def group_members_by_group_id_and_username_put(group_id: str,
username: str) -> Response:
"""
Update a group membership. The membership is identified by a group's identifier and a user's username.
:param group_id: Unique id which identifies a group within a team.
:param username: Unique name for a user.
:return: A response object for the PUT API request.
"""
jwt_claims: dict = get_claims(request)
jwt_username = jwt_claims.get('sub')
group_member: GroupMember = GroupMemberDao.get_group_member(
group_id=int(group_id), username=jwt_username)
if group_member is not None and group_member.user == 'admin' and group_member.status == 'accepted':
current_app.logger.info(
f'Admin user {jwt_username} is updating the group membership for user {username} in group with id '
f'{group_id}.')
else:
current_app.logger.info(
f'User {jwt_username} is not authorized to update the group membership for user {username} in group with '
f'id {group_id}.')
response = jsonify({
'self':
f'/v2/groups/members/{group_id}/{username}',
'updated':
False,
'group_member':
None,
'error':
f'User {jwt_username} is not authorized to update the group membership for user {username} in '
f'group with id {group_id}.'
})
response.status_code = 400
return response
group_member_data: dict = request.get_json()
status = group_member_data.get('status')
user = group_member_data.get('user')
is_updated = GroupMemberDao.update_group_member(int(group_id), username,
status, user)
if is_updated:
team: Team = TeamDao.get_team_by_group_id(int(group_id))
team_membership: ResultProxy = TeamMemberDao.get_user_team_membership(
username=username, team_name=team.name)
if team_membership.rowcount > 0:
for membership in team_membership:
if membership.user != 'accepted':
TeamMemberDao.accept_user_team_membership(
username=username,
team_name=team.name,
updating_username=jwt_username)
updated_group_member = GroupMemberDao.get_group_member(
int(group_id), username)
updated_group_member_dict: dict = GroupMemberData(
updated_group_member).__dict__
response = jsonify({
'self': f'/v2/groups/members/{group_id}/{username}',
'updated': True,
'group_member': updated_group_member_dict
})
response.status_code = 200
return response
else:
response = jsonify({
'self': f'/v2/groups/members/{group_id}/{username}',
'updated': False,
'group_member': None,
'error': 'The group membership failed to update.'
})
response.status_code = 500
return response
def group_members_by_group_id_and_username_delete(group_id: str,
username: str) -> Response:
"""
Soft delete a group membership. The membership is identified by a group's identifier and a user's username.
:param group_id: Unique id which identifies a group within a team.
:param username: Unique name for a user.
:return: A response object for the DELETE API request.
"""
jwt_claims: dict = get_claims(request)
jwt_username = jwt_claims.get('sub')
group_member: GroupMember = GroupMemberDao.get_group_member(
group_id=int(group_id), username=jwt_username)
if group_member is not None and group_member.user == 'admin' and group_member.status == 'accepted':
current_app.logger.info(
f'Admin user {jwt_username} is deleting the group membership for user {username} in group with id '
f'{group_id}.')
else:
current_app.logger.info(
f'User {jwt_username} is not authorized to delete the group membership for user {username} in group with '
f'id {group_id}.')
response = jsonify({
'self':
f'/v2/groups/members/{group_id}/{username}',
'deleted':
False,
'error':
f'User {jwt_username} is not authorized to delete the group membership for user {username} in '
f'group with id {group_id}.'
})
response.status_code = 400
return response
membership_deleted = GroupMemberDao.soft_delete_group_member(
int(group_id), username)
if membership_deleted:
team: Team = TeamDao.get_team_by_group_id(int(group_id))
user_groups: ResultProxy = GroupMemberDao.get_user_groups_in_team(
username, team.name)
# If the user has no more group memberships in this team, remove them from the team.
if user_groups.rowcount == 0:
TeamMemberDao.update_user_memberships(username=username,
teams_joined=[],
teams_left=[team.name],
groups_joined=[],
groups_left=[])
response = jsonify({
'self': f'/v2/groups/members/{group_id}/{username}',
'deleted': True,
})
response.status_code = 204
return response
else:
response = jsonify({
'self': f'/v2/groups/members/{group_id}/{username}',
'deleted': False,
'error': 'Failed to delete the group membership.'
})
response.status_code = 500
return response
def group_by_id_put(group_id: str) -> Response:
"""
Update a group based on the unique group id.
:param group_id: Unique id which identifies a group.
:return: A response object for the PUT API request.
"""
old_group = GroupDao.get_group_by_id(int(group_id))
jwt_claims: dict = get_claims(request)
jwt_username = jwt_claims.get('sub')
group_member: GroupMember = GroupMemberDao.get_group_member(
group_id=int(group_id), username=jwt_username)
if group_member is not None and group_member.user == 'admin' and group_member.status == 'accepted':
current_app.logger.info(
f'Admin user {jwt_username} is updating a group with id {group_id}.'
)
else:
current_app.logger.info(
f'User {jwt_username} is not authorized to update a group with id {group_id}.'
)
response = jsonify({
'self':
f'/v2/groups/{group_id}',
'updated':
False,
'group':
None,
'error':
f'User {jwt_username} is not authorized to update a group with id {group_id}.'
})
response.status_code = 400
return response
if old_group is None:
response = jsonify({
'self': f'/v2/groups/{group_id}',
'updated': False,
'group': None,
'error': 'There is no existing group with this id.'
})
response.status_code = 400
return response
group_data: dict = request.get_json()
new_group = Group(group_data)
if new_group != old_group:
new_group.modified_date = datetime.now()
new_group.modified_app = 'saints-xctf-api'
is_updated = GroupDao.update_group(group=new_group)
if is_updated:
updated_group = GroupDao.get_group_by_id(int(group_id))
updated_group_dict: dict = GroupData(updated_group).__dict__
response = jsonify({
'self': f'/v2/groups/{group_id}',
'updated': True,
'group': updated_group_dict
})
response.status_code = 200
return response
else:
response = jsonify({
'self': f'/v2/groups/{group_id}',
'updated': False,
'group': None,
'error': 'The group failed to update.'
})
response.status_code = 500
return response
else:
response = jsonify({
'self':
f'/v2/groups/{group_id}',
'updated':
False,
'group':
None,
'error':
'The group submitted is equal to the existing group with the same id.'
})
response.status_code = 400
return response