def test_simple_with_members(self):
user = self.create_user(username="******")
user2 = self.create_user(username="******")
organization = self.create_organization(owner=user)
team = self.create_team(organization=organization,
members=[user, user2])
self.create_team(organization=organization, members=[user, user2])
# create a 2nd team to confirm we aren't duping data
result = serialize(team, user, TeamSCIMSerializer(expand=["members"]))
assert result == {
"displayName":
team.name,
"id":
str(team.id),
"members": [
{
"display": user.email,
"value": str(team.member_set[0].id)
},
{
"display": user2.email,
"value": str(team.member_set[1].id)
},
],
"meta": {
"resourceType": "Group"
},
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
}
def on_results(results):
results = serialize(
results,
None,
TeamSCIMSerializer(expand=_team_expand(query_params["excluded_attributes"])),
)
return self.list_api_format(results, queryset.count(), query_params["start_index"])
def get(self, request: Request, organization, team) -> Response:
query_params = self.get_query_parameters(request)
context = serialize(
team,
serializer=TeamSCIMSerializer(expand=_team_expand(query_params["excluded_attributes"])),
)
return Response(context)
def patch(self, request, organization, team):
"""
A SCIM Group PATCH request takes a series of operations to perform on a team.
It does them sequentially and if any of them fail no operations should go through.
The operations are add members, remove members, replace members, and rename team.
"""
operations = request.data.get("Operations", [])
if len(operations) > 100:
return Response(SCIM_400_TOO_MANY_PATCH_OPS_ERROR, status=400)
try:
with transaction.atomic():
for operation in operations:
op = operation["op"].lower()
if op == TeamPatchOps.ADD and operation[
"path"] == "members":
self._add_members_operation(request, operation, team)
elif op == TeamPatchOps.REMOVE and "members" in operation[
"path"]:
# the members op contains a filter string like so:
# members[userName eq "*****@*****.**"]
self._remove_members_operation(request, operation,
team)
elif op == TeamPatchOps.REPLACE:
path = operation.get("path")
if path == "members":
# delete all the current team members
# and replace with the ones in the operation list
with transaction.atomic():
queryset = OrganizationMemberTeam.objects.filter(
team_id=team.id)
queryset.delete()
self._add_members_operation(
request, operation, team)
# azure and okta handle team name change operation differently
elif path is None:
# for okta
self._rename_team_operation(
request, operation["value"]["displayName"],
team)
elif path == "displayName":
# for azure
self._rename_team_operation(
request, operation["value"], team)
else:
return Response(SCIM_400_UNSUPPORTED_ATTRIBUTE,
status=400)
except OrganizationMember.DoesNotExist:
raise ResourceDoesNotExist(detail=SCIM_404_USER_RES)
except IntegrityError as e:
sentry_sdk.capture_exception(e)
return Response(SCIM_400_INTEGRITY_ERROR, status=400)
context = serialize(team, serializer=TeamSCIMSerializer())
return Response(context)
def get(self, request: Request, organization, team) -> Response:
"""
Query an individual team with a SCIM Group GET Request.
- Note that the members field will only contain up to 10000 members.
"""
query_params = self.get_query_parameters(request)
context = serialize(
team,
serializer=TeamSCIMSerializer(expand=_team_expand(query_params["excluded_attributes"])),
)
return Response(context)
def test_excluded_members(self):
user = self.create_user(username="******")
organization = self.create_organization(owner=user)
team = self.create_team(organization=organization, members=[user])
result = serialize(team, user, TeamSCIMSerializer())
assert result == {
"displayName": team.slug,
"id": str(team.id),
"members": None,
"meta": {"resourceType": "Group"},
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
}
def on_results(results):
results = serialize(results, None,
TeamSCIMSerializer(expand=expand))
return self.list_api_format(request, queryset.count(), results)
def team_serializer_for_post(self):
return TeamSCIMSerializer(expand=["members"])
def get(self, request, organization, team):
context = serialize(team,
serializer=TeamSCIMSerializer(expand=["members"]))
return Response(context)