def modify_default_group(self, system=True):
""" Add a role to the default group and/or change the system flag"""
with tenant_context(self.tenant):
group = Group.objects.get(platform_default=True)
roles = Role.objects.filter(name="RBAC Administrator").values_list('uuid', flat=True)
add_roles(group, roles)
group.system = system
group.save()
def roles(self, request, uuid=None):
"""Get, add or remove roles from a group."""
"""
@api {get} /api/v1/groups/:uuid/roles/ Get roles for a group
@apiName getRoles
@apiGroup Group
@apiVersion 1.0.0
@apiDescription Get roles for a group
@apiHeader {String} token User authorization token
@apiParam (Path) {String} id Group unique identifier.
@apiParam (Query) {String} order_by Determine ordering of returned roles.
@apiSuccess {Array} data Array of roles
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"data": [
{
"name": "RoleA",
"uuid": "4df211e0-2d88-49a4-8802-728630224d15",
"description": "RoleA Description",
"policyCount: 0,
"applications": [],
"system": false,
"platform_default": false
}
]
}
"""
"""
@api {post} /api/v1/groups/:uuid/roles/ Add roles to a group
@apiName addRoles
@apiGroup Group
@apiVersion 1.0.0
@apiDescription Add roles to a group
@apiHeader {String} token User authorization token
@apiParam (Path) {String} id Group unique identifier
@apiParam (Request Body) {Array} roles Array of role UUIDs
@apiParamExample {json} Request Body:
{
"roles": [
"4df211e0-2d88-49a4-8802-728630224d15"
]
}
@apiSuccess {String} uuid Group unique identifier
@apiSuccess {String} name Group name
@apiSuccess {Array} roles Array of roles
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"data": [
{
"name": "RoleA",
"uuid": "4df211e0-2d88-49a4-8802-728630224d15",
"description": "RoleA Description",
"policyCount: 0,
"applications": [],
"system": false,
"platform_default": false
}
]
}
"""
"""
@api {delete} /api/v1/groups/:uuid/roles/ Remove roles from group
@apiName removeRoles
@apiGroup Group
@apiVersion 1.0.0
@apiDescription Remove roles from a group
@apiHeader {String} token User authorization token
@apiParam (Path) {String} id Group unique identifier
@apiParam (Query) {String} roles List of comma separated role UUIDs
@apiSuccessExample {json} Success-Response:
HTTP/1.1 204 NO CONTENT
"""
roles = []
validate_uuid(uuid, "group uuid validation")
group = self.get_object()
if request.method == "POST":
serializer = GroupRoleSerializerIn(data=request.data)
if serializer.is_valid(raise_exception=True):
roles = request.data.pop(ROLES_KEY, [])
add_roles(group, roles)
set_system_flag_post_update(group)
response_data = GroupRoleSerializerIn(group)
elif request.method == "GET":
serialized_roles = self.obtain_roles(request, group)
page = self.paginate_queryset(serialized_roles)
serializer = self.get_serializer(page, many=True)
return self.get_paginated_response(serializer.data)
else:
if ROLES_KEY not in request.query_params:
key = "detail"
message = "Query parameter {} is required.".format(ROLES_KEY)
raise serializers.ValidationError({key: _(message)})
role_ids = request.query_params.get(ROLES_KEY, "").split(",")
serializer = GroupRoleSerializerIn(data={"roles": role_ids})
if serializer.is_valid(raise_exception=True):
remove_roles(group, role_ids)
set_system_flag_post_update(group)
return Response(status=status.HTTP_204_NO_CONTENT)
return Response(status=status.HTTP_200_OK, data=response_data.data)
def roles(self, request, uuid=None):
"""Get, add or remove roles from a group."""
"""
@api {get} /api/v1/groups/:uuid/roles/ Get roles for a group
@apiName getRoles
@apiGroup Group
@apiVersion 1.0.0
@apiDescription Get roles for a group
@apiHeader {String} token User authorization token
@apiParam (Path) {String} id Group unique identifier.
@apiSuccess {Array} data Array of roles
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"data": [
{
"name": "RoleA",
"uuid": "4df211e0-2d88-49a4-8802-728630224d15",
"description": "RoleA Description"
}
]
}
"""
"""
@api {post} /api/v1/groups/:uuid/roles/ Add roles to a group
@apiName addRoles
@apiGroup Group
@apiVersion 1.0.0
@apiDescription Add roles to a group
@apiHeader {String} token User authorization token
@apiParam (Path) {String} id Group unique identifier
@apiParam (Request Body) {Array} roles Array of role UUIDs
@apiParamExample {json} Request Body:
{
"roles": [
"4df211e0-2d88-49a4-8802-728630224d15"
]
}
@apiSuccess {String} uuid Group unique identifier
@apiSuccess {String} name Group name
@apiSuccess {Array} roles Array of roles
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"uuid": "16fd2706-8baf-433b-82eb-8c7fada847da",
"name": "GroupA",
"roles": [
{
"name": "RoleA",
"uuid": "4df211e0-2d88-49a4-8802-728630224d15",
"description": "RoleA Description"
}
]
}
"""
"""
@api {delete} /api/v1/groups/:uuid/roles/ Remove roles from group
@apiName removeRoles
@apiGroup Group
@apiVersion 1.0.0
@apiDescription Remove roles from a group
@apiHeader {String} token User authorization token
@apiParam (Path) {String} id Group unique identifier
@apiParam (Query) {String} roles List of comma separated role UUIDs
@apiSuccessExample {json} Success-Response:
HTTP/1.1 204 NO CONTENT
"""
roles = []
group = self.get_object()
if request.method == 'POST':
serializer = GroupRoleSerializerIn(data=request.data)
if serializer.is_valid(raise_exception=True):
roles = request.data.pop(ROLES_KEY, [])
add_roles(group, roles)
set_system_flag_post_update(group)
response_data = GroupRoleSerializerIn(group)
elif request.method == 'GET':
serialized_roles = [RoleMinimumSerializer(role).data for role in group.roles()]
page = self.paginate_queryset(serialized_roles)
serializer = self.get_serializer(page, many=True)
return self.get_paginated_response(serializer.data)
else:
if ROLES_KEY not in request.query_params:
key = 'detail'
message = 'Query parameter {} is required.'.format(ROLES_KEY)
raise serializers.ValidationError({key: _(message)})
role_ids = request.query_params.get(ROLES_KEY, '').split(',')
serializer = GroupRoleSerializerIn(data={'roles': role_ids})
if serializer.is_valid(raise_exception=True):
remove_roles(group, role_ids)
set_system_flag_post_update(group)
return Response(status=status.HTTP_204_NO_CONTENT)
return Response(status=status.HTTP_200_OK, data=response_data.data)
