admin and users

Author: pcrespov

api/specs/web-server/_users.py

@@ -14,10 +14,9 @@
     MyProfilePatch,
     MyTokenCreate,
     MyTokenGet,
-    MyUserGet,
     MyUsersGetParams,
     MyUsersSearchQueryParams,
-    UserGet,
+    UserAsAdminGet,
     UsersSearchQueryParams,
 )
 from models_library.api_schemas_webserver.users_preferences import PatchRequestBody
@@ -145,40 +144,49 @@ async def list_user_permissions():
     ...
 
 
+#
+# USERS public
+#
+
+
 @router.get(
-    "/me/users/{user_id}",
-    response_model=Envelope[MyUserGet],
+    "/users/{user_id}",
+    response_model=Envelope[UserAsAdminGet],
 )
 async def get_user(_path: Annotated[MyUsersGetParams, Depends()]):
     ...
 
 
 @router.get(
-    "/me/users:search",
-    response_model=Envelope[list[MyUserGet]],
+    "/users:search",
+    response_model=Envelope[list[UserAsAdminGet]],
     description="Search among users who are publicly visible to the caller (i.e., me) based on their privacy settings.",
 )
 async def search_users(_query: Annotated[MyUsersSearchQueryParams, Depends()]):
     ...
 
 
+#
+# USERS admin
+#
+
 _extra_tags: list[str | Enum] = ["admin"]
 
 
 @router.get(
-    "/users:search",
-    response_model=Envelope[list[UserGet]],
+    "/admin/users:search",
+    response_model=Envelope[list[UserAsAdminGet]],
     tags=_extra_tags,
 )
-async def search_users_as_admin(_query: Annotated[UsersSearchQueryParams, Depends()]):
+async def search_users_for_admin(_query: Annotated[UsersSearchQueryParams, Depends()]):
     # NOTE: see `Search` in `Common Custom Methods` in https://cloud.google.com/apis/design/custom_methods
     ...
 
 
 @router.post(
-    "/users:pre-register",
-    response_model=Envelope[UserGet],
+    "/admin/users:pre-register",
+    response_model=Envelope[UserAsAdminGet],
     tags=_extra_tags,
 )
-async def pre_register_user_as_admin(_body: PreRegisteredUserGet):
+async def pre_register_user_for_admin(_body: PreRegisteredUserGet):
     ...

packages/models-library/src/models_library/api_schemas_webserver/users.py

@@ -212,7 +212,7 @@ class MyUsersSearchQueryParams(BaseModel):
     limit: Annotated[int, annotated_types.Interval(ge=1, le=50)] = 10
 
 
-class MyUserGet(OutputSchema):
+class UserAsAdminGet(OutputSchema):
     # Public profile of a user subject to its privacy settings
     user_id: UserID
     group_id: GroupID
@@ -233,7 +233,7 @@ class UsersSearchQueryParams(BaseModel):
     ]
 
 
-class UserGet(OutputSchema):
+class UserAsAdminGet(OutputSchema):
     # ONLY for admins
     first_name: str | None
     last_name: str | None

services/static-webserver/client/source/class/osparc/data/Resources.js

@@ -962,11 +962,11 @@ qx.Class.define("osparc.data.Resources", {
         endpoints: {
           search: {
             method: "GET",
-            url: statics.API + "/users:search?email={email}"
+            url: statics.API + "/admin/users:search?email={email}"
           },
           preRegister: {
             method: "POST",
-            url: statics.API + "/users:pre-register"
+            url: statics.API + "/admin/users:pre-register"
           }
         }
       },

services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml

@@ -1323,7 +1323,7 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Envelope_list_MyPermissionGet__'
-  /v0/me/users/{user_id}:
+  /v0/users/{user_id}:
     get:
       tags:
       - user
@@ -1344,8 +1344,8 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/Envelope_MyUserGet_'
-  /v0/me/users:search:
+                $ref: '#/components/schemas/Envelope_UserAsAdminGet_'
+  /v0/users:search:
     get:
       tags:
       - user
@@ -1377,14 +1377,14 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/Envelope_list_MyUserGet__'
-  /v0/users:search:
+                $ref: '#/components/schemas/Envelope_list_UserAsAdminGet__'
+  /v0/admin/users:search:
     get:
       tags:
       - user
       - admin
-      summary: Search Users As Admin
-      operationId: search_users_as_admin
+      summary: Search Users For Admin
+      operationId: search_users_for_admin
       parameters:
       - name: email
         in: query
@@ -1400,14 +1400,14 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/Envelope_list_UserGet__'
-  /v0/users:pre-register:
+                $ref: '#/components/schemas/Envelope_list_UserAsAdminGet__'
+  /v0/admin/users:pre-register:
     post:
       tags:
       - user
       - admin
-      summary: Pre Register User As Admin
-      operationId: pre_register_user_as_admin
+      summary: Pre Register User For Admin
+      operationId: pre_register_user_for_admin
       requestBody:
         content:
           application/json:
@@ -1420,7 +1420,7 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/Envelope_UserGet_'
+                $ref: '#/components/schemas/Envelope_UserAsAdminGet_'
   /v0/wallets:
     get:
       tags:
@@ -8253,19 +8253,6 @@ components:
           title: Error
       type: object
       title: Envelope[MyTokenGet]
-    Envelope_MyUserGet_:
-      properties:
-        data:
-          anyOf:
-          - $ref: '#/components/schemas/MyUserGet'
-          - type: 'null'
-        error:
-          anyOf:
-          - {}
-          - type: 'null'
-          title: Error
-      type: object
-      title: Envelope[MyUserGet]
     Envelope_NodeCreated_:
       properties:
         data:
@@ -8624,19 +8611,19 @@ components:
           title: Error
       type: object
       title: Envelope[Union[WalletGet, NoneType]]
-    Envelope_UserGet_:
+    Envelope_UserAsAdminGet_:
       properties:
         data:
           anyOf:
-          - $ref: '#/components/schemas/UserGet'
+          - $ref: '#/components/schemas/UserAsAdminGet'
           - type: 'null'
         error:
           anyOf:
           - {}
           - type: 'null'
           title: Error
       type: object
-      title: Envelope[UserGet]
+      title: Envelope[UserAsAdminGet]
     Envelope_WalletGetWithAvailableCredits_:
       properties:
         data:
@@ -9030,22 +9017,6 @@ components:
           title: Error
       type: object
       title: Envelope[list[MyTokenGet]]
-    Envelope_list_MyUserGet__:
-      properties:
-        data:
-          anyOf:
-          - items:
-              $ref: '#/components/schemas/MyUserGet'
-            type: array
-          - type: 'null'
-          title: Data
-        error:
-          anyOf:
-          - {}
-          - type: 'null'
-          title: Error
-      type: object
-      title: Envelope[list[MyUserGet]]
     Envelope_list_OsparcCreditsAggregatedByServiceGet__:
       properties:
         data:
@@ -9286,12 +9257,12 @@ components:
           title: Error
       type: object
       title: Envelope[list[TaskGet]]
-    Envelope_list_UserGet__:
+    Envelope_list_UserAsAdminGet__:
       properties:
         data:
           anyOf:
           - items:
-              $ref: '#/components/schemas/UserGet'
+              $ref: '#/components/schemas/UserAsAdminGet'
             type: array
           - type: 'null'
           title: Data
@@ -9301,7 +9272,7 @@ components:
           - type: 'null'
           title: Error
       type: object
-      title: Envelope[list[UserGet]]
+      title: Envelope[list[UserAsAdminGet]]
     Envelope_list_UserNotification__:
       properties:
         data:
@@ -10931,45 +10902,6 @@ components:
       - service
       - token_key
       title: MyTokenGet
-    MyUserGet:
-      properties:
-        userId:
-          type: integer
-          exclusiveMinimum: true
-          title: Userid
-          minimum: 0
-        groupId:
-          type: integer
-          exclusiveMinimum: true
-          title: Groupid
-          minimum: 0
-        userName:
-          type: string
-          maxLength: 100
-          minLength: 1
-          title: Username
-        firstName:
-          anyOf:
-          - type: string
-          - type: 'null'
-          title: Firstname
-        lastName:
-          anyOf:
-          - type: string
-          - type: 'null'
-          title: Lastname
-        email:
-          anyOf:
-          - type: string
-            format: email
-          - type: 'null'
-          title: Email
-      type: object
-      required:
-      - userId
-      - groupId
-      - userName
-      title: MyUserGet
     Node-Input:
       properties:
         key:
@@ -14463,7 +14395,7 @@ components:
       - number
       - e_tag
       title: UploadedPart
-    UserGet:
+    UserAsAdminGet:
       properties:
         firstName:
           anyOf:
@@ -14554,7 +14486,7 @@ components:
       - country
       - registered
       - status
-      title: UserGet
+      title: UserAsAdminGet
     UserNotification:
       properties:
         user_id:

services/web/server/src/simcore_service_webserver/security/_authz_access_roles.py

@@ -83,6 +83,7 @@ class PermissionDict(TypedDict, total=False):
             "user.notifications.write",
             "user.profile.delete",
             "user.profile.update",
+            "user.read",
             "user.tokens.*",
             "wallets.*",
             "workspaces.*",
@@ -103,7 +104,7 @@ class PermissionDict(TypedDict, total=False):
         can=[
             "product.details.*",
             "product.invitations.create",
-            "user.users.*",
+            "user.admin.read",
         ],
         inherits=[UserRole.TESTER],
     ),

services/web/server/src/simcore_service_webserver/users/_common/schemas.py

@@ -12,7 +12,7 @@
 
 import pycountry
 from models_library.api_schemas_webserver._base import InputSchema
-from models_library.api_schemas_webserver.users import UserGet
+from models_library.api_schemas_webserver.users import UserAsAdminGet
 from models_library.emails import LowerCaseEmailStr
 from models_library.users import UserID
 from pydantic import BaseModel, ConfigDict, Field, field_validator, model_validator
@@ -109,4 +109,6 @@ def _pre_check_and_normalize_country(cls, v):
 
 
 # asserts field names are in sync
-assert set(PreRegisteredUserGet.model_fields).issubset(UserGet.model_fields)  # nosec
+assert set(PreRegisteredUserGet.model_fields).issubset(
+    UserAsAdminGet.model_fields
+)  # nosec