User Endpoints + Tests

tracim/exceptions.py

@@ -140,6 +140,7 @@ class InvalidWorkspaceId(InvalidId):
 class InvalidUserId(InvalidId):
     pass
 
+
 class ContentNotFound(TracimException):
     pass
 
@@ -152,6 +153,10 @@ class WorkspacesDoNotMatch(TracimException):
     pass
 
 
+class PasswordDoNotMatch(TracimException):
+    pass
+
+
 class EmptyValueNotAllowed(TracimException):
     pass
 

tracim/lib/core/user.py

@@ -118,9 +118,10 @@ class UserApi(object):
             name: str=None,
             email: str=None,
             password: str=None,
-            timezone: str='',
+            timezone: str=None,
+            groups: typing.Optional[typing.List[Group]]=None,
             do_save=True,
-    ) -> None:
+    ) -> User:
         if name is not None:
             user.display_name = name
 
@@ -130,11 +131,24 @@ class UserApi(object):
         if password is not None:
             user.password = password
 
-        user.timezone = timezone
+        if timezone is not None:
+            user.timezone = timezone
+
+        if groups is not None:
+            # INFO - G.M - 2018-07-18 - Delete old groups
+            for group in user.groups:
+                if group not in groups:
+                    user.groups.remove(group)
+            # INFO - G.M - 2018-07-18 - add new groups
+            for group in groups:
+                if group not in user.groups:
+                    user.groups.append(group)
 
         if do_save:
             self.save(user)
 
+        return user
+
     def create_user(
         self,
         email,
@@ -188,6 +202,16 @@ class UserApi(object):
 
         return user
 
+    def enable(self, user: User, do_save=False):
+        user.is_active = True
+        if do_save:
+            self.save(user)
+
+    def disable(self, user:User, do_save=False):
+        user.is_active = False
+        if do_save:
+            self.save(user)
+
     def save(self, user: User):
         self._session.flush()
 

tracim/models/context_models.py

@@ -34,6 +34,67 @@ class LoginCredentials(object):
         self.password = password
 
 
+class SetEmail(object):
+    """
+    Just an email
+    """
+    def __init__(self, loggedin_user_password: str, email: str) -> None:
+        self.loggedin_user_password = loggedin_user_password
+        self.email = email
+
+
+class SetPassword(object):
+    """
+    Just an password
+    """
+    def __init__(self,
+        loggedin_user_password: str,
+        new_password: str,
+        new_password2: str
+    ) -> None:
+        self.loggedin_user_password = loggedin_user_password
+        self.new_password = new_password
+        self.new_password2 = new_password2
+
+
+class UserInfos(object):
+    """
+    Just some user infos
+    """
+    def __init__(self, timezone: str, public_name: str) -> None:
+        self.timezone = timezone
+        self.public_name = public_name
+
+
+class UserProfile(object):
+    """
+    Just some user infos
+    """
+    def __init__(self, profile: str) -> None:
+        self.profile = profile
+
+
+class UserCreation(object):
+    """
+    Just some user infos
+    """
+    def __init__(
+            self,
+            email: str,
+            password: str,
+            public_name: str,
+            timezone: str,
+            profile: str,
+            email_notification: str,
+    ) -> None:
+        self.email = email
+        self.password = password
+        self.public_name = public_name
+        self.timezone = timezone
+        self.profile = profile
+        self.email_notification = email_notification
+
+
 class WorkspaceAndContentPath(object):
     """
     Paths params with workspace id and content_id model

tracim/views/core_api/schemas.py

@@ -11,6 +11,11 @@ from tracim.models.contents import open_status
 from tracim.models.contents import ContentTypeLegacy as ContentType
 from tracim.models.contents import ContentStatusLegacy as ContentStatus
 from tracim.models.context_models import ContentCreation
+from tracim.models.context_models import UserCreation
+from tracim.models.context_models import SetEmail
+from tracim.models.context_models import SetPassword
+from tracim.models.context_models import UserInfos
+from tracim.models.context_models import UserProfile
 from tracim.models.context_models import CommentCreation
 from tracim.models.context_models import TextBasedContentUpdate
 from tracim.models.context_models import SetContentStatus
@@ -53,11 +58,11 @@ class UserSchema(UserDigestSchema):
     )
     is_active = marshmallow.fields.Bool(
         example=True,
-         # TODO - G.M - Explains this value.
+        description='Is user account activated ?'
     )
     # TODO - G.M - 17-04-2018 - Restrict timezone values
     timezone = marshmallow.fields.String(
-        example="Paris/Europe",
+        example="Europe/Paris",
     )
     # TODO - G.M - 17-04-2018 - check this, relative url allowed ?
     caldav_url = marshmallow.fields.Url(
@@ -76,9 +81,78 @@ class UserSchema(UserDigestSchema):
     class Meta:
         description = 'User account of Tracim'
 
-# Path Schemas
+
+class LoggedInUserPasswordSchema(marshmallow.Schema):
+    loggedin_user_password = marshmallow.fields.String(
+        required=True,
+    )
 
 
+class SetEmailSchema(LoggedInUserPasswordSchema):
+    email = marshmallow.fields.Email(
+        required=True,
+        example='suri.cate@algoo.fr'
+    )
+
+    @post_load
+    def create_set_email_object(self, data):
+        return SetEmail(**data)
+
+
+class SetPasswordSchema(LoggedInUserPasswordSchema):
+    new_password = marshmallow.fields.String(
+        example='8QLa$<w',
+        required=True
+    )
+    new_password2 = marshmallow.fields.String(
+        example='8QLa$<w',
+        required=True
+    )
+
+    @post_load
+    def create_set_password_object(self, data):
+        return SetPassword(**data)
+
+
+class UserInfosSchema(marshmallow.Schema):
+    timezone = marshmallow.fields.String(
+        example="Europe/Paris",
+        required=True,
+    )
+    public_name = marshmallow.fields.String(
+        example='Suri Cate',
+        required=True,
+    )
+
+    @post_load
+    def create_user_info_object(self, data):
+        return UserInfos(**data)
+
+
+class UserProfileSchema(marshmallow.Schema):
+    profile = marshmallow.fields.String(
+        attribute='profile',
+        validate=OneOf(Profile._NAME),
+        example='managers',
+    )
+    @post_load
+    def create_user_profile(self, data):
+        return UserProfile(**data)
+
+
+class UserCreationSchema(
+    SetEmailSchema,
+    SetPasswordSchema,
+    UserInfosSchema,
+    UserProfileSchema
+):
+    @post_load
+    def create_user(self, data):
+        return UserCreation(**data)
+
+
+# Path Schemas
+
 class UserIdPathSchema(marshmallow.Schema):
     user_id = marshmallow.fields.Int(
         example=3,
@@ -122,6 +196,7 @@ class CommentsPathSchema(WorkspaceAndContentIdPathSchema):
         required=True,
         validate=Range(min=1, error="Value must be greater than 0"),
     )
+
     @post_load
     def make_path_object(self, data):
         return CommentPath(**data)
@@ -167,6 +242,7 @@ class FilterContentQuerySchema(marshmallow.Schema):
     @post_load
     def make_content_filter(self, data):
         return ContentFilter(**data)
+
 ###
 
 

tracim/views/core_api/user_controller.py

@@ -1,9 +1,5 @@
+import transaction
 from pyramid.config import Configurator
-from sqlalchemy.orm.exc import NoResultFound
-
-from tracim.lib.utils.authorization import require_same_user_or_profile
-from tracim.models import Group
-from tracim.models.context_models import WorkspaceInContext
 
 try:  # Python 3.5+
     from http import HTTPStatus
@@ -12,12 +8,23 @@ except ImportError:
 
 from tracim import hapic, TracimRequest
 
-from tracim.exceptions import NotAuthenticated
-from tracim.exceptions import InsufficientUserProfile
-from tracim.exceptions import UserDoesNotExist
+from tracim.exceptions import WrongUserPassword, PasswordDoNotMatch
+from tracim.lib.core.group import GroupApi
+from tracim.lib.utils.authorization import require_same_user_or_profile
+from tracim.lib.utils.authorization import require_profile
+from tracim.models import Group
+from tracim.models.context_models import WorkspaceInContext
+from tracim.lib.core.user import UserApi
 from tracim.lib.core.workspace import WorkspaceApi
 from tracim.views.controllers import Controller
 from tracim.views.core_api.schemas import UserIdPathSchema
+from tracim.views.core_api.schemas import UserSchema
+from tracim.views.core_api.schemas import SetEmailSchema
+from tracim.views.core_api.schemas import SetPasswordSchema
+from tracim.views.core_api.schemas import UserInfosSchema
+from tracim.views.core_api.schemas import NoContentSchema
+from tracim.views.core_api.schemas import UserCreationSchema
+from tracim.views.core_api.schemas import UserProfileSchema
 from tracim.views.core_api.schemas import WorkspaceDigestSchema
 
 USER_ENDPOINTS_TAG = 'Users'
@@ -46,12 +53,237 @@ class UserController(Controller):
             for workspace in workspaces
         ]
 
+    @hapic.with_api_doc(tags=[USER_ENDPOINTS_TAG])
+    @require_same_user_or_profile(Group.TIM_ADMIN)
+    @hapic.input_path(UserIdPathSchema())
+    @hapic.output_body(UserSchema())
+    def user(self, context, request: TracimRequest, hapic_data=None):
+        """
+        Get user infos.
+        """
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        return uapi.get_user_with_context(request.candidate_user)
+
+    @hapic.with_api_doc(tags=[USER_ENDPOINTS_TAG])
+    @hapic.handle_exception(WrongUserPassword, HTTPStatus.FORBIDDEN)
+    @require_same_user_or_profile(Group.TIM_ADMIN)
+    @hapic.input_body(SetEmailSchema())
+    @hapic.input_path(UserIdPathSchema())
+    @hapic.output_body(UserSchema())
+    def set_user_email(self, context, request: TracimRequest, hapic_data=None):
+        """
+        Set user Email
+        """
+        if not request.current_user.validate_password(hapic_data.body.loggedin_user_password):  # nopep8
+            raise WrongUserPassword(
+                'Wrong password for authenticated user {}'. format(request.current_user.user_id)  # nopep8
+            )
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        user = uapi.update(
+            request.candidate_user,
+            email=hapic_data.body.email,
+            do_save=True
+        )
+        return uapi.get_user_with_context(user)
+
+    @hapic.with_api_doc(tags=[USER_ENDPOINTS_TAG])
+    @hapic.handle_exception(WrongUserPassword, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(PasswordDoNotMatch, HTTPStatus.BAD_REQUEST)
+    @require_same_user_or_profile(Group.TIM_ADMIN)
+    @hapic.input_body(SetPasswordSchema())
+    @hapic.input_path(UserIdPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def set_user_password(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        Set user password
+        """
+        if not request.current_user.validate_password(hapic_data.body.loggedin_user_password):  # nopep8
+            raise WrongUserPassword(
+                'Wrong password for authenticated user {}'. format(request.current_user.user_id)  # nopep8
+            )
+        if hapic_data.body.new_password != hapic_data.body.new_password2:
+            raise PasswordDoNotMatch('Passwords given are different')
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        uapi.update(
+            request.candidate_user,
+            password=hapic_data.body.new_password,
+            do_save=True
+        )
+        uapi.save(request.candidate_user)
+        # TODO - G.M - 2018-07-24 - Check why commit is needed here
+        transaction.commit()
+        return
+
+    @hapic.with_api_doc(tags=[USER_ENDPOINTS_TAG])
+    @require_same_user_or_profile(Group.TIM_ADMIN)
+    @hapic.input_body(UserInfosSchema())
+    @hapic.input_path(UserIdPathSchema())
+    @hapic.output_body(UserSchema())
+    def set_user_infos(self, context, request: TracimRequest, hapic_data=None):
+        """
+        Set user info data
+        """
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        user = uapi.update(
+            request.candidate_user,
+            name=hapic_data.body.public_name,
+            timezone=hapic_data.body.timezone,
+            do_save=True
+        )
+        return uapi.get_user_with_context(user)
+
+    @hapic.with_api_doc(tags=[USER_ENDPOINTS_TAG])
+    @require_profile(Group.TIM_ADMIN)
+    @hapic.input_path(UserIdPathSchema())
+    @hapic.input_body(UserCreationSchema())
+    @hapic.output_body(UserSchema())
+    def create_user(self, context, request: TracimRequest, hapic_data=None):
+        """
+        Create new user
+        """
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        gapi = GroupApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        groups = [gapi.get_one_with_name(hapic_data.body.profile)]
+        user = uapi.create_user(
+            email=hapic_data.body.email,
+            password=hapic_data.body.password,
+            timezone=hapic_data.body.timezone,
+            name=hapic_data.body.public_name,
+            do_notify=hapic_data.body.email_notification,
+            groups=groups,
+            do_save=True
+        )
+        return uapi.get_user_with_context(user)
+
+    @hapic.with_api_doc(tags=[USER_ENDPOINTS_TAG])
+    @require_profile(Group.TIM_ADMIN)
+    @hapic.input_path(UserIdPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def enable_user(self, context, request: TracimRequest, hapic_data=None):
+        """
+        enable user
+        """
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        uapi.enable(user=request.candidate_user, do_save=True)
+        return
+
+    @hapic.with_api_doc(tags=[USER_ENDPOINTS_TAG])
+    @require_profile(Group.TIM_ADMIN)
+    @hapic.input_path(UserIdPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def disable_user(self, context, request: TracimRequest, hapic_data=None):
+        """
+        disable user
+        """
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        uapi.disable(user=request.candidate_user, do_save=True)
+        return
+
+    @hapic.with_api_doc(tags=[USER_ENDPOINTS_TAG])
+    @require_profile(Group.TIM_ADMIN)
+    @hapic.input_path(UserIdPathSchema())
+    @hapic.input_body(UserProfileSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def set_profile(self, context, request: TracimRequest, hapic_data=None):
+        """
+        set user profile
+        """
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        gapi = GroupApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        groups = [gapi.get_one_with_name(hapic_data.body.profile)]
+        uapi.update(
+            user=request.candidate_user,
+            groups=groups,
+            do_save=True,
+        )
+        return
+
     def bind(self, configurator: Configurator) -> None:
         """
         Create all routes and views using pyramid configurator
         for this controller
         """
 
-        # Applications
+        # user workspace
         configurator.add_route('user_workspace', '/users/{user_id}/workspaces', request_method='GET')  # nopep8
         configurator.add_view(self.user_workspace, route_name='user_workspace')
+
+        # user info
+        configurator.add_route('user', '/users/{user_id}', request_method='GET')  # nopep8
+        configurator.add_view(self.user, route_name='user')
+
+        # set user email
+        configurator.add_route('set_user_email', '/users/{user_id}/email', request_method='PUT')  # nopep8
+        configurator.add_view(self.set_user_email, route_name='set_user_email')
+
+        # set user password
+        configurator.add_route('set_user_password', '/users/{user_id}/password', request_method='PUT')  # nopep8
+        configurator.add_view(self.set_user_password, route_name='set_user_password')  # nopep8
+
+        # set user_info
+        configurator.add_route('set_user_info', '/users/{user_id}', request_method='PUT')  # nopep8
+        configurator.add_view(self.set_user_infos, route_name='set_user_info')
+
+        # create user
+        configurator.add_route('create_user', '/users', request_method='POST')
+        configurator.add_view(self.create_user, route_name='create_user')
+
+        # enable user
+        configurator.add_route('enable_user', '/users/{user_id}/enable', request_method='PUT')  # nopep8
+        configurator.add_view(self.enable_user, route_name='enable_user')
+
+        # disable user
+        configurator.add_route('disable_user', '/users/{user_id}/disable', request_method='PUT')  # nopep8
+        configurator.add_view(self.disable_user, route_name='disable_user')
+
+        # set user profile
+        configurator.add_route('set_user_profile', '/users/{user_id}/profile', request_method='PUT')  # nopep8
+        configurator.add_view(self.set_profile, route_name='set_user_profile')