Merge pull request #555 from jbernal0019/master

Implement API to manage groups and their users

Author: jbernal0019

chris_backend/config/urls.py

@@ -20,6 +20,7 @@
 from django.conf import settings
 
 from plugins import admin as plugin_admin_views
+from users import views as group_admin_views
 
 
 urlpatterns = [
@@ -38,6 +39,26 @@
          plugin_admin_views.ComputeResourceAdminDetail.as_view(),
          name='admin-computeresource-detail'),
 
+    path('chris-admin/api/v1/groups/',
+         group_admin_views.GroupList.as_view(),
+         name='group-list'),
+
+    path('chris-admin/api/v1/groups/search/',
+         group_admin_views.GroupListQuerySearch.as_view(),
+         name='group-list-query-search'),
+
+    path('chris-admin/api/v1/groups/<int:pk>/',
+         group_admin_views.GroupDetail.as_view(),
+         name='group-detail'),
+
+    path('chris-admin/api/v1/groups/<int:pk>/users/',
+         group_admin_views.GroupUserList.as_view(),
+         name='group-user-list'),
+
+    path('chris-admin/api/v1/groups/users/<int:pk>/',
+         group_admin_views.GroupUserDetail.as_view(),
+         name='user_groups-detail'),
+
     path('chris-admin/', admin.site.urls),
 
     path('api/', include('core.api')),

chris_backend/core/admin.py

@@ -18,5 +18,4 @@ def has_delete_permission(self, request, obj=None):
 
 admin.site.site_header = 'ChRIS Administration'
 admin.site.site_title = 'ChRIS Admin'
-admin.site.unregister(Group)
 admin.site.register(ChrisInstance, ChrisInstanceAdmin)

chris_backend/core/api.py

@@ -28,6 +28,9 @@
     path('v1/users/<int:pk>/',
         user_views.UserDetail.as_view(), name='user-detail'),
 
+    path('v1/users/<int:pk>/groups/',
+         user_views.UserGroupList.as_view(), name='user-group-list'),
+
 
     path('v1/downloadtokens/',
          core_views.FileDownloadTokenList.as_view(),

chris_backend/plugins/admin.py

@@ -755,10 +755,13 @@ def list(self, request, *args, **kwargs):
         to the response.
         """
         response = super(PluginAdminList, self).list(request, *args, **kwargs)
+
         # append document-level link relations
         links = {'compute_resources': reverse('admin-computeresource-list',
-                                              request=request)}
+                                              request=request),
+                 'groups': reverse('group-list', request=request)}
         response = services.append_collection_links(response, links)
+
         # append write template
         template_data = {'fname': '', 'compute_names': '', 'plugin_store_url': ''}
         return services.append_collection_template(response, template_data)

chris_backend/users/models.py

@@ -1,3 +1,13 @@
-from django.db import models
 
-# Create your models here.
+from django.contrib.auth.models import Group
+
+import django_filters
+from django_filters.rest_framework import FilterSet
+
+
+class GroupFilter(FilterSet):
+    name_icontains = django_filters.CharFilter(field_name='name', lookup_expr='icontains')
+
+    class Meta:
+        model = Group
+        fields = ['id', 'name', 'name_icontains']

chris_backend/users/permissions.py

@@ -18,3 +18,17 @@ def has_object_permission(self, request, view, obj):
         return (obj == request.user) or (request.user.username == 'chris')
 
 
+class IsAdminOrReadOnly(permissions.BasePermission):
+    """
+    Custom permission to only allow admin users to modify/edit it. Read only is allowed
+    to normal users.
+    """
+
+    def has_object_permission(self, request, view, obj):
+        # Read permissions are allowed to normal users.
+        if request.method in permissions.SAFE_METHODS:
+            #if obj.user_set.filter(username=request.user.username).exists():
+                return True
+
+        # Raed/Write permissions are allowed to the admin users
+        return request.user.is_staff

chris_backend/users/serializers.py

@@ -2,7 +2,7 @@
 import logging
 import io
 
-from django.contrib.auth.models import User
+from django.contrib.auth.models import User, Group
 from django.conf import settings
 from rest_framework import serializers
 from rest_framework.validators import UniqueValidator
@@ -16,19 +16,18 @@
 
 
 class UserSerializer(serializers.HyperlinkedModelSerializer):
-    feed = serializers.HyperlinkedRelatedField(many=True, view_name='feed-detail',
-                                               read_only=True)
     username = serializers.CharField(min_length=4, max_length=32,
                                      validators=[UniqueValidator(
                                          queryset=User.objects.all())])
     email = serializers.EmailField(required=True,
                                    validators=[UniqueValidator(
                                        queryset=User.objects.all())])
     password = serializers.CharField(min_length=8, max_length=100, write_only=True)
+    groups = serializers.HyperlinkedIdentityField(view_name='user-group-list')
 
     class Meta:
         model = User
-        fields = ('url', 'id', 'username', 'email', 'password', 'is_staff', 'feed')
+        fields = ('url', 'id', 'username', 'email', 'password', 'is_staff', 'groups')
 
     def create(self, validated_data):
         """
@@ -73,3 +72,48 @@ def validate_username(self, username):
             raise serializers.ValidationError(
                 ["Username %s is not available." % username])
         return username
+
+
+class GroupSerializer(serializers.HyperlinkedModelSerializer):
+    users = serializers.HyperlinkedIdentityField(view_name='group-user-list')
+
+    class Meta:
+        model = Group
+        fields = ('url', 'id', 'name', 'users')
+
+    def validate_name(self, name):
+        """
+        Overriden to check that the name does not contain forward slashes.
+        """
+        if '/' in name:
+            raise serializers.ValidationError(
+                ["This field may not contain forward slashes."])
+        return name
+
+
+
+class GroupUserSerializer(serializers.HyperlinkedModelSerializer):
+    username = serializers.CharField(write_only=True, min_length=4, max_length=32)
+    group_id = serializers.ReadOnlyField(source='group.id')
+    group_name = serializers.ReadOnlyField(source='group.name')
+    user_id = serializers.ReadOnlyField(source='user.id')
+    user_username = serializers.ReadOnlyField(source='user.username')
+    user_email = serializers.ReadOnlyField(source='user.email')
+    group = serializers.HyperlinkedRelatedField(view_name='group-detail', read_only=True)
+    user = serializers.HyperlinkedRelatedField(view_name='user-detail', read_only=True)
+
+    class Meta:
+        model = User.groups.through
+        fields = ('url', 'id', 'group_id', 'group_name', 'user_id', 'user_username',
+                  'user_email', 'group', 'user', 'username')
+
+    def validate_username(self, username):
+        """
+        Custom method to check whether the provided username exists in the DB.
+        """
+        try:
+            user = User.objects.get(username=username)
+        except User.DoesNotExist:
+            raise serializers.ValidationError(
+                {'username': [f"Couldn't find any user with username '{username}'."]})
+        return user

chris_backend/users/tests/test_serializers.py

@@ -7,13 +7,13 @@
 from rest_framework import serializers
 
 from userfiles.models import UserFile
-from users.serializers import UserSerializer
+from users.serializers import UserSerializer, GroupSerializer, GroupUserSerializer
 from core.storage.helpers import mock_storage
 
 
-class UserSerializerTests(TestCase):
+class SerializerTests(TestCase):
     """
-    Generic user view tests' setup and tearDown
+    Generic serializers tests' setup and tearDown.
     """
 
     def setUp(self):
@@ -34,6 +34,12 @@ def tearDown(self):
         # re-enable logging
         logging.disable(logging.NOTSET)
 
+
+class UserSerializerTests(SerializerTests):
+    """
+    User serializer tests.
+    """
+
     def test_create(self):
         """
         Test whether overriden create method takes care of the password hashing and
@@ -62,9 +68,50 @@ def test_validate_username(self):
         the 'chris' special user.
         """
         user_serializer = UserSerializer()
+
         with self.assertRaises(serializers.ValidationError):
             user_serializer.validate_username('user/')
+
         with self.assertRaises(serializers.ValidationError):
             user_serializer.validate_username('chris')
+
         username = user_serializer.validate_username(self.username)
         self.assertEqual(username, self.username)
+
+
+class GroupSerializerTests(SerializerTests):
+    """
+    Group serializer tests.
+    """
+
+    def test_validate_name(self):
+        """
+        Test whether overriden validate_name method raises a
+        serializers.ValidationError when the group name contains forward slashes.
+        """
+        group_serializer = GroupSerializer()
+
+        with self.assertRaises(serializers.ValidationError):
+            group_serializer.validate_name('user/')
+
+        group_name = group_serializer.validate_name('students')
+        self.assertEqual(group_name, 'students')
+
+
+class GroupUserSerializerTests(SerializerTests):
+    """
+    Group user serializer tests.
+    """
+
+    def test_validate_name(self):
+        """
+        Test whether overriden validate_username method raises a
+        serializers.ValidationError when the passed username doesn't exist in the DB.
+        """
+        group_user_serializer = GroupUserSerializer()
+
+        with self.assertRaises(serializers.ValidationError):
+            group_user_serializer.validate_username('foo')
+
+        user = group_user_serializer.validate_username(self.chris_username)
+        self.assertEqual(user.username, self.chris_username)