def update_organization(org_uuid):
data = request.json
if not data:
return abort(make_response(jsonify(message="Missing payload"), 400))
name = data.get("name")
if not name:
return abort(make_response(jsonify(message="Missing name"), 400))
existing = organizations.get_by_uuid(org_uuid)
if not existing:
return abort(make_response(jsonify(message="Not found"), 404))
organizations.update_organization(uuid=org_uuid, name=name)
return jsonify({"uuid": org_uuid, "name": name}), 200
def add_user_to_org(org_uuid):
user_uuid = request.json.get("uuid")
org_role = request.json.get("role")
user = users.get_by_uuid(user_uuid)
if not user:
return make_response("User does not exist", 400)
if not organizations.get_by_uuid(org_uuid):
return make_response("Organization does not exist", 400)
if organization_roles.get_organization_role(org_uuid,
user_uuid) is not None:
return make_response("User is already in organization", 400)
organization_roles.set_organization_role(org_uuid, user_uuid, org_role)
return make_response("", 200)
def create_api_token():
data = request.json
if not data:
return abort(make_response(jsonify(message="Missing payload"), 400))
name = data.get("name", None)
if not name:
return abort(make_response(jsonify(message="Missing name"), 400))
org_uuid = data.get("organization_uuid", None)
if not org_uuid:
return abort(
make_response(jsonify(message="Missing organization_uuid"), 400))
user = get_current_user()
if not user:
return abort(make_response(jsonify(message="Unauthorized"), 401))
is_member = organization_roles.get_organization_role(
org_uuid, user["uuid"])
if not is_member:
return abort(make_response(jsonify(message="Unauthorized"), 401))
organization = organizations.get_by_uuid(org_uuid)
token = create_access_token(
identity=user,
expires_delta=False,
user_claims={
"username": user.get("username"),
"email": user.get("email"),
"organization_uuid": organization["uuid"],
"organization_name": organization["name"],
},
)
jti = decode_token(token)["jti"]
api_tokens.add_token(user_uuid=user["uuid"],
jti=jti,
name=name,
organization_uuid=org_uuid)
response = {
"access_token": token,
"name": name,
"jti": jti,
"organization": {
"uuid": organization["uuid"],
"name": organization["name"],
},
"created": datetime.now().isoformat(),
}
return jsonify(response), 201
def delete_user(org_uuid, uuid):
admin_uuid = get_jwt_identity()
if admin_uuid == uuid:
return abort(make_response(jsonify(message="Cannot update self"), 409))
user_role = organization_roles.get_organization_role(org_uuid, uuid)
user = users.get_by_uuid(uuid)
if user is None or user_role is None:
return abort(make_response(jsonify(message="Not found"), 404))
organization = organizations.get_by_uuid(org_uuid)
api_tokens.revoke_all_tokens(uuid, org_uuid)
organization_roles.drop_organization_role(org_uuid, uuid)
send_mail.delay(
[user["email"]],
"ORGANIZATION_REMOVAL",
{
"email": user["email"],
"inviter_username": get_current_user()["username"],
"organization_name": organization["name"],
"organization_uuid": organization["uuid"],
},
)
return "", 204
def add_user_to_org(org_uuid):
data = request.json
if not data:
return abort(make_response(jsonify(message="Missing payload"), 400))
email = data.get("email", None)
org_role = data.get("role", None)
if not email or not org_role:
return abort(make_response(jsonify(message="Missing email"), 400))
if org_role not in ["admin", "user"]:
return abort(make_response(jsonify(message="Bad role"), 400))
email = email.lstrip().rstrip().lower()
if not is_email(email):
return abort(make_response(jsonify(message="Invalid email"), 400))
existing = users.get_by_email(email)
# completely new user
if existing is None:
user_uuid = guid.uuid4()
activation_key = guid.uuid4()
activation_key_expires = datetime.now().astimezone() + timedelta(hours=24)
users.add_user(
uuid=user_uuid,
email=email,
username=email,
system_role="user",
providers=[],
activation_key_hash=hashlib.sha256(
str(activation_key).encode("utf-8")
).hexdigest(),
activation_key_expires=activation_key_expires,
)
else:
user_uuid = existing.get("uuid", None)
# an activated account that already has a role in this organization
if (
organization_roles.get_organization_role(org_uuid, user_uuid)
and existing["activated"]
):
return abort(make_response(jsonify(message="User already exists"), 409))
# an account that is not activated but has already been sent an invite
activation_key = guid.uuid4()
activation_key_expires = datetime.now().astimezone() + timedelta(hours=24)
users.update_user(
uuid=user_uuid,
activation_key_hash=hashlib.sha256(
str(activation_key).encode("utf-8")
).hexdigest(),
activation_key_expires=activation_key_expires,
)
organization = organizations.get_by_uuid(org_uuid)
organization_roles.set_organization_role(org_uuid, user_uuid, org_role)
if existing is None or existing["activated"] is None:
send_mail.delay(
[email],
"REGISTRATION_VERIFICATION_EMAIL",
{
"activation_key": activation_key,
"activation_key_expires": int(activation_key_expires.timestamp()),
"email": email,
"inviter_username": get_current_user()["username"],
"organization_name": organization["name"],
"organization_uuid": organization["uuid"],
},
)
else:
send_mail.delay(
[email],
"ORGANIZATION_INVITATION",
{
"email": email,
"inviter_username": get_current_user()["username"],
"organization_name": organization["name"],
"organization_uuid": organization["uuid"],
},
)
return (
jsonify(
{
"uuid": str(user_uuid),
"username": existing["username"] if existing else email,
"email": email,
"role": org_role,
"activated": existing["activated"] is not None if existing else False,
}
),
201,
)