feat(GroupAPI): Add GroupAPI to FAB (#2339)

* feat: - create API endpoint for Groups - add tests for endpoints and roles * refactor: coverage PR comments * refactor: add the error message --------- Co-authored-by: Daniel Vaz Gaspar <danielvazgaspar@gmail.com>

Author: EnxDev

flask_appbuilder/api/__init__.py

@@ -1268,6 +1268,15 @@ def _init_properties(self) -> None:
  self.edit_query_rel_fields = self.edit_query_rel_fields or dict()
  self.add_query_rel_fields = self.add_query_rel_fields or dict()
 
+ def _fetch_entities(self, model_class: Model, ids: List[int]):
+ if not ids:
+ return []
+ return (
+ self.datamodel.session.query(model_class)
+ .filter(model_class.id.in_(ids))
+ .all()
+ )
+
  def merge_add_field_info(self, response: Dict[str, Any], **kwargs: Any) -> None:
  add_columns_info = kwargs.get("add_columns", {})
  response[API_ADD_COLUMNS_RES_KEY] = self._get_fields_info(

flask_appbuilder/security/sqla/apis/__init__.py

@@ -1,3 +1,4 @@
+from flask_appbuilder.security.sqla.apis.group import GroupApi # noqa: F401
 from flask_appbuilder.security.sqla.apis.permission import PermissionApi # noqa: F401
 from flask_appbuilder.security.sqla.apis.permission_view_menu import ( # noqa: F401
  PermissionViewMenuApi,

flask_appbuilder/security/sqla/apis/group/__init__.py

@@ -0,0 +1 @@
+from .api import GroupApi # noqa: F401

flask_appbuilder/security/sqla/apis/group/api.py

@@ -0,0 +1,213 @@
+from flask import request
+from flask_appbuilder import ModelRestApi
+from flask_appbuilder.api import expose, safe
+from flask_appbuilder.const import API_RESULT_RES_KEY
+from flask_appbuilder.models.sqla.interface import SQLAInterface
+from flask_appbuilder.security.decorators import permission_name, protect
+from flask_appbuilder.security.sqla.apis.group.schema import (
+ GroupPostSchema,
+ GroupPutSchema,
+)
+from flask_appbuilder.security.sqla.models import Group, Role, User
+from marshmallow import ValidationError
+from sqlalchemy.exc import IntegrityError
+
+
+class GroupApi(ModelRestApi):
+ resource_name = "security/groups"
+ openapi_spec_tag = "Security Groups"
+ class_permission_name = "Group"
+ datamodel = SQLAInterface(Group)
+ allow_browser_login = True
+
+ list_columns = ["id", "name", "label", "description", "roles", "users"]
+ show_columns = list_columns
+ edit_columns = ["name", "label", "description", "users", "roles"]
+ add_columns = edit_columns
+ search_columns = list_columns
+
+ add_model_schema = GroupPostSchema()
+ edit_model_schema = GroupPutSchema()
+
+ @expose("/", methods=["POST"])
+ @protect()
+ @safe
+ @permission_name("post")
+ def post(self):
+ """Create new group
+ ---
+ post:
+ requestBody:
+ description: Model schema
+ required: true
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/GroupPostSchema'
+ responses:
+ 201:
+ description: Group created
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ result:
+ $ref: '#/components/schemas/GroupPostSchema'
+ 400:
+ $ref: '#/components/responses/400'
+ 401:
+ $ref: '#/components/responses/401'
+ 422:
+ $ref: '#/components/responses/422'
+ 500:
+ $ref: '#/components/responses/500'
+ """
+ try:
+ item = self.add_model_schema.load(request.json)
+ model = Group()
+ roles = []
+ users = []
+
+ for key, value in item.items():
+ if key == "roles":
+ roles = self._fetch_entities(Role, value)
+ missing_role_ids = set(item["roles"]) - {r.id for r in roles}
+ if missing_role_ids:
+ return self.response_400(
+ message={
+ "roles": [
+ (
+ f"Role(s) with ID(s) {sorted(missing_role_ids)} "
+ "do not exist."
+ )
+ ]
+ }
+ )
+ elif key == "users":
+ users = self._fetch_entities(User, value)
+ missing_user_ids = set(item["users"]) - {u.id for u in users}
+ if missing_user_ids:
+ return self.response_400(
+ message={
+ "users": [
+ (
+ f"User(s) with ID(s) {sorted(missing_user_ids)} "
+ "do not exist."
+ )
+ ]
+ }
+ )
+ else:
+ setattr(model, key, value)
+
+ model.roles = roles
+ model.users = users
+
+ self.pre_add(model)
+ self.datamodel.add(model, raise_exception=True)
+
+ return self.response(201, id=model.id)
+
+ except ValidationError as error:
+ return self.response_400(message=error.messages)
+ except IntegrityError as e:
+ return self.response_422(message=str(e.orig))
+
+ @expose("/<pk>", methods=["PUT"])
+ @protect()
+ @safe
+ @permission_name("put")
+ def put(self, pk):
+ """Edit group
+ ---
+ put:
+ parameters:
+ - in: path
+ schema:
+ type: integer
+ name: pk
+ requestBody:
+ description: Model schema
+ required: true
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/GroupPutSchema'
+ responses:
+ 200:
+ description: Group updated
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ result:
+ $ref: '#/components/schemas/GroupPutSchema'
+ 400:
+ $ref: '#/components/responses/400'
+ 401:
+ $ref: '#/components/responses/401'
+ 404:
+ $ref: '#/components/responses/404'
+ 422:
+ $ref: '#/components/responses/422'
+ 500:
+ $ref: '#/components/responses/500'
+ """
+ try:
+ item = self.edit_model_schema.load(request.json)
+ model = self.datamodel.get(pk, self._base_filters)
+ if not model:
+ return self.response_404()
+
+ roles = []
+ users = []
+
+ for key, value in item.items():
+ if key == "roles":
+ roles = self._fetch_entities(Role, value)
+ missing_role_ids = set(value) - {r.id for r in roles}
+ if missing_role_ids:
+ return self.response_400(
+ message={
+ "roles": [
+ (
+ f"Role(s) with ID(s) {sorted(missing_role_ids)} "
+ "do not exist."
+ )
+ ]
+ }
+ )
+ elif key == "users":
+ users = self._fetch_entities(User, value)
+ missing_user_ids = set(value) - {u.id for u in users}
+ if missing_user_ids:
+ return self.response_400(
+ message={
+ "users": [
+ (
+ f"User(s) with ID(s) {sorted(missing_user_ids)} "
+ "do not exist."
+ )
+ ]
+ }
+ )
+ else:
+ setattr(model, key, value)
+
+ if "roles" in item.keys():
+ model.roles = roles
+ if "users" in item.keys():
+ model.users = users
+ self.pre_update(model)
+ self.datamodel.edit(model, raise_exception=True)
+ return self.response(
+ 200,
+ **{API_RESULT_RES_KEY: self.edit_model_schema.dump(item, many=False)},
+ )
+
+ except ValidationError as e:
+ return self.response_400(message=e.messages)
+ except IntegrityError as e:
+ return self.response_422(message=str(e.orig))

flask_appbuilder/security/sqla/apis/group/schema.py

@@ -0,0 +1,73 @@
+from flask_appbuilder.security.sqla.models import Group
+from marshmallow import fields, Schema
+from marshmallow.validate import Length
+
+name_description = "Group name"
+label_description = "Group label"
+description_description = "Group description"
+roles_description = "Group roles"
+users_description = "Group users"
+
+
+class GroupPostSchema(Schema):
+ model_cls = Group
+
+ name = fields.String(
+ required=True,
+ validate=[Length(1, 100)],
+ metadata={"description": name_description},
+ )
+ label = fields.String(
+ required=False,
+ allow_none=True,
+ validate=[Length(0, 150)],
+ metadata={"description": label_description},
+ )
+ description = fields.String(
+ required=False,
+ allow_none=True,
+ validate=[Length(0, 512)],
+ metadata={"description": description_description},
+ )
+ roles = fields.List(
+ fields.Integer,
+ required=False,
+ metadata={"description": roles_description},
+ )
+ users = fields.List(
+ fields.Integer,
+ required=False,
+ metadata={"description": users_description},
+ )
+
+
+class GroupPutSchema(Schema):
+ model_cls = Group
+
+ name = fields.String(
+ required=False,
+ validate=[Length(1, 100)],
+ metadata={"description": name_description},
+ )
+ label = fields.String(
+ required=False,
+ allow_none=True,
+ validate=[Length(0, 150)],
+ metadata={"description": label_description},
+ )
+ description = fields.String(
+ required=False,
+ allow_none=True,
+ validate=[Length(0, 512)],
+ metadata={"description": description_description},
+ )
+ roles = fields.List(
+ fields.Integer,
+ required=False,
+ metadata={"description": roles_description},
+ )
+ users = fields.List(
+ fields.Integer,
+ required=False,
+ metadata={"description": users_description},
+ )