From 61e512c208321ce3ec754a11b5b0db585c72fbde Mon Sep 17 00:00:00 2001
From: Luka Radenovic <luka@init.hr>
Date: Mon, 16 May 2022 13:44:15 +0200
Subject: [PATCH] Added new role management

---
 areas/users/user_service.py | 73 ++++++++++++++++++++++++++-----------
 areas/users/users.py        |  1 +
 areas/users/validation.py   | 24 +++++++++---
 3 files changed, 71 insertions(+), 27 deletions(-)

diff --git a/areas/users/user_service.py b/areas/users/user_service.py
index 74f0bc4..70ce78c 100644
--- a/areas/users/user_service.py
+++ b/areas/users/user_service.py
@@ -1,4 +1,5 @@
 import copy
+from areas.apps.models import App
 
 from database import db
 from areas.apps import AppRole
@@ -28,14 +29,18 @@ class UserService:
         }
         res = KratosApi.post("/admin/identities", kratos_data).json()
 
-        appRole = AppRole(
-            user_id=res["id"],
-            role_id=data["role_id"] if "role_id" in data else None,
-            app_id=1,
-        )
+        if data["app_roles"]:
+            app_roles = data["app_roles"]
+            for ar in app_roles:
+                app = App.query.filter_by(slug=ar["name"]).first()
+                app_role = AppRole(
+                    user_id=res["id"],
+                    role_id=ar["role_id"] if "role_id" in ar else None,
+                    app_id=app.id,
+                )
 
-        db.session.add(appRole)
-        db.session.commit()
+                db.session.add(app_role)
+            db.session.commit()
 
         return UserService.get_user(res["id"])
 
@@ -47,24 +52,48 @@ class UserService:
         }
         KratosApi.put("/admin/identities/{}".format(id), kratos_data)
 
-        app_role = AppRole.query.filter_by(user_id=id).first()
-        if app_role:
-            app_role.role_id = data["role_id"] if "role_id" in data else None
-            db.session.commit()
-        else:
-            appRole = AppRole(
-                user_id=id,
-                role_id=data["role_id"] if "role_id" in data else None,
-                app_id=1,
-            )
-            db.session.add(appRole)
-            db.session.commit()
+        if data["app_roles"]:
+            app_roles = data["app_roles"]
+            for ar in app_roles:
+                app = App.query.filter_by(slug=ar["name"]).first()
+                app_role = AppRole.query.filter_by(user_id=id, app_id=app.id).first()
+
+                if app_role:
+                    app_role.role_id = ar["role_id"] if "role_id" in ar else None
+                    db.session.commit()
+                else:
+                    appRole = AppRole(
+                        user_id=id,
+                        role_id=ar["role_id"] if "role_id" in ar else None,
+                        app_id=app.id,
+                    )
+                    db.session.add(appRole)
+                    db.session.commit()
 
         return UserService.get_user(id)
 
     @staticmethod
-    def __insertAppRoleToUser(userId, userRes):
-        app_role = AppRole.query.filter_by(user_id=userId).first()
-        userRes["traits"]["role_id"] = app_role.role_id if app_role else None
+    def delete_user(id):
+        app_role = AppRole.query.filter_by(user_id=id).all()
+        for ar in app_role:
+            db.session.delete(ar)
+        db.session.commit()
 
+    @staticmethod
+    def __insertAppRoleToUser(userId, userRes):
+        app_role = AppRole.query.filter_by(user_id=userId)
+        apps = App.query.all()
+
+        app_roles = []
+
+        for app in apps:
+            tmp_app_role = app_role.filter_by(app_id=app.id).first()
+            app_roles.append(
+                {
+                    "name": app.slug,
+                    "role_id": tmp_app_role.role_id if tmp_app_role else None,
+                }
+            )
+
+        userRes["traits"]["app_roles"] = app_roles
         return userRes
diff --git a/areas/users/users.py b/areas/users/users.py
index a2127c0..90bc113 100644
--- a/areas/users/users.py
+++ b/areas/users/users.py
@@ -51,6 +51,7 @@ def put_user(id):
 @cross_origin()
 def delete_user(id):
     res = KratosApi.delete("/identities/{}".format(id))
+    UserService.delete_user(id)
     if res.status_code == 204:
         return jsonify(), res.status_code
     return jsonify(res.json()), res.status_code
diff --git a/areas/users/validation.py b/areas/users/validation.py
index 85d6031..610f82b 100644
--- a/areas/users/validation.py
+++ b/areas/users/validation.py
@@ -9,11 +9,25 @@ schema = {
             "pattern": r"(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|\"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*\")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])",
             "minLength": 1,
         },
-        "role_id": {
-            "type": "integer",
-            "description": "Role of the user",
-            "minimum": 1,
+        "app_roles": {
+            "type": "array",
+            "items": {
+                "type": "object",
+                "properties": {
+                    "name": {
+                        "type": "string",
+                        "description": "Name of the app",
+                        "minLenght": 1,
+                    },
+                    "role_id": {
+                        "type": ["integer", "null"],
+                        "description": "Role of the user",
+                        "minimum": 1,
+                    },
+                },
+                "required": ["name", "role_id"],
+            },
         },
     },
-    "required": ["email"],
+    "required": ["email", "app_roles"],
 }