feat: include is_admin in the self /user endpoint (#472)

Closes #287.

Author: leafty

components/renku_data_services/users/api.spec.yaml

@@ -19,7 +19,7 @@ paths:
           content:
             "application/json":
               schema:
-                $ref: "#/components/schemas/UserWithId"
+                $ref: "#/components/schemas/SelfUserInfo"
         default:
           $ref: "#/components/responses/Error"
       tags:
@@ -343,6 +343,29 @@ components:
       items:
         $ref: "#/components/schemas/UserWithId"
       uniqueItems: true
+    SelfUserInfo:
+      description: Information about the currently logged in user
+      type: object
+      additionalProperties: false
+      properties:
+        id:
+          $ref: "#/components/schemas/UserId"
+        username:
+          $ref: "#/components/schemas/Username"
+        email:
+          $ref: "#/components/schemas/UserEmail"
+        first_name:
+          $ref: "#/components/schemas/UserFirstLastName"
+        last_name:
+          $ref: "#/components/schemas/UserFirstLastName"
+        is_admin:
+          description: Whether the user is a platform administrator or not
+          type: boolean
+          default: false
+      required:
+        - id
+        - username
+        - is_admin
     UserSecretKey:
       type: object
       additionalProperties: false

components/renku_data_services/users/apispec.py

@@ -1,6 +1,6 @@
 # generated by datamodel-codegen:
 #   filename:  api.spec.yaml
-#   timestamp: 2024-09-12T12:43:38+00:00
+#   timestamp: 2024-10-18T13:00:24+00:00
 
 from __future__ import annotations
 
@@ -140,6 +140,45 @@ class UsersWithId(RootModel[List[UserWithId]]):
     root: List[UserWithId]
 
 
+class SelfUserInfo(BaseAPISpec):
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+    id: str = Field(
+        ...,
+        description="Keycloak user ID",
+        example="f74a228b-1790-4276-af5f-25c2424e9b0c",
+        pattern="^[A-Za-z0-9]{1}[A-Za-z0-9-]+$",
+    )
+    username: str = Field(
+        ...,
+        description="Handle of the user",
+        example="some-username",
+        max_length=99,
+        min_length=1,
+    )
+    email: Optional[str] = Field(
+        None, description="User email", example="some-user@gmail.com"
+    )
+    first_name: Optional[str] = Field(
+        None,
+        description="First or last name of the user",
+        example="John",
+        max_length=256,
+        min_length=1,
+    )
+    last_name: Optional[str] = Field(
+        None,
+        description="First or last name of the user",
+        example="John",
+        max_length=256,
+        min_length=1,
+    )
+    is_admin: bool = Field(
+        False, description="Whether the user is a platform administrator or not"
+    )
+
+
 class SecretWithId(BaseAPISpec):
     model_config = ConfigDict(
         extra="forbid",

components/renku_data_services/users/blueprints.py

@@ -63,13 +63,14 @@ async def _get_self(_: Request, user: base_models.APIUser) -> JSONResponse:
             if not user_info:
                 raise errors.MissingResourceError(message=f"The user with ID {user.id} cannot be found.")
             return validated_json(
-                apispec.UserWithId,
+                apispec.SelfUserInfo,
                 dict(
                     id=user_info.id,
                     username=user_info.namespace.slug,
                     email=user_info.email,
                     first_name=user_info.first_name,
                     last_name=user_info.last_name,
+                    is_admin=user.is_admin,
                 ),
             )
 

test/bases/renku_data_services/data_api/test_users.py

@@ -272,3 +272,40 @@ async def test_delete_user(sanic_client, admin_headers) -> None:
         for iuser in res.json
     ]
     assert user not in users_response
+
+
+@pytest.mark.asyncio
+async def test_get_self_user(sanic_client, user_headers, regular_user) -> None:
+    _, response = await sanic_client.get("/api/data/user", headers=user_headers)
+
+    assert response.status_code == 200, response.text
+    assert response.json is not None
+    user_info = response.json
+    assert user_info.get("id") == regular_user.id
+    assert user_info.get("username") == regular_user.namespace.slug
+    assert user_info.get("email") == regular_user.email
+    assert user_info.get("first_name") == regular_user.first_name
+    assert user_info.get("last_name") == regular_user.last_name
+    assert user_info.get("is_admin") is False
+
+
+@pytest.mark.asyncio
+async def test_get_self_user_as_admin(sanic_client, admin_headers, admin_user) -> None:
+    _, response = await sanic_client.get("/api/data/user", headers=admin_headers)
+
+    assert response.status_code == 200, response.text
+    assert response.json is not None
+    user_info = response.json
+    assert user_info.get("id") == admin_user.id
+    assert user_info.get("username") == admin_user.namespace.slug
+    assert user_info.get("email") == admin_user.email
+    assert user_info.get("first_name") == admin_user.first_name
+    assert user_info.get("last_name") == admin_user.last_name
+    assert user_info.get("is_admin") is True
+
+
+@pytest.mark.asyncio
+async def test_get_self_user_unauthenticated(sanic_client) -> None:
+    _, response = await sanic_client.get("/api/data/user")
+
+    assert response.status_code == 401, response.text