Skip to content

feat: added endpoint for checking admin groups (AAI-378) #126

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
minh-biocommons merged 3 commits into from
Nov 18, 2025
Merged

feat: added endpoint for checking admin groups (AAI-378) #126

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
df0e8ed
feat: add endpoint to retrieve admin groups for current user
minh-biocommons Nov 18, 2025
e5d375d
Merge branch 'main' of https://github.com/AustralianBioCommons/aai-ba…
minh-biocommons Nov 18, 2025
830860d
feat: add data model for platform admin response
minh-biocommons Nov 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions routers/user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
from auth0.user_info import UserInfo, get_auth0_user_info
from config import Settings, get_settings
from db.models import (
BiocommonsGroup,
BiocommonsUser,
GroupMembership,
Platform,
Expand Down Expand Up @@ -54,6 +55,23 @@ class CombinedMembershipData(PydanticBaseModel):
groups: list[GroupMembershipData]


class PlatformAdminData(PydanticBaseModel):
"""
Data model for platform admin response.
"""
id: str
name: str


class GroupAdminData(PydanticBaseModel):
"""
Data model for group admin response.
"""
id: str = Field(validation_alias="group_id")
name: str
short_name: str


async def get_user_data(
user: SessionUser, settings: Annotated[Settings, Depends(get_settings)]
) -> Auth0UserData:
Expand Down Expand Up @@ -155,6 +173,7 @@ async def get_pending_platforms(

@router.get(
"/platforms/admin-roles",
response_model=list[PlatformAdminData],
description="Get platforms for which the current user has admin privileges.",
)
async def get_admin_platforms(
Expand Down Expand Up @@ -197,6 +216,20 @@ async def get_pending_groups(
session=db_session)


@router.get(
"/groups/admin-roles",
response_model=list[GroupAdminData],
description="Get groups for which the current user has admin privileges.",
)
async def get_admin_groups(
user: Annotated[SessionUser, Depends(get_session_user)],
db_session: Annotated[Session, Depends(get_db_session)],
):
"""Get groups for which the current user has admin privileges."""
user_roles = user.access_token.biocommons_roles
return BiocommonsGroup.get_for_admin_roles(role_names=user_roles, session=db_session)


@router.get("/is-general-admin")
async def check_is_general_admin(
user: Annotated[SessionUser, Depends(get_session_user)],
Expand Down
39 changes: 38 additions & 1 deletion tests/test_user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -427,11 +427,48 @@ def test_get_admin_platforms(test_client, test_db_session, mocker, persistent_fa
response = test_client.get("/me/platforms/admin-roles", headers={"Authorization": "Bearer valid_token"})
assert response.status_code == 200
data = response.json()
assert data[0] == valid_platform.model_dump(mode="json")
assert len(data) == 1
assert data[0]["id"] == valid_platform.id
assert data[0]["name"] == valid_platform.name
# Should not include relationships or other fields
assert "admin_roles" not in data[0]
assert "platform_role" not in data[0]
returned_ids = [p["id"] for p in data]
assert invalid_platform.id not in returned_ids


def test_get_admin_groups(test_client, test_db_session, mocker, persistent_factories):
"""Test that endpoint returns list of groups the user is an admin for"""
admin_role = Auth0RoleFactory.create_sync(name="biocommons/role/test_group/admin")
other_group_role = Auth0RoleFactory.create_sync(name="Other Group Role")
user = BiocommonsUserFactory.create_sync()
valid_group = BiocommonsGroupFactory.create_sync(
group_id="biocommons/group/test_group",
name="Test Group",
short_name="testgrp",
admin_roles=[admin_role]
)
invalid_group = BiocommonsGroupFactory.create_sync(
group_id="biocommons/group/other",
name="Other Group",
short_name="other",
admin_roles=[other_group_role]
)
test_db_session.flush()
_act_as_user(mocker, user, roles=[admin_role.name])
response = test_client.get("/me/groups/admin-roles", headers={"Authorization": "Bearer valid_token"})
assert response.status_code == 200
data = response.json()
assert len(data) == 1
assert data[0]["id"] == valid_group.group_id
assert data[0]["name"] == valid_group.name
assert data[0]["short_name"] == valid_group.short_name
assert "admin_roles" not in data[0]
assert "members" not in data[0]
returned_ids = [g["id"] for g in data]
assert invalid_group.group_id not in returned_ids


def test_update_username(test_client, test_db_session, mocker, persistent_factories):
user = BiocommonsUserFactory.create_sync(username="old_username")
mock_data = Auth0UserDataFactory.build(sub=user.id, username="new_username")
Expand Down