Add user permissions + RBAC tests.

2025-06-14 21:38:19 +00:00 · 2021-06-03 15:40:12 +09:30
parent 36a27c0c19
commit d65b49acaa
12 changed files with 554 additions and 99 deletions
--- a/gns3server/api/routes/controller/users.py
+++ b/gns3server/api/routes/controller/users.py
@ -32,6 +32,7 @@ from gns3server.controller.controller_error import (
 )

 from gns3server.db.repositories.users import UsersRepository
+from gns3server.db.repositories.rbac import RbacRepository
 from gns3server.services import auth_service

 from .dependencies.authentication import get_current_active_user
@ -210,3 +211,65 @@ async def get_user_memberships(
    """

    return await users_repo.get_user_memberships(user_id)
+
+
+@router.get(
+    "/{user_id}/permissions",
+    dependencies=[Depends(get_current_active_user)],
+    response_model=List[schemas.Permission]
+)
+async def get_user_permissions(
+        user_id: UUID,
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+) -> List[schemas.Permission]:
+    """
+    Get user permissions.
+    """
+
+    return await rbac_repo.get_user_permissions(user_id)
+
+
+@router.put(
+    "/{user_id}/permissions/{permission_id}",
+    dependencies=[Depends(get_current_active_user)],
+    status_code=status.HTTP_204_NO_CONTENT
+)
+async def add_permission_to_user(
+        user_id: UUID,
+        permission_id: UUID,
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+) -> None:
+    """
+    Add a permission to an user.
+    """
+
+    permission = await rbac_repo.get_permission(permission_id)
+    if not permission:
+        raise ControllerNotFoundError(f"Permission '{permission_id}' not found")
+
+    user = await rbac_repo.add_permission_to_user(user_id, permission)
+    if not user:
+        raise ControllerNotFoundError(f"User '{user_id}' not found")
+
+
+@router.delete(
+    "/{user_id}/permissions/{permission_id}",
+    dependencies=[Depends(get_current_active_user)],
+    status_code=status.HTTP_204_NO_CONTENT
+)
+async def remove_permission_from_user(
+    user_id: UUID,
+    permission_id: UUID,
+    rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
+) -> None:
+    """
+    Remove permission from an user.
+    """
+
+    permission = await rbac_repo.get_permission(permission_id)
+    if not permission:
+        raise ControllerNotFoundError(f"Permission '{permission_id}' not found")
+
+    user = await rbac_repo.remove_permission_from_user(user_id, permission)
+    if not user:
+        raise ControllerNotFoundError(f"User '{user_id}' not found")