
+    ) -> Page[RoleSafe]:
+        data = await Role.get_all()
+        total = len(data)
+        page = Page(total=total, page=1, pages=1, perpage=total, data=data)
+        return page
+
+    @staticmethod
+    async def post(role: Role, user: User = Depends(role_perms)) -> RoleSafe:
+        try:
+            await role.create(user)
+        except bonsai.errors.AlreadyExists:
+            raise HTTPException(status_code=409, detail="Role already exists")
+        return role
+
+
+@route("/roles/{id}", tags=tags)
+class RoleDetailAPI:
+    @staticmethod
+    async def get(id, _: User = Depends(role_perms)) -> RoleSafe:
+        role = await Role.get(id)
+        return role
+
+    @staticmethod
+    async def delete(id, _: User = Depends(role_perms)) -> RoleSafe:
+        client = get_client()
+        try:
+            async with client.connect(is_async=True) as conn:
+                res = await conn.search(
+                    id, bonsai.LDAPSearchScope.SUB, "objectClass=groupOfUniqueNames"
+                )
+                if len(res) < 1:
+                    raise HTTPException(status_code=404, detail="No such role")
+                if len(res) > 1:
+                    raise HTTPException(status_code=409, detail="Multiple role found")
+                existing = res[0]
+                role = Role(
+                    cn=existing["cn"][0],
+                    dn=str(existing["dn"]),
+                    users=existing["uniqueMember"],
+                )
+                await existing.delete()
+                return role
+        except bonsai.errors.AuthenticationError:
+            raise HTTPException(status_code=403, detail="Failed to login")
+
+
+@route("/roles/{role_id}/{user_id}", tags=tags)
+class RoleUserAPI:
+    @staticmethod
+    @description("Assign user to role")
+    async def post(role_id, user_id, _: User = Depends(role_perms)) -> UserSafe:
+        user = await User.get(user_id)
+        role = await Role.get(role_id)
+        await role.add(user)
+        return user
+
+    @staticmethod
+    @description("Deassign user to role")
+    async def delete(role_id, user_id, _: User = Depends(role_perms)) -> UserSafe:
+        user = await User.get(user_id)
+        role = await Role.get(role_id)
+        await role.remove(user)
+        return user