diff --git a/selfprivacy_api/actions/users.py b/selfprivacy_api/actions/users.py index a911c96..28b1b44 100644 --- a/selfprivacy_api/actions/users.py +++ b/selfprivacy_api/actions/users.py @@ -187,3 +187,10 @@ def generate_password_reset_link(username: str) -> str: raise UserIsProtected return ACTIVE_USERS_PROVIDER.generate_password_reset_link(username=username) + + +def groups_list() -> list: + if isinstance(ACTIVE_USERS_PROVIDER, JsonUserRepository): + raise ApiUsingWrongUserRepository + + return ACTIVE_USERS_PROVIDER.groups_list() diff --git a/selfprivacy_api/graphql/mutations/users_mutations.py b/selfprivacy_api/graphql/mutations/users_mutations.py index 18710cb..34180dd 100644 --- a/selfprivacy_api/graphql/mutations/users_mutations.py +++ b/selfprivacy_api/graphql/mutations/users_mutations.py @@ -41,6 +41,7 @@ from selfprivacy_api.repositories.users.exceptions import ( SelfPrivacyAppIsOutdate, ) from selfprivacy_api.repositories.users.exceptions_kanidm import ( + FailedToGetValidKanidmToken, KanidmDidNotReturnAdminPassword, KanidmQueryError, KanidmReturnEmptyResponse, @@ -107,6 +108,7 @@ class UsersMutations: DisplaynameNotAlphanumeric, DisplaynameTooLong, KanidmCliSubprocessError, + FailedToGetValidKanidmToken, ) as error: return return_failed_mutation_return( message=error.get_error_message(), @@ -157,6 +159,7 @@ class UsersMutations: KanidmDidNotReturnAdminPassword, KanidmQueryError, KanidmCliSubprocessError, + FailedToGetValidKanidmToken, ) as error: return GenericMutationReturn( success=False, @@ -188,6 +191,7 @@ class UsersMutations: DisplaynameNotAlphanumeric, DisplaynameTooLong, KanidmCliSubprocessError, + FailedToGetValidKanidmToken, ) as error: return return_failed_mutation_return( message=error.get_error_message(), @@ -286,6 +290,7 @@ class UsersMutations: KanidmReturnEmptyResponse, KanidmQueryError, KanidmCliSubprocessError, + FailedToGetValidKanidmToken, ) as error: return PasswordResetLinkReturn( success=False, diff --git a/selfprivacy_api/graphql/queries/users.py b/selfprivacy_api/graphql/queries/users.py index afa1868..f689bd8 100644 --- a/selfprivacy_api/graphql/queries/users.py +++ b/selfprivacy_api/graphql/queries/users.py @@ -11,6 +11,7 @@ from selfprivacy_api.graphql.common_types.user import ( ) from selfprivacy_api.graphql import IsAuthenticated from selfprivacy_api.repositories.users.exceptions import UserNotFound +from selfprivacy_api.actions.users import groups_list as action_groups_list @strawberry.type @@ -27,3 +28,7 @@ class Users: all_users: typing.List[User] = strawberry.field( permission_classes=[IsAuthenticated], resolver=get_users ) + + @strawberry.field(permission_classes=[IsAuthenticated]) + def groups_list() -> list: + action_groups_list() diff --git a/selfprivacy_api/repositories/users/abstract_user_repository.py b/selfprivacy_api/repositories/users/abstract_user_repository.py index 53b2775..e80798e 100644 --- a/selfprivacy_api/repositories/users/abstract_user_repository.py +++ b/selfprivacy_api/repositories/users/abstract_user_repository.py @@ -63,3 +63,8 @@ class AbstractUserRepository(ABC): Do not reset the password, just generate a link to reset the password. ! Not implemented in JsonUserRepository ! """ + + @staticmethod + @abstractmethod + def groups_list() -> list: + """Get groups list""" diff --git a/selfprivacy_api/repositories/users/exceptions_kanidm.py b/selfprivacy_api/repositories/users/exceptions_kanidm.py index 49df5bf..6c1d58f 100644 --- a/selfprivacy_api/repositories/users/exceptions_kanidm.py +++ b/selfprivacy_api/repositories/users/exceptions_kanidm.py @@ -58,3 +58,11 @@ class KanidmCliSubprocessError(Exception): if self.error else "An error occurred when using Kanidm cli." ) + + +class FailedToGetValidKanidmToken(Exception): + """Kanidm failed to return a valid token""" + + @staticmethod + def get_error_message() -> str: + return "Failed to get valid Kanidm token." diff --git a/selfprivacy_api/repositories/users/kanidm_user_repository.py b/selfprivacy_api/repositories/users/kanidm_user_repository.py index b6899e2..2286366 100644 --- a/selfprivacy_api/repositories/users/kanidm_user_repository.py +++ b/selfprivacy_api/repositories/users/kanidm_user_repository.py @@ -10,6 +10,7 @@ from selfprivacy_api.repositories.users.exceptions import ( UserNotFound, ) from selfprivacy_api.repositories.users.exceptions_kanidm import ( + FailedToGetValidKanidmToken, KanidmCliSubprocessError, KanidmDidNotReturnAdminPassword, KanidmQueryError, @@ -252,9 +253,7 @@ class KanidmUserRepository(AbstractUserRepository): elif response_data == "accessdenied": raise KanidmQueryError(error_text="Kanidm access issue") elif response_data == "notauthenticated": - raise KanidmQueryError( - error_text="Failed to get valid Kanidm token" - ) + raise FailedToGetValidKanidmToken logger.error(f"Kanidm query error: {response.text}") raise KanidmQueryError(error_text=response.text) @@ -483,3 +482,16 @@ class KanidmUserRepository(AbstractUserRepository): return f"https://auth.{get_domain()}/ui/reset?token={token}" raise NoPasswordResetLinkFoundInResponse + + @staticmethod + def groups_list() -> list: + groups_list_data = KanidmUserRepository._send_query( + endpoint="/v1/group", + method="GET", + ) + + KanidmUserRepository._check_response_type_and_not_empty( + data_type="list", response_data=groups_list_data + ) + + return groups_list_data # type: ignore