Add new API user management endpoints (#511)

- Remove user from org - Delete user invite
2023-01-23 20:03:07 -05:00 · 2023-01-23 20:03:07 -05:00 · 31e7939cba
commit 31e7939cba
parent c0e2ec6155
3 changed files with 63 additions and 0 deletions
--- a/backend/btrixcloud/orgs.py
+++ b/backend/btrixcloud/orgs.py
@ -18,6 +18,7 @@ from .users import User
 from .invites import (
    AddToOrgRequest,
    InvitePending,
+    InviteRequest,
    InviteToOrgRequest,
    UserRole,
 )
@ -33,6 +34,11 @@ class UpdateRole(InviteToOrgRequest):
    """Update existing role for user"""


+# ============================================================================
+class RemoveFromOrg(InviteRequest):
+    """Remove this user from org"""
+
+
 # ============================================================================
 class RenameOrg(BaseModel):
    """Request to invite another user"""
@ -298,6 +304,14 @@ class OrgOps:
        org.users[str(userid)] = role
        await self.update(org)

+    async def get_org_owners(self, org: Organization):
+        """Return list of org's Owner users."""
+        org_owners = []
+        for key, value in org.users.items():
+            if value == UserRole.OWNER:
+                org_owners.append(key)
+        return org_owners
+

 # ============================================================================
 def init_orgs_api(app, mdb, user_manager, invites, user_dep: User):
@ -445,6 +459,23 @@ def init_orgs_api(app, mdb, user_manager, invites, user_dep: User):
        await user_manager.user_db.update(user)
        return {"added": True}

+    @router.post("/remove", tags=["invites"])
+    async def remove_user_from_org(
+        remove: RemoveFromOrg, org: Organization = Depends(org_owner_dep)
+    ):
+        other_user = await user_manager.user_db.get_by_email(remove.email)
+
+        if org.is_owner(other_user):
+            org_owners = await ops.get_org_owners(org)
+            if len(org_owners) == 1:
+                raise HTTPException(
+                    status_code=400, detail="Can't remove only owner from org"
+                )
+
+        del org.users[str(other_user.id)]
+        await ops.update(org)
+        return {"removed": True}
+
    @router.post("/add-user", tags=["invites"])
    async def add_new_user_to_org(
        invite: AddToOrgRequest,
--- a/backend/btrixcloud/users.py
+++ b/backend/btrixcloud/users.py
@ -445,6 +445,11 @@ def init_users_api(app, user_manager):

        return await user_manager.format_invite(invite)

+    @users_router.get("/invite-delete/{token}", tags=["invites"])
+    async def delete_invite(token: str):
+        await user_manager.invites.remove_invite(token)
+        return {"removed": True}
+
    app.include_router(users_router, prefix="/users", tags=["users"])

    return fastapi_users
--- a/backend/test/test_org.py
+++ b/backend/test/test_org.py
@ -56,3 +56,30 @@ def test_create_org(admin_auth_headers):
    for org in data["orgs"]:
        org_names.append(org["name"])
    assert NEW_ORG_NAME in org_names
+
+
+def test_remove_user_from_org(admin_auth_headers, default_org_id):
+    # Add new user to org
+    r = requests.post(
+        f"{API_PREFIX}/orgs/{default_org_id}/add-user",
+        json={
+            "email": "toremove@example.com",
+            "password": "PASSW0RD!",
+            "name": "toremove",
+            "role": 10,
+        },
+        headers=admin_auth_headers,
+    )
+    assert r.status_code == 200
+    data = r.json()
+    assert data["added"]
+
+    # Remove user
+    r = requests.post(
+        f"{API_PREFIX}/orgs/{default_org_id}/remove",
+        json={"email": "toremove@example.com"},
+        headers=admin_auth_headers,
+    )
+    assert r.status_code == 200
+    data = r.json()
+    assert data["removed"]