Base API and tables for RBAC support.

2025-06-15 05:48:11 +00:00 · 2021-05-25 18:34:59 +09:30
parent eb0f8c6174
commit 6d4da98b8e
15 changed files with 1196 additions and 42 deletions
--- a/gns3server/api/routes/controller/groups.py
+++ b/gns3server/api/routes/controller/groups.py
@ -31,6 +31,7 @@ from gns3server.controller.controller_error import (
 )

 from gns3server.db.repositories.users import UsersRepository
+from gns3server.db.repositories.rbac import RbacRepository
 from .dependencies.database import get_repository

 import logging
@ -182,3 +183,61 @@ async def remove_member_from_group(
    user_group = await users_repo.remove_member_from_user_group(user_group_id, user)
    if not user_group:
        raise ControllerNotFoundError(f"User group '{user_group_id}' not found")
+
+
+@router.get("/{user_group_id}/roles", response_model=List[schemas.Role])
+async def get_user_group_roles(
+        user_group_id: UUID,
+        users_repo: UsersRepository = Depends(get_repository(UsersRepository))
+) -> List[schemas.Role]:
+    """
+    Get all user group roles.
+    """
+
+    return await users_repo.get_user_group_roles(user_group_id)
+
+
+@router.put(
+    "/{user_group_id}/roles/{role_id}",
+    status_code=status.HTTP_204_NO_CONTENT
+)
+async def add_role_to_group(
+        user_group_id: UUID,
+        role_id: UUID,
+        users_repo: UsersRepository = Depends(get_repository(UsersRepository)),
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+) -> None:
+    """
+    Add role to an user group.
+    """
+
+    role = await rbac_repo.get_role(role_id)
+    if not role:
+        raise ControllerNotFoundError(f"Role '{role_id}' not found")
+
+    user_group = await users_repo.add_role_to_user_group(user_group_id, role)
+    if not user_group:
+        raise ControllerNotFoundError(f"User group '{user_group_id}' not found")
+
+
+@router.delete(
+    "/{user_group_id}/roles/{role_id}",
+    status_code=status.HTTP_204_NO_CONTENT
+)
+async def remove_role_from_group(
+    user_group_id: UUID,
+    role_id: UUID,
+    users_repo: UsersRepository = Depends(get_repository(UsersRepository)),
+    rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+) -> None:
+    """
+    Remove role from an user group.
+    """
+
+    role = await rbac_repo.get_role(role_id)
+    if not role:
+        raise ControllerNotFoundError(f"Role '{role_id}' not found")
+
+    user_group = await users_repo.remove_role_from_user_group(user_group_id, role)
+    if not user_group:
+        raise ControllerNotFoundError(f"User group '{user_group_id}' not found")