def obtain_roles(self, request, group):
"""Obtain roles based on request, supports exclusion."""
exclude = self.validate_and_get_exclude_key(request.query_params)
roles = (group.roles_with_access() if exclude == 'false'
else self.obtain_roles_with_exclusion(request, group))
return [RoleMinimumSerializer(role).data for role in roles]
def obtain_roles(self, request, group):
"""Obtain roles based on request, supports exclusion."""
exclude = validate_and_get_key(request.query_params, EXCLUDE_KEY, VALID_EXCLUDE_VALUES, "false")
roles = group.roles_with_access() if exclude == "false" else self.obtain_roles_with_exclusion(request, group)
filtered_roles = self.filtered_roles(roles, request)
annotated_roles = filtered_roles.annotate(policyCount=Count("policies", distinct=True))
if ORDERING_PARAM in request.query_params:
ordered_roles = self.order_queryset(
annotated_roles, VALID_ROLE_ORDER_FIELDS, request.query_params.get(ORDERING_PARAM)
)
return [RoleMinimumSerializer(role).data for role in ordered_roles]
return [RoleMinimumSerializer(role).data for role in annotated_roles]
def roles(self, request, uuid=None):
"""Get, add or remove roles from a group."""
"""
@api {get} /api/v1/groups/:uuid/roles/ Get roles for a group
@apiName getRoles
@apiGroup Group
@apiVersion 1.0.0
@apiDescription Get roles for a group
@apiHeader {String} token User authorization token
@apiParam (Path) {String} id Group unique identifier.
@apiSuccess {Array} data Array of roles
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"data": [
{
"name": "RoleA",
"uuid": "4df211e0-2d88-49a4-8802-728630224d15",
"description": "RoleA Description"
}
]
}
"""
"""
@api {post} /api/v1/groups/:uuid/roles/ Add roles to a group
@apiName addRoles
@apiGroup Group
@apiVersion 1.0.0
@apiDescription Add roles to a group
@apiHeader {String} token User authorization token
@apiParam (Path) {String} id Group unique identifier
@apiParam (Request Body) {Array} roles Array of role UUIDs
@apiParamExample {json} Request Body:
{
"roles": [
"4df211e0-2d88-49a4-8802-728630224d15"
]
}
@apiSuccess {String} uuid Group unique identifier
@apiSuccess {String} name Group name
@apiSuccess {Array} roles Array of roles
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"uuid": "16fd2706-8baf-433b-82eb-8c7fada847da",
"name": "GroupA",
"roles": [
{
"name": "RoleA",
"uuid": "4df211e0-2d88-49a4-8802-728630224d15",
"description": "RoleA Description"
}
]
}
"""
"""
@api {delete} /api/v1/groups/:uuid/roles/ Remove roles from group
@apiName removeRoles
@apiGroup Group
@apiVersion 1.0.0
@apiDescription Remove roles from a group
@apiHeader {String} token User authorization token
@apiParam (Path) {String} id Group unique identifier
@apiParam (Query) {String} roles List of comma separated role UUIDs
@apiSuccessExample {json} Success-Response:
HTTP/1.1 204 NO CONTENT
"""
roles = []
group = self.get_object()
if request.method == 'POST':
serializer = GroupRoleSerializerIn(data=request.data)
if serializer.is_valid(raise_exception=True):
roles = request.data.pop(ROLES_KEY, [])
add_roles(group, roles)
set_system_flag_post_update(group)
response_data = GroupRoleSerializerIn(group)
elif request.method == 'GET':
serialized_roles = [RoleMinimumSerializer(role).data for role in group.roles()]
page = self.paginate_queryset(serialized_roles)
serializer = self.get_serializer(page, many=True)
return self.get_paginated_response(serializer.data)
else:
if ROLES_KEY not in request.query_params:
key = 'detail'
message = 'Query parameter {} is required.'.format(ROLES_KEY)
raise serializers.ValidationError({key: _(message)})
role_ids = request.query_params.get(ROLES_KEY, '').split(',')
serializer = GroupRoleSerializerIn(data={'roles': role_ids})
if serializer.is_valid(raise_exception=True):
remove_roles(group, role_ids)
set_system_flag_post_update(group)
return Response(status=status.HTTP_204_NO_CONTENT)
return Response(status=status.HTTP_200_OK, data=response_data.data)