org_claim

Author: epompeii

lib/api_auth/src/github.rs

@@ -82,8 +82,7 @@ async fn post_inner(
         } else if let Some(organization_uuid) = json_oauth.claim {
             let query_organization =
                 QueryOrganization::from_uuid(conn_lock!(context), organization_uuid)?;
-            let invite = query_organization.claim(context, &query_user).await?;
-            query_user.accept_invite(conn_lock!(context), &context.token_key, &invite)?;
+            query_organization.claim(context, &query_user).await?;
         }
         query_user
     } else {

lib/api_organizations/src/claim.rs

@@ -0,0 +1,71 @@
+use bencher_endpoint::{CorsResponse, Endpoint, Post, ResponseCreated};
+use bencher_json::{JsonNewClaim, JsonOrganization, ResourceId};
+use bencher_schema::{
+    conn_lock,
+    context::ApiContext,
+    model::{
+        organization::QueryOrganization,
+        user::auth::{AuthUser, BearerToken},
+    },
+};
+use dropshot::{endpoint, HttpError, Path, RequestContext, TypedBody};
+use schemars::JsonSchema;
+use serde::Deserialize;
+
+#[derive(Deserialize, JsonSchema)]
+pub struct OrgClaimParams {
+    /// The slug or UUID for an organization.
+    pub organization: ResourceId,
+}
+
+#[allow(clippy::no_effect_underscore_binding, clippy::unused_async)]
+#[endpoint {
+    method = OPTIONS,
+    path =  "/v0/organizations/{organization}/claim",
+    tags = ["organizations"]
+}]
+pub async fn org_claim_options(
+    _rqctx: RequestContext<ApiContext>,
+    _path_params: Path<OrgClaimParams>,
+) -> Result<CorsResponse, HttpError> {
+    Ok(Endpoint::cors(&[Post.into()]))
+}
+
+/// Claim an organization
+///
+/// Claim an organization.
+/// The user must be authenticated and the organization must be unclaimed.
+#[endpoint {
+    method = POST,
+    path =  "/v0/organizations/{organization}/claim",
+    tags = ["organizations"]
+}]
+pub async fn org_claim_post(
+    rqctx: RequestContext<ApiContext>,
+    bearer_token: BearerToken,
+    path_params: Path<OrgClaimParams>,
+    body: TypedBody<JsonNewClaim>,
+) -> Result<ResponseCreated<JsonOrganization>, HttpError> {
+    let auth_user = AuthUser::from_token(rqctx.context(), bearer_token).await?;
+    let json = post_inner(
+        rqctx.context(),
+        path_params.into_inner(),
+        body.into_inner(),
+        auth_user,
+    )
+    .await?;
+    Ok(Post::auth_response_created(json))
+}
+
+async fn post_inner(
+    context: &ApiContext,
+    path_params: OrgClaimParams,
+    _json_claim: JsonNewClaim,
+    auth_user: AuthUser,
+) -> Result<JsonOrganization, HttpError> {
+    let query_organization =
+        QueryOrganization::from_resource_id(conn_lock!(context), &path_params.organization)?;
+    query_organization.claim(context, &auth_user.user).await?;
+
+    Ok(query_organization.into_json(conn_lock!(context)))
+}

lib/api_organizations/src/lib.rs

@@ -1,4 +1,5 @@
 mod allowed;
+mod claim;
 mod members;
 mod organizations;
 mod plan;
@@ -24,6 +25,12 @@ impl bencher_endpoint::Registrar for Api {
         api_description.register(organizations::organization_patch)?;
         api_description.register(organizations::organization_delete)?;
 
+        // Project Claim
+        if http_options {
+            api_description.register(claim::org_claim_options)?;
+        }
+        api_description.register(claim::org_claim_post)?;
+
         // Organization Permission
         if http_options {
             api_description.register(allowed::org_allowed_options)?;

lib/api_projects/src/claim.rs

@@ -2,7 +2,6 @@ mod alerts;
 mod allowed;
 mod benchmarks;
 mod branches;
-mod claim;
 mod measures;
 mod metrics;
 mod perf;
@@ -33,12 +32,6 @@ impl bencher_endpoint::Registrar for Api {
         api_description.register(projects::project_patch)?;
         api_description.register(projects::project_delete)?;
 
-        // Project Claim
-        if http_options {
-            api_description.register(claim::proj_claim_options)?;
-        }
-        api_description.register(claim::proj_claim_post)?;
-
         // Project Permission
         if http_options {
             api_description.register(allowed::proj_allowed_options)?;

lib/api_projects/src/lib.rs

@@ -65,8 +65,9 @@ async fn post_inner(
         .await?
     };
 
-    // If a project is unclaimed, don't check permissions
-    if query_project.is_claimed(conn_lock!(context))? {
+    let query_organization = query_project.organization(conn_lock!(context))?;
+    // If the organization is claimed, check permissions
+    if query_organization.is_claimed(conn_lock!(context))? {
         if let Some(auth_user) = auth_user.as_ref() {
             query_project.try_allowed(&context.rbac, auth_user, Permission::Create)?;
         } else {
@@ -75,6 +76,9 @@ async fn post_inner(
                 query_project.slug
             )));
         }
+    // If the organization is not claimed and the user is authenticated, claim it
+    } else if let Some(auth_user) = auth_user.as_ref() {
+        query_organization.claim(context, &auth_user.user).await?;
     }
     QueryReport::create(
         log,

lib/api_run/src/run.rs

@@ -31,6 +31,7 @@ pub use organization::{plan::JsonPlan, usage::JsonUsage};
 
 pub use big_int::BigInt;
 pub use organization::{
+    claim::JsonNewClaim,
     member::{JsonMember, JsonMembers},
     JsonNewOrganization, JsonOrganization, JsonOrganizations, OrganizationUuid,
 };
@@ -40,7 +41,6 @@ pub use project::{
     benchmark::{BenchmarkUuid, JsonBenchmark, JsonBenchmarks},
     boundary::{BoundaryUuid, JsonBoundaries, JsonBoundary},
     branch::{BranchUuid, JsonBranch, JsonBranches, JsonNewBranch, JsonNewStartPoint},
-    claim::JsonNewClaim,
     head::{HeadUuid, JsonHead, JsonStartPoint, VersionUuid},
     measure::{JsonMeasure, JsonMeasures, JsonNewMeasure, MeasureUuid},
     metric::{

lib/bencher_json/src/lib.rs

@@ -5,4 +5,8 @@ use serde::{Deserialize, Serialize};
 #[typeshare::typeshare]
 #[derive(Debug, Clone, Serialize, Deserialize)]
 #[cfg_attr(feature = "schema", derive(JsonSchema))]
-pub struct JsonNewClaim {}
+pub struct JsonNewClaim {
+    // This is a bit of a kludge to make this an empty object
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub empty: Option<()>,
+}

lib/bencher_json/src/project/claim.rs renamed to lib/bencher_json/src/organization/claim.rs

@@ -11,6 +11,7 @@ use serde::{
 
 use crate::UserUuid;
 
+pub mod claim;
 pub mod member;
 pub mod plan;
 pub mod usage;

lib/bencher_json/src/organization/mod.rs

@@ -17,7 +17,6 @@ pub mod alert;
 pub mod benchmark;
 pub mod boundary;
 pub mod branch;
-pub mod claim;
 pub mod head;
 pub mod measure;
 pub mod metric;