-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathusers.py
More file actions
325 lines (272 loc) · 10.7 KB
/
users.py
File metadata and controls
325 lines (272 loc) · 10.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
from typing import List, Optional, Union
from pydantic import validate_arguments
from .base import (
BasePermitApi,
SimpleHttpClient,
pagination_params,
required_context,
required_permissions,
)
from .context import ApiContextLevel, ApiKeyAccessLevel
from .models import (
PaginatedResultUserRead,
RoleAssignmentCreate,
RoleAssignmentRead,
RoleAssignmentRemove,
UserCreate,
UserRead,
UserUpdate,
)
class UsersApi(BasePermitApi):
@property
def __users(self) -> SimpleHttpClient:
return self._build_http_client(
"/v2/facts/{proj_id}/{env_id}/users".format(
proj_id=self.config.api_context.project,
env_id=self.config.api_context.environment,
)
)
@property
def __role_assignments(self) -> SimpleHttpClient:
return self._build_http_client(
"/v2/facts/{proj_id}/{env_id}/role_assignments".format(
proj_id=self.config.api_context.project,
env_id=self.config.api_context.environment,
)
)
@property
def __user_invites(self) -> SimpleHttpClient:
return self._build_http_client(
"/v2/facts/{proj_id}/{env_id}/user_invites".format(
proj_id=self.config.api_context.project,
env_id=self.config.api_context.environment,
)
)
@required_permissions(ApiKeyAccessLevel.ENVIRONMENT_LEVEL_API_KEY)
@required_context(ApiContextLevel.ENVIRONMENT)
@validate_arguments
async def list(self, page: int = 1, per_page: int = 100) -> PaginatedResultUserRead:
"""
Retrieves a list of users.
Args:
page: The page number to fetch (default: 1).
per_page: How many items to fetch per page (default: 100).
Returns:
a paginated list of users.
Raises:
PermitApiError: If the API returns an error HTTP status code.
PermitContextError: If the configured ApiContext does not match the required endpoint context.
"""
return await self.__users.get(
"",
model=PaginatedResultUserRead,
params=pagination_params(page, per_page),
)
async def _get(self, user_key: str) -> UserRead:
return await self.__users.get(f"/{user_key}", model=UserRead)
@required_permissions(ApiKeyAccessLevel.ENVIRONMENT_LEVEL_API_KEY)
@required_context(ApiContextLevel.ENVIRONMENT)
@validate_arguments
async def get(self, user_key: str) -> UserRead:
"""
Retrieves a user by its key.
Args:
user_key: The key of the user.
Returns:
the user object.
Raises:
PermitApiError: If the API returns an error HTTP status code.
PermitContextError: If the configured ApiContext does not match the required endpoint context.
"""
return await self._get(user_key)
@required_permissions(ApiKeyAccessLevel.ENVIRONMENT_LEVEL_API_KEY)
@required_context(ApiContextLevel.ENVIRONMENT)
@validate_arguments
async def get_by_key(self, user_key: str) -> UserRead:
"""
Retrieves a user by its key.
Alias for the get method.
Args:
user_key: The key of the user.
Returns:
the user object.
Raises:
PermitApiError: If the API returns an error HTTP status code.
PermitContextError: If the configured ApiContext does not match the required endpoint context.
"""
return await self._get(user_key)
@required_permissions(ApiKeyAccessLevel.ENVIRONMENT_LEVEL_API_KEY)
@required_context(ApiContextLevel.ENVIRONMENT)
@validate_arguments
async def get_by_id(self, user_id: str) -> UserRead:
"""
Retrieves a user by its ID.
Alias for the get method.
Args:
user_id: The ID of the user.
Returns:
the user object.
Raises:
PermitApiError: If the API returns an error HTTP status code.
PermitContextError: If the configured ApiContext does not match the required endpoint context.
"""
return await self._get(user_id)
@required_permissions(ApiKeyAccessLevel.ENVIRONMENT_LEVEL_API_KEY)
@required_context(ApiContextLevel.ENVIRONMENT)
@validate_arguments
async def create(self, user_data: UserCreate) -> UserRead:
"""
Creates a new user.
Args:
user_data: The data for the new user.
Returns:
the created user.
Raises:
PermitApiError: If the API returns an error HTTP status code.
PermitContextError: If the configured ApiContext does not match the required endpoint context.
"""
return await self.__users.post("", model=UserRead, json=user_data)
@required_permissions(ApiKeyAccessLevel.ENVIRONMENT_LEVEL_API_KEY)
@required_context(ApiContextLevel.ENVIRONMENT)
@validate_arguments
async def update(self, user_key: str, user_data: UserUpdate) -> UserRead:
"""
Updates a user.
Args:
user_key: The key of the user.
user_data: The updated data for the user.
Returns:
the updated user.
Raises:
PermitApiError: If the API returns an error HTTP status code.
PermitContextError: If the configured ApiContext does not match the required endpoint context.
"""
return await self.__users.patch(f"/{user_key}", model=UserRead, json=user_data)
@required_permissions(ApiKeyAccessLevel.ENVIRONMENT_LEVEL_API_KEY)
@required_context(ApiContextLevel.ENVIRONMENT)
@validate_arguments
async def sync(self, user: Union[UserCreate, dict]) -> UserRead:
"""
Synchronizes user data by creating or updating a user.
Args:
user: The data of the user to be synchronized.
Returns:
the result of the user creation or update operation.
Raises:
PermitApiError: If the API returns an error HTTP status code.
PermitContextError: If the configured ApiContext does not match the required endpoint context.
"""
if isinstance(user, dict):
user_key = user.pop("key", None)
if user_key is None:
raise KeyError("required 'key' in input dictionary")
else:
user_key = user.key
return await self.__users.put(f"/{user_key}", model=UserRead, json=user)
@required_permissions(ApiKeyAccessLevel.ENVIRONMENT_LEVEL_API_KEY)
@required_context(ApiContextLevel.ENVIRONMENT)
@validate_arguments
async def delete(self, user_key: str) -> None:
"""
Deletes a user.
Args:
user_key: The key of the user to delete.
Raises:
PermitApiError: If the API returns an error HTTP status code.
PermitContextError: If the configured ApiContext does not match the required endpoint context.
"""
return await self.__users.delete(f"/{user_key}")
@required_permissions(ApiKeyAccessLevel.ENVIRONMENT_LEVEL_API_KEY)
@required_context(ApiContextLevel.ENVIRONMENT)
@validate_arguments
async def assign_role(self, assignment: RoleAssignmentCreate) -> RoleAssignmentRead:
"""
Assigns a role to a user in the scope of a given tenant.
Args:
assignment: The role assignment details.
Returns:
the assigned role.
Raises:
PermitApiError: If the API returns an error HTTP status code.
PermitContextError: If the configured ApiContext does not match the required endpoint context.
"""
return await self.__users.post(
f"/{assignment.user}/roles",
model=RoleAssignmentRead,
json=assignment.dict(exclude={"user"}),
)
@required_permissions(ApiKeyAccessLevel.ENVIRONMENT_LEVEL_API_KEY)
@required_context(ApiContextLevel.ENVIRONMENT)
@validate_arguments
async def unassign_role(self, unassignment: RoleAssignmentRemove) -> None:
"""
Unassigns a role from a user in the scope of a given tenant.
Args:
unassignment: The role unassignment details.
Raises:
PermitApiError: If the API returns an error HTTP status code.
PermitContextError: If the configured ApiContext does not match the required endpoint context.
"""
return await self.__users.delete(
f"/{unassignment.user}/roles",
json=unassignment.dict(exclude={"user"}),
)
@required_permissions(ApiKeyAccessLevel.ENVIRONMENT_LEVEL_API_KEY)
@required_context(ApiContextLevel.ENVIRONMENT)
@validate_arguments
async def get_assigned_roles(
self,
user: str,
tenant: Optional[str] = None,
page: int = 1,
per_page: int = 100,
) -> List[RoleAssignmentRead]:
"""
Retrieves the roles assigned to a user in a given tenant (if the tenant filter is provided)
or across all tenants (if the tenant filter is not provided).
Args:
user: The key of the user.
tenant: The key of the tenant.
page: The page number to fetch.
per_page: How many items to fetch per page.
Returns:
an array of role assignments for the user.
Raises:
PermitApiError: If the API returns an error HTTP status code.
PermitContextError: If the configured ApiContext does not match the required endpoint context.
"""
params = pagination_params(page, per_page)
params.update({"user": user})
if tenant is not None:
params.update({"tenant": tenant})
return await self.__role_assignments.get(
"",
model=List[RoleAssignmentRead],
params=params,
)
@required_permissions(ApiKeyAccessLevel.ENVIRONMENT_LEVEL_API_KEY)
@required_context(ApiContextLevel.ENVIRONMENT)
@validate_arguments
async def approve(
self,
user_key: str,
email: str,
invite_code: str,
attributes: Optional[dict] = None,
) -> UserRead:
"""
Approves a user.
Args:
email: The email address of the user.
invite_code: The invite code of the user.
Returns:
the approved new created user object.
Raises:
PermitApiError: If the API returns an error HTTP status code.
PermitContextError: If the configured ApiContext does not match the required endpoint context.
"""
return await self.__user_invites.post(
f"/{invite_code}/approve",
model=UserRead,
json={"email": email, "key": user_key, "attributes": attributes or None},
)