Add admin endpoints for group listing and tweak user listing

ml-evs · ml-evs · commit 419b5a3e9474 · 2025-03-11T13:56:45.000Z
diff --git a/pydatalab/src/pydatalab/models/people.py b/pydatalab/src/pydatalab/models/people.py
@@ -7,7 +7,7 @@
 from pydantic import EmailStr as PydanticEmailStr
 
 from pydatalab.models.entries import Entry
-from pydatalab.models.utils import HumanReadableIdentifier, PyObjectId
+from pydatalab.models.utils import HumanReadableIdentifier, PyObjectId, UserRole
 
 
 class IdentityType(str, Enum):
@@ -196,3 +196,7 @@ def new_user_from_identity(
             contact_email=contact_email,
             account_status=account_status,
         )
+
+
+class User(Person):
+    role: UserRole
diff --git a/pydatalab/src/pydatalab/routes/v0_1/admin.py b/pydatalab/src/pydatalab/routes/v0_1/admin.py
@@ -3,8 +3,9 @@
 from flask_login import current_user
 
 from pydatalab.config import CONFIG
+from pydatalab.models.people import Group, User
 from pydatalab.mongo import flask_mongo
-from pydatalab.permissions import admin_only, get_default_permissions
+from pydatalab.permissions import admin_only
 
 ADMIN = Blueprint("admins", __name__)
 
@@ -18,7 +19,6 @@ def _(): ...
 def get_users():
     users = flask_mongo.db.users.aggregate(
         [
-            {"$match": get_default_permissions(user_only=True)},
             {
                 "$lookup": {
                     "from": "roles",
@@ -27,6 +27,19 @@ def get_users():
                     "as": "role",
                 }
             },
+            {
+                "$lookup": {
+                    "from": "groups",
+                    "let": {"group_ids": "$group_ids"},
+                    "pipeline": [
+                        {"$match": {"$expr": {"$in": ["$_id", {"$ifNull": ["$$group_ids", []]}]}}},
+                        {"$addFields": {"__order": {"$indexOfArray": ["$$group_ids", "$_id"]}}},
+                        {"$sort": {"__order": 1}},
+                        {"$project": {"_id": 1, "display_name": 1}},
+                    ],
+                    "as": "groups",
+                },
+            },
             {
                 "$addFields": {
                     "role": {
@@ -41,7 +54,7 @@ def get_users():
         ]
     )
 
-    return jsonify({"status": "success", "data": list(users)})
+    return jsonify({"status": "success", "data": list(User(**u).json() for u in users)})
 
 
 @ADMIN.route("/roles/<user_id>", methods=["PATCH"])
@@ -93,3 +106,10 @@ def save_role(user_id):
         )
 
     return (jsonify({"status": "success"}), 200)
+
+
+@ADMIN.route("/groups", methods=["GET"])
+def get_groups():
+    return jsonify(
+        {"status": "success", "data": [Group(**d).json() for d in flask_mongo.db.groups.find()]}
+    ), 200
diff --git a/pydatalab/tests/server/test_users.py b/pydatalab/tests/server/test_users.py
@@ -42,6 +42,20 @@ def test_role_update_by_user(client, real_mongo_client, user_id):
     assert user["role"] == "manager"
 
 
+def test_list_users(admin_client, client):
+    resp = admin_client.get("/users")
+    assert resp.status_code == 200
+    resp = client.get("/users")
+    assert resp.status_code == 403
+
+
+def test_list_groups(admin_client, client):
+    resp = admin_client.get("/groups")
+    assert resp.status_code == 200
+    resp = client.get("/groups")
+    assert resp.status_code == 403
+
+
 def test_user_update(client, unauthenticated_client, real_mongo_client, user_id, admin_user_id):
     endpoint = f"/users/{str(user_id)}"
     # Test display name update
