✨ web-api: admin views and actions for user accounts for the PO center (#7560)

Author: pcrespov

api/specs/web-server/_auth.py

@@ -260,8 +260,8 @@ async def email_confirmation(code: str):
 
 @router.get(
     "/auth/captcha",
-    operation_id="request_captcha",
+    operation_id="create_captcha",
     status_code=status.HTTP_200_OK,
     responses={status.HTTP_200_OK: {"content": {"image/png": {}}}},
 )
-async def request_captcha(): ...
+async def create_captcha(): ...

api/specs/web-server/_users.py

@@ -7,20 +7,25 @@
 from enum import Enum
 from typing import Annotated
 
+from _common import as_query
 from fastapi import APIRouter, Depends, status
 from models_library.api_schemas_webserver.users import (
     MyPermissionGet,
     MyProfileGet,
     MyProfilePatch,
     MyTokenCreate,
     MyTokenGet,
-    UserForAdminGet,
+    UserAccountApprove,
+    UserAccountGet,
+    UserAccountReject,
+    UserAccountSearchQueryParams,
     UserGet,
-    UsersForAdminSearchQueryParams,
+    UsersAccountListQueryParams,
     UsersSearch,
 )
 from models_library.api_schemas_webserver.users_preferences import PatchRequestBody
 from models_library.generics import Envelope
+from models_library.rest_pagination import Page
 from models_library.user_preferences import PreferenceIdentifier
 from simcore_service_webserver._meta import API_VTAG
 from simcore_service_webserver.users._common.schemas import PreRegisteredUserGet
@@ -144,20 +149,46 @@ async def search_users(_body: UsersSearch): ...
 
 
 @router.get(
-    "/admin/users:search",
-    response_model=Envelope[list[UserForAdminGet]],
+    "/admin/user-accounts",
+    response_model=Page[UserAccountGet],
     tags=_extra_tags,
 )
-async def search_users_for_admin(
-    _query: Annotated[UsersForAdminSearchQueryParams, Depends()],
+async def list_users_accounts(
+    _query: Annotated[as_query(UsersAccountListQueryParams), Depends()],
+): ...
+
+
+@router.post(
+    "/admin/user-accounts:approve",
+    status_code=status.HTTP_204_NO_CONTENT,
+    tags=_extra_tags,
+)
+async def approve_user_account(_body: UserAccountApprove): ...
+
+
+@router.post(
+    "/admin/user-accounts:reject",
+    status_code=status.HTTP_204_NO_CONTENT,
+    tags=_extra_tags,
+)
+async def reject_user_account(_body: UserAccountReject): ...
+
+
+@router.get(
+    "/admin/user-accounts:search",
+    response_model=Envelope[list[UserAccountGet]],
+    tags=_extra_tags,
+)
+async def search_user_accounts(
+    _query: Annotated[UserAccountSearchQueryParams, Depends()],
 ):
     # NOTE: see `Search` in `Common Custom Methods` in https://cloud.google.com/apis/design/custom_methods
     ...
 
 
 @router.post(
-    "/admin/users:pre-register",
-    response_model=Envelope[UserForAdminGet],
+    "/admin/user-accounts:pre-register",
+    response_model=Envelope[UserAccountGet],
     tags=_extra_tags,
 )
-async def pre_register_user_for_admin(_body: PreRegisteredUserGet): ...
+async def pre_register_user_account(_body: PreRegisteredUserGet): ...

packages/models-library/src/models_library/api_schemas_webserver/users.py

@@ -1,13 +1,15 @@
 import re
-from datetime import date
+from datetime import date, datetime
 from enum import Enum
 from typing import Annotated, Any, Literal, Self
 
 import annotated_types
 from common_library.basic_types import DEFAULT_FACTORY
 from common_library.dict_tools import remap_keys
-from common_library.users_enums import UserStatus
+from common_library.users_enums import AccountRequestStatus, UserStatus
 from models_library.groups import AccessRightsDict
+from models_library.rest_filters import Filters
+from models_library.rest_pagination import PageQueryParameters
 from pydantic import (
     ConfigDict,
     EmailStr,
@@ -39,6 +41,7 @@
     OutputSchemaWithoutCamelCase,
 )
 from .groups import MyGroupsGet
+from .products import InvitationGenerate
 from .users_preferences import AggregatedPreferences
 
 #
@@ -238,7 +241,30 @@ def from_domain_model(cls, data):
         return cls.model_validate(data, from_attributes=True)
 
 
-class UsersForAdminSearchQueryParams(RequestParameters):
+class UsersForAdminListFilter(Filters):
+    # 1. account_request_status: PENDING, REJECTED, APPROVED
+    # 2. If APPROVED AND user uses the invitation link, then when user is registered,
+    #  it can be in any of these statuses:
+    #     CONFIRMATION_PENDING, ACTIVE, EXPIRED, BANNED, DELETED
+    #
+    review_status: Literal["PENDING", "REVIEWED"] | None = None
+
+    model_config = ConfigDict(extra="forbid")
+
+
+class UsersAccountListQueryParams(UsersForAdminListFilter, PageQueryParameters): ...
+
+
+class UserAccountApprove(InputSchema):
+    email: EmailStr
+    invitation: InvitationGenerate | None = None
+
+
+class UserAccountReject(InputSchema):
+    email: EmailStr
+
+
+class UserAccountSearchQueryParams(RequestParameters):
     email: Annotated[
         str,
         Field(
@@ -249,7 +275,7 @@ class UsersForAdminSearchQueryParams(RequestParameters):
     ]
 
 
-class UserForAdminGet(OutputSchema):
+class UserAccountGet(OutputSchema):
     # ONLY for admins
     first_name: str | None
     last_name: str | None
@@ -269,8 +295,12 @@ class UserForAdminGet(OutputSchema):
         ),
     ] = DEFAULT_FACTORY
 
-    # authorization
+    # pre-registration
+    pre_registration_id: int | None
     invited_by: str | None = None
+    account_request_status: AccountRequestStatus | None
+    account_request_reviewed_by: UserID | None = None
+    account_request_reviewed_at: datetime | None = None
 
     # user status
     registered: bool

scripts/maintenance/pre_registration.py

@@ -123,7 +123,7 @@ async def _pre_register_user(
     extras: dict[str, Any] = {},
 ) -> dict[str, Any]:
     """Pre-register a user in the system"""
-    path = "/v0/admin/users:pre-register"
+    path = "/v0/admin/user-accounts:pre-register"
 
     user_data = PreRegisterUserRequest(
         firstName=first_name,

services/static-webserver/client/source/class/osparc/data/Resources.js

@@ -1059,27 +1059,27 @@ qx.Class.define("osparc.data.Resources", {
         endpoints: {
           search: {
             method: "GET",
-            url: statics.API + "/admin/users:search?email={email}"
+            url: statics.API + "/admin/user-accounts:search?email={email}"
           },
           getPendingUsers: {
             method: "GET",
-            url: statics.API + "/admin/users?status=PENDING"
+            url: statics.API + "/admin/user-accounts?review_status=PENDING"
           },
           approveUser: {
             method: "POST",
-            url: statics.API + "/admin/users:approve"
+            url: statics.API + "/admin/user-accounts:approve"
           },
           rejectUser: {
             method: "POST",
-            url: statics.API + "/admin/users:reject"
+            url: statics.API + "/admin/user-accounts:reject"
           },
           resendConfirmationEmail: {
             method: "POST",
-            url: statics.API + "/admin/users:resendConfirmationEmail"
+            url: statics.API + "/admin/user-accounts:resendConfirmationEmail"
           },
           preRegister: {
             method: "POST",
-            url: statics.API + "/admin/users:pre-register"
+            url: statics.API + "/admin/user-accounts:pre-register"
           }
         }
       },

services/web/server/VERSION

@@ -1 +1 @@
-0.65.0
+0.66.0

services/web/server/setup.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.65.0
+current_version = 0.66.0
 commit = True
 message = services/webserver api version: {current_version} → {new_version}
 tag = False
@@ -13,13 +13,13 @@ commit_args = --no-verify
 addopts = --strict-markers
 asyncio_mode = auto
 asyncio_default_fixture_loop_scope = function
-markers =
+markers = 
 	slow: marks tests as slow (deselect with '-m "not slow"')
 	acceptance_test: "marks tests as 'acceptance tests' i.e. does the system do what the user expects? Typically those are workflows."
 	testit: "marks test to run during development"
 	heavy_load: "mark tests that require large amount of data"
 
 [mypy]
-plugins =
+plugins = 
 	pydantic.mypy
 	sqlalchemy.ext.mypy.plugin