Add endpoints for group management

ml-evs · ml-evs · commit 8f3071ceb4f5 · 2025-03-11T13:03:53.000Z
diff --git a/pydatalab/schemas/cell.json b/pydatalab/schemas/cell.json
@@ -298,6 +298,57 @@
         "name"
       ]
     },
+    "Group": {
+      "title": "Group",
+      "description": "A model that describes a group of users, for the sake\nof applying group permissions.\n\nEach `Person` model can point to a given group.",
+      "type": "object",
+      "properties": {
+        "type": {
+          "title": "Type",
+          "default": "groups",
+          "const": "groups",
+          "type": "string"
+        },
+        "immutable_id": {
+          "title": "Immutable ID",
+          "format": "uuid",
+          "type": "string"
+        },
+        "last_modified": {
+          "title": "Last Modified",
+          "type": "string",
+          "format": "date-time"
+        },
+        "relationships": {
+          "title": "Relationships",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/TypedRelationship"
+          }
+        },
+        "display_name": {
+          "title": "Display Name",
+          "minLength": 1,
+          "maxLength": 150,
+          "type": "string"
+        },
+        "description": {
+          "title": "Description",
+          "type": "string"
+        },
+        "group_admins": {
+          "title": "Group Admins",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "required": [
+        "display_name",
+        "group_admins"
+      ]
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -354,6 +405,13 @@
           "type": "string",
           "format": "email"
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "managers": {
           "title": "Managers",
           "type": "array",
diff --git a/pydatalab/schemas/equipment.json b/pydatalab/schemas/equipment.json
@@ -253,6 +253,57 @@
         "name"
       ]
     },
+    "Group": {
+      "title": "Group",
+      "description": "A model that describes a group of users, for the sake\nof applying group permissions.\n\nEach `Person` model can point to a given group.",
+      "type": "object",
+      "properties": {
+        "type": {
+          "title": "Type",
+          "default": "groups",
+          "const": "groups",
+          "type": "string"
+        },
+        "immutable_id": {
+          "title": "Immutable ID",
+          "format": "uuid",
+          "type": "string"
+        },
+        "last_modified": {
+          "title": "Last Modified",
+          "type": "string",
+          "format": "date-time"
+        },
+        "relationships": {
+          "title": "Relationships",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/TypedRelationship"
+          }
+        },
+        "display_name": {
+          "title": "Display Name",
+          "minLength": 1,
+          "maxLength": 150,
+          "type": "string"
+        },
+        "description": {
+          "title": "Description",
+          "type": "string"
+        },
+        "group_admins": {
+          "title": "Group Admins",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "required": [
+        "display_name",
+        "group_admins"
+      ]
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -309,6 +360,13 @@
           "type": "string",
           "format": "email"
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "managers": {
           "title": "Managers",
           "type": "array",
diff --git a/pydatalab/schemas/sample.json b/pydatalab/schemas/sample.json
@@ -257,6 +257,57 @@
         "name"
       ]
     },
+    "Group": {
+      "title": "Group",
+      "description": "A model that describes a group of users, for the sake\nof applying group permissions.\n\nEach `Person` model can point to a given group.",
+      "type": "object",
+      "properties": {
+        "type": {
+          "title": "Type",
+          "default": "groups",
+          "const": "groups",
+          "type": "string"
+        },
+        "immutable_id": {
+          "title": "Immutable ID",
+          "format": "uuid",
+          "type": "string"
+        },
+        "last_modified": {
+          "title": "Last Modified",
+          "type": "string",
+          "format": "date-time"
+        },
+        "relationships": {
+          "title": "Relationships",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/TypedRelationship"
+          }
+        },
+        "display_name": {
+          "title": "Display Name",
+          "minLength": 1,
+          "maxLength": 150,
+          "type": "string"
+        },
+        "description": {
+          "title": "Description",
+          "type": "string"
+        },
+        "group_admins": {
+          "title": "Group Admins",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "required": [
+        "display_name",
+        "group_admins"
+      ]
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -313,6 +364,13 @@
           "type": "string",
           "format": "email"
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "managers": {
           "title": "Managers",
           "type": "array",
diff --git a/pydatalab/schemas/startingmaterial.json b/pydatalab/schemas/startingmaterial.json
@@ -311,6 +311,57 @@
         "name"
       ]
     },
+    "Group": {
+      "title": "Group",
+      "description": "A model that describes a group of users, for the sake\nof applying group permissions.\n\nEach `Person` model can point to a given group.",
+      "type": "object",
+      "properties": {
+        "type": {
+          "title": "Type",
+          "default": "groups",
+          "const": "groups",
+          "type": "string"
+        },
+        "immutable_id": {
+          "title": "Immutable ID",
+          "format": "uuid",
+          "type": "string"
+        },
+        "last_modified": {
+          "title": "Last Modified",
+          "type": "string",
+          "format": "date-time"
+        },
+        "relationships": {
+          "title": "Relationships",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/TypedRelationship"
+          }
+        },
+        "display_name": {
+          "title": "Display Name",
+          "minLength": 1,
+          "maxLength": 150,
+          "type": "string"
+        },
+        "description": {
+          "title": "Description",
+          "type": "string"
+        },
+        "group_admins": {
+          "title": "Group Admins",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "required": [
+        "display_name",
+        "group_admins"
+      ]
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -367,6 +418,13 @@
           "type": "string",
           "format": "email"
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "managers": {
           "title": "Managers",
           "type": "array",
diff --git a/pydatalab/src/pydatalab/login.py b/pydatalab/src/pydatalab/login.py
@@ -10,7 +10,7 @@
 from flask_login import LoginManager, UserMixin
 
 from pydatalab.models import Person
-from pydatalab.models.people import AccountStatus, Identity, IdentityType
+from pydatalab.models.people import AccountStatus, Group, Identity, IdentityType
 from pydatalab.models.utils import UserRole
 from pydatalab.mongo import flask_mongo
 
@@ -68,6 +68,11 @@ def identities(self) -> List[Identity]:
         """Returns the list of identities of the user."""
         return self.person.identities
 
+    @property
+    def groups(self) -> List[Group]:
+        """Returns the list of groups that the user is a member of."""
+        return self.person.groups
+
     @property
     def identity_types(self) -> List[IdentityType]:
         """Returns a list of the identity types associated with the user."""
@@ -88,6 +93,20 @@ def get_by_id_cached(user_id):
     return get_by_id(user_id)
 
 
+def groups_lookup() -> dict:
+    return {
+        "from": "groups",
+        "let": {"group_ids": "$group_ids"},
+        "pipeline": [
+            {"$match": {"$expr": {"$in": ["$_id", {"$ifNull": ["$$group_ids", []]}]}}},
+            {"$addFields": {"__order": {"$indexOfArray": ["$$group_ids", "$_id"]}}},
+            {"$sort": {"__order": 1}},
+            {"$project": {"_id": 1, "display_name": 1}},
+        ],
+        "as": "groups",
+    }
+
+
 def get_by_id(user_id: str) -> Optional[LoginUser]:
     """Lookup the user database ID and create a new `LoginUser`
     with the relevant metadata.
diff --git a/pydatalab/src/pydatalab/models/people.py b/pydatalab/src/pydatalab/models/people.py
@@ -98,6 +98,27 @@ class AccountStatus(str, Enum):
     DEACTIVATED = "deactivated"
 
 
+class Group(Entry):
+    """A model that describes a group of users, for the sake
+    of applying group permissions.
+
+    Each `Person` model can point to a given group.
+
+    """
+
+    type: str = Field("groups", const=True)
+    """The entry type as a string."""
+
+    display_name: DisplayName
+    """The chosen display name for the group"""
+
+    description: Optional[str]
+    """A description of the group"""
+
+    group_admins: List[PyObjectId]
+    """A list of user IDs that can manage this group."""
+
+
 class Person(Entry):
     """A model that describes an individual and their digital identities."""
 
@@ -113,6 +134,9 @@ class Person(Entry):
     contact_email: Optional[EmailStr]
     """In the case of multiple *verified* email identities, this email will be used as the primary contact."""
 
+    groups: Optional[List[Group]]
+    """A list of groups that this person belongs to."""
+
     managers: Optional[List[PyObjectId]]
     """A list of user IDs that can manage this person's items."""
 
diff --git a/pydatalab/src/pydatalab/routes/v0_1/users.py b/pydatalab/src/pydatalab/routes/v0_1/users.py
