adds support to groups

Author: pcrespov

packages/models-library/src/models_library/api_schemas_webserver/groups.py

@@ -246,7 +246,7 @@ def from_domain_model(
         cls,
         groups_by_type: GroupsByTypeTuple,
         my_product_group: tuple[Group, AccessRightsDict] | None,
-        my_support_group: tuple[Group, AccessRightsDict] | None = None,
+        my_support_group: tuple[Group, AccessRightsDict] | None,
     ) -> Self:
         assert groups_by_type.primary  # nosec
         assert groups_by_type.everyone  # nosec

packages/models-library/src/models_library/api_schemas_webserver/users.py

@@ -132,6 +132,7 @@ def from_domain_model(
         my_groups_by_type: GroupsByTypeTuple,
         my_product_group: tuple[Group, AccessRightsDict] | None,
         my_preferences: AggregatedPreferences,
+        my_support_group: tuple[Group, AccessRightsDict] | None,
     ) -> Self:
         data = remap_keys(
             my_profile.model_dump(
@@ -152,7 +153,9 @@ def from_domain_model(
         )
         return cls(
             **data,
-            groups=MyGroupsGet.from_domain_model(my_groups_by_type, my_product_group),
+            groups=MyGroupsGet.from_domain_model(
+                my_groups_by_type, my_product_group, my_support_group
+            ),
             preferences=my_preferences,
         )
 

packages/models-library/src/models_library/groups.py

@@ -39,44 +39,54 @@ class Group(BaseModel):
 
     @staticmethod
     def _update_json_schema_extra(schema: JsonDict) -> None:
-        everyone = {
+        everyone: JsonDict = {
             "gid": 1,
             "name": "Everyone",
             "type": "everyone",
             "description": "all users",
             "thumbnail": None,
         }
-        user = {
+        user: JsonDict = {
             "gid": 2,
             "name": "User",
             "description": "primary group",
             "type": "primary",
             "thumbnail": None,
         }
-        organization = {
+        organization: JsonDict = {
             "gid": 3,
             "name": "Organization",
             "description": "standard group",
             "type": "standard",
             "thumbnail": None,
             "inclusionRules": {},
         }
-        product = {
+        product: JsonDict = {
             "gid": 4,
             "name": "Product",
             "description": "standard group for products",
             "type": "standard",
             "thumbnail": None,
         }
-        support = {
+        support: JsonDict = {
             "gid": 5,
             "name": "Support",
             "description": "support group",
             "type": "standard",
             "thumbnail": None,
         }
 
-        schema.update({"examples": [everyone, user, organization, product, support]})
+        schema.update(
+            {
+                "examples": [
+                    everyone,
+                    user,
+                    organization,
+                    product,
+                    support,
+                ]
+            }
+        )
 
     model_config = ConfigDict(
         populate_by_name=True, json_schema_extra=_update_json_schema_extra

services/web/server/src/simcore_service_webserver/groups/_groups_repository.py

@@ -108,7 +108,7 @@ async def _get_group_and_access_rights_or_raise(
     *,
     caller_id: UserID,
     group_id: GroupID,
-    permission: Literal["read", "write", "delete"] | None,
+    check_permission: Literal["read", "write", "delete"] | None,
 ) -> Row:
     result = await conn.execute(
         sa.select(
@@ -122,8 +122,8 @@ async def _get_group_and_access_rights_or_raise(
     if not row:
         raise GroupNotFoundError(gid=group_id)
 
-    if permission:
-        _check_group_permissions(row, caller_id, group_id, permission)
+    if check_permission:
+        _check_group_permissions(row, caller_id, group_id, check_permission)
 
     return row
 
@@ -274,29 +274,29 @@ async def get_user_group(
     """
     async with pass_or_acquire_connection(get_asyncpg_engine(app), connection) as conn:
         row = await _get_group_and_access_rights_or_raise(
-            conn, caller_id=user_id, group_id=group_id, permission="read"
+            conn, caller_id=user_id, group_id=group_id, check_permission="read"
         )
         group, access_rights = _to_group_info_tuple(row)
         return group, access_rights
 
 
-async def get_product_group_for_user(
+async def get_any_group_for_user(
     app: web.Application,
     connection: AsyncConnection | None = None,
     *,
     user_id: UserID,
-    product_gid: GroupID,
+    group_gid: GroupID,
 ) -> tuple[Group, AccessRightsDict]:
     """
-    Returns product's group if user belongs to it, otherwise it
+    Returns any group if user belongs to it (even if it has no permissions), otherwise it
     raises GroupNotFoundError
     """
     async with pass_or_acquire_connection(get_asyncpg_engine(app), connection) as conn:
         row = await _get_group_and_access_rights_or_raise(
             conn,
             caller_id=user_id,
-            group_id=product_gid,
-            permission=None,
+            group_id=group_gid,
+            check_permission=None,
         )
         group, access_rights = _to_group_info_tuple(row)
         return group, access_rights
@@ -363,7 +363,7 @@ async def update_standard_group(
 
     async with transaction_context(get_asyncpg_engine(app), connection) as conn:
         row = await _get_group_and_access_rights_or_raise(
-            conn, caller_id=user_id, group_id=group_id, permission="write"
+            conn, caller_id=user_id, group_id=group_id, check_permission="write"
         )
         assert row.gid == group_id  # nosec
         # NOTE: update does not include access-rights
@@ -391,7 +391,7 @@ async def delete_standard_group(
 ) -> None:
     async with transaction_context(get_asyncpg_engine(app), connection) as conn:
         await _get_group_and_access_rights_or_raise(
-            conn, caller_id=user_id, group_id=group_id, permission="delete"
+            conn, caller_id=user_id, group_id=group_id, check_permission="delete"
         )
 
         await conn.execute(
@@ -581,7 +581,7 @@ async def get_user_in_group(
     async with pass_or_acquire_connection(get_asyncpg_engine(app), connection) as conn:
         # first check if the group exists
         await _get_group_and_access_rights_or_raise(
-            conn, caller_id=caller_id, group_id=group_id, permission="read"
+            conn, caller_id=caller_id, group_id=group_id, check_permission="read"
         )
 
         # get the user with its permissions
@@ -611,7 +611,7 @@ async def update_user_in_group(
 
         # first check if the group exists
         await _get_group_and_access_rights_or_raise(
-            conn, caller_id=caller_id, group_id=group_id, permission="write"
+            conn, caller_id=caller_id, group_id=group_id, check_permission="write"
         )
 
         # now check the user exists
@@ -651,7 +651,7 @@ async def delete_user_from_group(
     async with transaction_context(get_asyncpg_engine(app), connection) as conn:
         # first check if the group exists
         await _get_group_and_access_rights_or_raise(
-            conn, caller_id=caller_id, group_id=group_id, permission="write"
+            conn, caller_id=caller_id, group_id=group_id, check_permission="write"
         )
 
         # check the user exists
@@ -714,7 +714,7 @@ async def add_new_user_in_group(
     async with transaction_context(get_asyncpg_engine(app), connection) as conn:
         # first check if the group exists
         await _get_group_and_access_rights_or_raise(
-            conn, caller_id=caller_id, group_id=group_id, permission="write"
+            conn, caller_id=caller_id, group_id=group_id, check_permission="write"
         )
 
         query = sa.select(users.c.id)

services/web/server/src/simcore_service_webserver/groups/_groups_rest.py

@@ -56,8 +56,6 @@ async def list_groups(request: web.Request):
     assert groups_by_type.primary
     assert groups_by_type.everyone
 
-    my_product_group = None
-
     if product.group_id:
         with suppress(GroupNotFoundError):
             # Product is optional
@@ -66,16 +64,20 @@ async def list_groups(request: web.Request):
                 user_id=req_ctx.user_id,
                 product_gid=product.group_id,
             )
-
-    my_groups = MyGroupsGet(
-        me=GroupGet.from_domain_model(*groups_by_type.primary),
-        organizations=[
-            GroupGet.from_domain_model(*gi) for gi in groups_by_type.standard
-        ],
-        all=GroupGet.from_domain_model(*groups_by_type.everyone),
-        product=(
-            GroupGet.from_domain_model(*my_product_group) if my_product_group else None
-        ),
+    else:
+        my_product_group = None
+
+    if product.support_standard_group_id:
+        my_support_group = await _groups_service.get_support_group_for_user_or_none(
+            app=request.app,
+            user_id=req_ctx.user_id,
+            support_gid=product.support_standard_group_id,
+        )
+    else:
+        my_support_group = None
+
+    my_groups = MyGroupsGet.from_domain_model(
+        groups_by_type, my_product_group, my_support_group
     )
 
     return envelope_json_response(my_groups)

services/web/server/src/simcore_service_webserver/groups/_groups_service.py

@@ -1,3 +1,5 @@
+from contextlib import suppress
+
 from aiohttp import web
 from models_library.basic_types import IDStr
 from models_library.emails import LowerCaseEmailStr
@@ -16,7 +18,7 @@
 
 from ..users import users_service
 from . import _groups_repository
-from .exceptions import GroupsError
+from .exceptions import GroupNotFoundError, GroupsError
 
 #
 # GROUPS
@@ -71,11 +73,24 @@ async def get_product_group_for_user(
     Returns product's group if user belongs to it, otherwise it
     raises GroupNotFoundError
     """
-    return await _groups_repository.get_product_group_for_user(
-        app, user_id=user_id, product_gid=product_gid
+    return await _groups_repository.get_any_group_for_user(
+        app, user_id=user_id, group_gid=product_gid
     )
 
 
+async def get_support_group_for_user_or_none(
+    app: web.Application, *, user_id: UserID, support_gid: GroupID
+) -> tuple[Group, AccessRightsDict] | None:
+    """
+    Returns support's group if user belongs to it, otherwise it
+    """
+    with suppress(GroupNotFoundError):
+        return await _groups_repository.get_any_group_for_user(
+            app, user_id=user_id, group_gid=support_gid
+        )
+    return None
+
+
 #
 # CRUD operations on groups linked to a user
 #

services/web/server/src/simcore_service_webserver/groups/api.py

@@ -7,6 +7,7 @@
     auto_add_user_to_product_group,
     get_group_from_gid,
     get_product_group_for_user,
+    get_support_group_for_user_or_none,
     is_user_by_email_in_group,
     list_all_user_groups_ids,
     list_group_members,
@@ -20,10 +21,11 @@
     "auto_add_user_to_product_group",
     "get_group_from_gid",
     "get_product_group_for_user",
+    "get_support_group_for_user_or_none",
     "is_user_by_email_in_group",
     "list_all_user_groups_ids",
+    "list_group_members",
     "list_user_groups_ids_with_read_access",
     "list_user_groups_with_read_access",
-    "list_group_members",
     # nopycln: file
 )

services/web/server/src/simcore_service_webserver/users/_controller/rest/users_rest.py

@@ -58,8 +58,6 @@ async def get_my_profile(request: web.Request) -> web.Response:
     assert groups_by_type.primary
     assert groups_by_type.everyone
 
-    my_product_group = None
-
     if product.group_id:
         with suppress(GroupNotFoundError):
             # Product is optional
@@ -68,13 +66,25 @@ async def get_my_profile(request: web.Request) -> web.Response:
                 user_id=req_ctx.user_id,
                 product_gid=product.group_id,
             )
+    else:
+        my_product_group = None
+
+    if product.support_standard_group_id:
+        # Support group is optional
+        my_support_group = await groups_service.get_support_group_for_user_or_none(
+            app=request.app,
+            user_id=req_ctx.user_id,
+            support_gid=product.support_standard_group_id,
+        )
+    else:
+        my_support_group = None
 
     my_profile, preferences = await _users_service.get_my_profile(
         request.app, user_id=req_ctx.user_id, product_name=req_ctx.product_name
     )
 
     profile = MyProfileRestGet.from_domain_model(
-        my_profile, groups_by_type, my_product_group, preferences
+        my_profile, groups_by_type, my_product_group, preferences, my_support_group
     )
 
     return envelope_json_response(profile)

services/web/server/tests/unit/with_dbs/03/test_users_rest_profiles.py

@@ -88,6 +88,7 @@ async def private_user(
             "first_name": partial_first_name,
             "last_name": "Bond",
             "email": f"james{partial_email}",
+            # Maximum privacy
             "privacy_hide_username": True,
             "privacy_hide_email": True,
             "privacy_hide_fullname": True,
@@ -108,6 +109,7 @@ async def semi_private_user(
             "first_name": partial_first_name,
             "last_name": "Maxwell",
             "email": "[email protected]",
+            # Medium privacy
             "privacy_hide_username": False,
             "privacy_hide_email": True,
             "privacy_hide_fullname": False,  # <--
@@ -128,6 +130,7 @@ async def public_user(
             "first_name": "Taylor",
             "last_name": "Swift",
             "email": f"taylor{partial_email}",
+            # Fully public
             "privacy_hide_username": False,
             "privacy_hide_email": False,
             "privacy_hide_fullname": False,
@@ -407,6 +410,8 @@ async def test_get_profile(
         "thumbnail": None,
     }
 
+    assert got_profile_groups["support"] is None
+
     sorted_by_group_id = functools.partial(sorted, key=lambda d: d["gid"])
     assert sorted_by_group_id(
         got_profile_groups["organizations"]