oas

Author: pcrespov

api/specs/web-server/_users.py

@@ -14,6 +14,8 @@
     MyProfilePatch,
     MyTokenCreate,
     MyTokenGet,
+    MyUserGet,
+    MyUsersSearchQueryParams,
     UserGet,
     UsersSearchQueryParams,
 )
@@ -138,23 +140,32 @@ async def list_user_permissions():
     ...
 
 
+@router.get(
+    "/me/users:search",
+    response_model=Envelope[list[MyUserGet]],
+    description="Search among users who are publicly visible to the caller (i.e., me) based on their privacy settings.",
+)
+async def search_users(_params: Annotated[MyUsersSearchQueryParams, Depends()]):
+    ...
+
+
 _extra_tags: list[str | Enum] = ["admin"]
 
 
 @router.get(
-    "/admin/users:search",
+    "/users:search",
     response_model=Envelope[list[UserGet]],
     tags=_extra_tags,
 )
-async def search_users(_params: Annotated[UsersSearchQueryParams, Depends()]):
+async def search_users_as_admin(_params: Annotated[UsersSearchQueryParams, Depends()]):
     # NOTE: see `Search` in `Common Custom Methods` in https://cloud.google.com/apis/design/custom_methods
     ...
 
 
 @router.post(
-    "/admin/users:pre-register",
+    "/users:pre-register",
     response_model=Envelope[UserGet],
     tags=_extra_tags,
 )
-async def pre_register_user(_body: PreRegisteredUserGet):
+async def pre_register_user_as_admin(_body: PreRegisteredUserGet):
     ...

packages/models-library/src/models_library/api_schemas_webserver/users.py

@@ -4,21 +4,31 @@
 from typing import Annotated, Any, Literal, Self
 from uuid import UUID
 
+import annotated_types
 from common_library.basic_types import DEFAULT_FACTORY
 from common_library.dict_tools import remap_keys
 from common_library.users_enums import UserStatus
 from models_library.groups import AccessRightsDict
-from pydantic import BaseModel, ConfigDict, Field, ValidationInfo, field_validator
+from pydantic import (
+    BaseModel,
+    ConfigDict,
+    EmailStr,
+    Field,
+    StringConstraints,
+    ValidationInfo,
+    field_validator,
+)
 
 from ..basic_types import IDStr
 from ..emails import LowerCaseEmailStr
-from ..groups import AccessRightsDict, Group, GroupsByTypeTuple
+from ..groups import AccessRightsDict, Group, GroupID, GroupsByTypeTuple
 from ..products import ProductName
 from ..users import (
     FirstNameStr,
     LastNameStr,
     MyProfile,
     UserID,
+    UserNameID,
     UserPermission,
     UserThirdPartyToken,
 )
@@ -186,6 +196,28 @@ def _validate_user_name(cls, value: str):
 #
 
 
+class MyUsersSearchQueryParams(BaseModel):
+    match_: Annotated[
+        str,
+        StringConstraints(strip_whitespace=True, min_length=1, max_length=50),
+        Field(
+            description="Search string to match with public usernames and emails",
+            alias="match",
+        ),
+    ]
+    limit: Annotated[int, annotated_types.Interval(ge=1, le=50)] = 10
+
+
+class MyUserGet(OutputSchema):
+    # Public profile of a user subject to its privacy settings
+    user_id: UserID
+    group_id: GroupID
+    user_name: UserNameID
+    first_name: str | None = None
+    last_name: str | None = None
+    email: EmailStr | None = None
+
+
 class UsersSearchQueryParams(BaseModel):
     email: Annotated[
         str,
@@ -198,6 +230,7 @@ class UsersSearchQueryParams(BaseModel):
 
 
 class UserGet(OutputSchema):
+    # ONLY for admins
     first_name: str | None
     last_name: str | None
     email: LowerCaseEmailStr

services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml

@@ -1323,14 +1323,47 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Envelope_list_MyPermissionGet__'
-  /v0/users:search:
+  /v0/me/users:search:
     get:
       tags:
       - user
-      - po
       summary: Search Users
+      description: Search among users who are publicly visible to the caller (i.e.,
+        me) based on their privacy settings.
       operationId: search_users
       parameters:
+      - name: match
+        in: query
+        required: true
+        schema:
+          type: string
+          minLength: 1
+          maxLength: 50
+          title: Match
+      - name: limit
+        in: query
+        required: false
+        schema:
+          type: integer
+          maximum: 50
+          minimum: 1
+          default: 10
+          title: Limit
+      responses:
+        '200':
+          description: Successful Response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Envelope_list_MyUserGet__'
+  /v0/users:search:
+    get:
+      tags:
+      - user
+      - admin
+      summary: Search Users As Admin
+      operationId: search_users_as_admin
+      parameters:
       - name: email
         in: query
         required: true
@@ -1350,9 +1383,9 @@ paths:
     post:
       tags:
       - user
-      - po
-      summary: Pre Register User
-      operationId: pre_register_user
+      - admin
+      summary: Pre Register User As Admin
+      operationId: pre_register_user_as_admin
       requestBody:
         content:
           application/json:
@@ -8962,6 +8995,22 @@ components:
           title: Error
       type: object
       title: Envelope[list[MyTokenGet]]
+    Envelope_list_MyUserGet__:
+      properties:
+        data:
+          anyOf:
+          - items:
+              $ref: '#/components/schemas/MyUserGet'
+            type: array
+          - type: 'null'
+          title: Data
+        error:
+          anyOf:
+          - {}
+          - type: 'null'
+          title: Error
+      type: object
+      title: Envelope[list[MyUserGet]]
     Envelope_list_OsparcCreditsAggregatedByServiceGet__:
       properties:
         data:
@@ -10847,6 +10896,45 @@ components:
       - service
       - token_key
       title: MyTokenGet
+    MyUserGet:
+      properties:
+        userId:
+          type: integer
+          exclusiveMinimum: true
+          title: Userid
+          minimum: 0
+        groupId:
+          type: integer
+          exclusiveMinimum: true
+          title: Groupid
+          minimum: 0
+        userName:
+          type: string
+          maxLength: 100
+          minLength: 1
+          title: Username
+        firstName:
+          anyOf:
+          - type: string
+          - type: 'null'
+          title: Firstname
+        lastName:
+          anyOf:
+          - type: string
+          - type: 'null'
+          title: Lastname
+        email:
+          anyOf:
+          - type: string
+            format: email
+          - type: 'null'
+          title: Email
+      type: object
+      required:
+      - userId
+      - groupId
+      - userName
+      title: MyUserGet
     Node-Input:
       properties:
         key:

services/web/server/src/simcore_service_webserver/users/_users_rest.py

@@ -136,11 +136,11 @@ async def update_my_profile(request: web.Request) -> web.Response:
 _RESPONSE_MODEL_MINIMAL_POLICY["exclude_none"] = True
 
 
-@routes.get(f"/{API_VTAG}/users:search", name="search_users")
+@routes.get(f"/{API_VTAG}/admin/users:search", name="search_users_as_admin")
 @login_required
 @permission_required("user.users.*")
 @_handle_users_exceptions
-async def search_users(request: web.Request) -> web.Response:
+async def search_users_as_admin(request: web.Request) -> web.Response:
     req_ctx = UsersRequestContext.model_validate(request)
     assert req_ctx.product_name  # nosec
 
@@ -157,11 +157,11 @@ async def search_users(request: web.Request) -> web.Response:
     )
 
 
-@routes.post(f"/{API_VTAG}/users:pre-register", name="pre_register_user")
+@routes.post(f"/{API_VTAG}/admin/users:pre-register", name="pre_register_user_as_admin")
 @login_required
 @permission_required("user.users.*")
 @_handle_users_exceptions
-async def pre_register_user(request: web.Request) -> web.Response:
+async def pre_register_user_as_admin(request: web.Request) -> web.Response:
     req_ctx = UsersRequestContext.model_validate(request)
     pre_user_profile = await parse_request_body_as(PreRegisteredUserGet, request)