def update_group():
data = current_request.get_json()
collaboration_id = int(data["collaboration_id"])
confirm_collaboration_admin(collaboration_id)
collaboration = Collaboration.query.get(collaboration_id)
_assign_global_urn(collaboration, data)
cleanse_short_name(data)
res = update(Group, custom_json=data, allow_child_cascades=False)
auto_provision_all_members_and_invites(res[0])
return res
def update_collaboration():
data = current_request.get_json()
confirm_collaboration_admin(data["id"])
organisation = Organisation.query.get(data["organisation_id"])
_validate_collaboration(data, organisation, new_collaboration=False)
collaboration = Collaboration.query.get(data["id"])
if collaboration.short_name != data["short_name"]:
for group in collaboration.groups:
group.global_urn = f"{organisation.short_name}:{data['short_name']}:{group.short_name}"
db.session.merge(group)
# For updating references like services, groups, memberships there are more fine-grained API methods
return update(Collaboration, custom_json=data, allow_child_cascades=False)
def update_service():
data = current_request.get_json()
service_id = data["id"]
confirm_service_admin(service_id)
validate_ip_networks(data)
_token_validity_days(data)
cleanse_short_name(data, "abbreviation")
service = Service.query.get(service_id)
if not is_application_admin() and is_service_admin(service_id):
forbidden = ["white_listed", "non_member_users_access_allowed", "token_enabled", "token", "entity_id"]
for attr in [fb for fb in forbidden if fb in data]:
data[attr] = getattr(service, attr)
res = update(Service, custom_json=data, allow_child_cascades=False, allowed_child_collections=["ip_networks"])
service = res[0]
service.ip_networks
return res
def update_organisation():
def override_func():
user_id = current_user_id()
organisation_id = current_request.get_json()["id"]
count = OrganisationMembership.query \
.filter(OrganisationMembership.user_id == user_id) \
.filter(OrganisationMembership.organisation_id == organisation_id) \
.filter(OrganisationMembership.role == "admin") \
.count()
return count > 0
confirm_write_access(override_func=override_func)
data = current_request.get_json()
_clear_api_keys(data)
cleanse_short_name(data)
organisation = Organisation.query.get(data["id"])
if organisation.short_name != data["short_name"]:
for collaboration in organisation.collaborations:
collaboration.global_urn = f"{data['short_name']}:{collaboration.short_name}"
db.session.merge(collaboration)
for group in collaboration.groups:
group.global_urn = f"{data['short_name']}:{collaboration.short_name}:{group.short_name}"
db.session.merge(group)
if not is_application_admin() and organisation.services_restricted:
data["services_restricted"] = True
# Corner case: user removed name and added the exact same name again, prevent duplicate entry
existing_names = [sho.name for sho in organisation.schac_home_organisations]
if "schac_home_organisations" in data:
if len([sho for sho in data["schac_home_organisations"] if
not sho.get("id") and sho["name"] in existing_names]) > 0:
organisation.schac_home_organisations.clear()
return update(Organisation, custom_json=data, allow_child_cascades=False,
allowed_child_collections=["schac_home_organisations"])
def update_service_group():
data = current_request.get_json()
confirm_write_access()
cleanse_short_name(data)
return update(ServiceGroup, custom_json=data, allow_child_cascades=False)