def add_members(
organization_id: int,
*,
invites: List[UserInvite] = Body(...),
auth=Depends(authorization("organizations:add_members")),
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
try:
members = crud.organization.get_members(db, id=organization_id)
users_to_add = (invite for invite in invites
if invite.email not in (u.get("email")
for u in members))
for invite in users_to_add:
user_in_db = user.get_by_email(db, email=invite.email)
role = invite.role if invite.role else "guest"
if not user_in_db:
user_in_db = user.create(
db,
obj_in=UserCreate(
full_name=invite.full_name,
email=invite.email,
password=pwd.genword(),
),
)
else:
organization_in_db = crud.organization.get(db,
id=organization_id)
if organization_in_db:
send_new_invitation_email_task.delay(
full_name=user_in_db.full_name,
email_to=user_in_db.email,
organization=organization_in_db.name,
role=role)
enforcer.add_role_for_user_in_domain(
str(user_in_db.id),
role,
str(organization_id),
)
enforcer.load_policy()
return [
user for user in get_members(
organization_id, auth=auth, db=db, current_user=current_user)
if user.get("email") in (invite.email for invite in invites)
]
except Exception as e:
logging.error(e)
def create_organization_root_node(
*,
db: Session = Depends(get_db),
organization_in: OrganizationCreateRoot,
current_user: User = Depends(get_current_user),
) -> Optional[Organization]:
"""
Create a new **root node for organizations tree**;
If `owner_email` is present organization tree ownership will be affected to *existing or newly created user*,
else organizations tree ownership will be affected to *superuser*.
"""
if not current_user.is_superuser:
raise HTTPException(
status_code=403,
detail="You are not authorized to perform this action.")
new_organization_root_node = organization.create_root(
db, obj_in=organization_in).to_schema()
if organization_in.owner_email:
user_in_db = user.get_by_email(db, email=organization_in.owner_email)
if not user_in_db:
user_in_db = user.create(
db,
obj_in=UserCreate(
full_name=organization_in.owner_email.split("@")[0],
email=organization_in.owner_email,
password=pwd.genword(),
),
)
if new_organization_root_node:
send_new_invitation_email_task.delay(
full_name=user_in_db.full_name,
email_to=user_in_db.email,
organization=new_organization_root_node.name,
role="owner")
enforcer.add_role_for_user_in_domain(
str(user_in_db.id), "owner",
str(new_organization_root_node.id))
enforcer.load_policy()
else:
enforcer.add_role_for_user_in_domain(
str(current_user.id), "owner", str(new_organization_root_node.id))
enforcer.load_policy()
current_roles = enforcer.get_roles_for_user_in_domain(
str(current_user.id), str(new_organization_root_node.id))
if len(current_roles) > 0:
new_organization_root_node.current_user_role = current_roles[0]
if current_user.is_superuser:
new_organization_root_node.current_user_role = 'admin'
# new_organization_root_node.current_user_role = current_roles[0]
return new_organization_root_node
def create_user(*, db: Session = Depends(get_db), user_in: UserCreate):
"""
Create new user.
"""
user = crud_user.get_by_email(db, email=user_in.email)
if user:
raise HTTPException(status_code=HTTP_400_BAD_REQUEST,
detail="Email already registered")
user = crud_user.create(db=db, user_in=user_in)
if config.EMAILS_ENABLED and user_in.email:
send_new_account_email(email_to=user_in.email,
username=user_in.email,
password=user_in.password)
return user
def init_db(db_session):
# Tables should be created with Alembic migrations
# But if you don't want to use migrations, create
# the tables un-commenting the next line
# Base.metadata.create_all(bind=engine)
user = crud_user.get_by_email(db_session, email=config.FIRST_SUPERUSER)
if not user:
user_in = UserCreate(
full_name='Admin',
email=config.FIRST_SUPERUSER,
password=config.FIRST_SUPERUSER_PASSWORD,
is_superuser=True,
)
user = crud_user.create(db_session, user_in=user_in)
def create_user(user_create: UserCreate, db=Depends(get_db)):
"""Register a new user. Email, CPF and PIS must be valid and not yet registered"""
db_user = get_by_cpf(db, user_create.cpf)
if db_user:
raise HTTPException(status_code=400, detail="CPF already registered")
db_user = get_by_pis(db, user_create.pis)
if db_user:
raise HTTPException(status_code=400, detail="PIS already registered")
db_user = get_by_email(db, user_create.email)
if db_user:
raise HTTPException(status_code=400, detail="Email already registered")
return create(db, user_create)
def register_new_user(*, db: Session = Depends(get_db), user_in: UserCreate):
user_in_db = user.get_by_email(db, email=user_in.email)
if user_in_db:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="The user with this username already exists in the system.",
)
user_in_db = user.create(db, obj_in=user_in)
send_new_registration_email_task.delay(user_in.email, user_in.full_name,
user_in.password)
generate_and_insert_registration_link_task.delay(user_in_db.id)
return {"msg": "User created"}
def init_db(db_session):
# Tables should be created with Alembic migrations
# But if you don't want to use migrations, create
# the tables un-commenting the next line
# Base.metadata.create_all(bind=engine)
user = db_user.get_by_email(db_session, email=config.FIRST_SUPERUSER_EMAIL)
if not user:
user_in = UserCreate(username=config.FIRST_SUPERUSER,
full_name=config.FIRST_SUPERUSER_FULLNAME,
email=config.FIRST_SUPERUSER_EMAIL,
password=get_password_hash(
config.FIRST_SUPERUSER_PASSWORD),
document="01311104542",
phone_number="9023819283",
is_superuser=True,
is_active=True)
user = db_user.create(db_session, user_in=user_in)
def password_recovery(email: str, db: Session = Depends(get_db)) -> Any:
"""
Password Recovery
"""
user_in_db = user.get_by_email(db, email=email)
if user_in_db:
tokens = generate_access_token_and_refresh_token_response(
user_id=user_in_db.id, is_superuser=user_in_db.is_superuser)
send_reset_password_email(
email_to=user_in_db.email,
username=user_in_db.full_name,
token=tokens["access_token"],
)
return {"msg": "Password recovery email sent"}
else:
raise HTTPException(
status_code=404,
detail="The user with this username does not exist in the system.",
)
def create_user(
*,
db: Session = Depends(get_db),
user_in: UserCreate,
current_user: User = Depends(get_current_user_if_is_superuser),
) -> Any:
"""
Create new user.
"""
user_in_db = user.get_by_email(db, email=user_in.email)
if user_in_db:
raise HTTPException(
status_code=400,
detail="The user with this username already exists in the system.",
)
user_in_db = user.create(db, obj_in=user_in)
# if settings.EMAILS_ENABLED and user_in.email:
# send_new_account_email(
# email_to=user_in.email,
# username=user_in.email,
# password=user_in.password
# )
return user_in_db
def init_db(db: Session) -> None:
# Tables should be created with Alembic migrations
# But if you don't want to use migrations, create
# the tables un-commenting the next line
# Base.metadata.create_all(bind=engine)
# insert_organizations(db=db)
organization_in_db = organization.get_by_name(db,
name=settings.ORGANIZATION)
if not organization_in_db:
organization_in = OrganizationCreate(name=settings.ORGANIZATION,
slug=slug.slug(
settings.ORGANIZATION),
mode="private")
organization_in_db = organization.create(db, obj_in=organization_in)
user_in_db = user.get_by_email(db, email=settings.FIRST_SUPERUSER)
if not user_in_db:
user_in = UserCreate(
full_name=settings.FIRST_SUPERUSER_FULLNAME,
email=settings.FIRST_SUPERUSER,
password=settings.FIRST_SUPERUSER_PASSWORD,
)
user_in_db = user.create(db, obj_in=user_in) # noqa: F841
user_in_db.is_superuser = True
user_in_db.is_verified = True
db.add(user_in_db)
db.commit()
db.refresh(user_in_db)
if len(enforcer.get_roles_for_user_in_domain("1", "1")) == 0:
enforcer.add_role_for_user_in_domain("1", "admin", "1")