Basic implementation of admin in user collection in mongodb (#809)

* Basic implementation of admin in user collection in mongodb

* black formatting

* adding codegen files

* minor fix to boolean logic

* Adding get_admin dependency

black formatting

adding codegen file

removing redundant print statement

fixing pytest failure

fixing pytest failure

ran black

* fixed pytest failure

* using function count

Author: ddey2

backend/app/models/users.py

@@ -31,6 +31,7 @@ class Settings:
 class UserDB(UserDoc):
     hashed_password: str = Field()
     keycloak_id: Optional[str] = None
+    admin: bool
 
     def verify_password(self, password):
         return pwd_context.verify(password, self.hashed_password)

backend/app/routers/authentication.py

@@ -8,9 +8,11 @@
 )
 from passlib.hash import bcrypt
 
-from app import dependencies
-from app.keycloak_auth import create_user
+from beanie import PydanticObjectId
+
+from app.keycloak_auth import create_user, get_current_user
 from app.keycloak_auth import keycloak_openid
+from app.models.datasets import DatasetDB
 from app.models.users import UserDB, UserIn, UserOut, UserLogin
 
 router = APIRouter()
@@ -38,11 +40,25 @@ async def save_user(userIn: UserIn):
 
     # create local user
     hashed_password = bcrypt.hash(userIn.password)
-    user = UserDB(
-        **userIn.dict(),
-        hashed_password=hashed_password,
-        keycloak_id=keycloak_user,
-    )
+
+    # check if this is the 1st user, make it admin
+    count = await UserDB.count()
+
+    if count == 0:
+        user = UserDB(
+            **userIn.dict(),
+            admin=True,
+            hashed_password=hashed_password,
+            keycloak_id=keycloak_user,
+        )
+    else:
+        user = UserDB(
+            **userIn.dict(),
+            admin=False,
+            hashed_password=hashed_password,
+            keycloak_id=keycloak_user,
+        )
+
     await user.insert()
     return user.dict()
 
@@ -75,3 +91,41 @@ async def authenticate_user(email: str, password: str):
     if not user.verify_password(password):
         return None
     return user
+
+
+async def get_admin(dataset_id: str = None, current_username=Depends(get_current_user)):
+    if (
+        dataset_id
+        and (dataset_db := await DatasetDB.get(PydanticObjectId(dataset_id)))
+        is not None
+    ):
+        return DatasetDB.creator.email == current_username.email
+    else:
+        if (
+            current_user := await UserDB.find_one(
+                UserDB.email == current_username.email
+            )
+        ) is not None:
+            return current_user.admin
+        else:
+            raise HTTPException(
+                status_code=404, detail=f"User {current_username.email} not found"
+            )
+
+
+@router.post("/users/set_admin/{useremail}", response_model=UserOut)
+async def set_admin(
+    useremail: str, current_username=Depends(get_current_user), admin=Depends(get_admin)
+):
+    if admin:
+        if (user := await UserDB.find_one(UserDB.email == useremail)) is not None:
+            user.admin = True
+            await user.replace()
+            return user.dict()
+        else:
+            raise HTTPException(status_code=404, detail=f"User {useremail} not found")
+    else:
+        raise HTTPException(
+            status_code=403,
+            detail=f"User {current_username.email} is not an admin. Only admin can make others admin.",
+        )

backend/app/routers/keycloak.py

@@ -117,13 +117,28 @@ async def auth(code: str) -> RedirectResponse:
     given_name = userinfo.get("given_name", " ")
     family_name = userinfo.get("family_name", " ")
     email = userinfo["email"]
-    user = UserDB(
-        email=email,
-        first_name=given_name,
-        last_name=family_name,
-        hashed_password="",
-        keycloak_id=keycloak_id,
-    )
+
+    # check if this is the 1st user, make it admin
+    count = await UserDB.count()
+
+    if count == 0:
+        user = UserDB(
+            email=email,
+            first_name=given_name,
+            last_name=family_name,
+            hashed_password="",
+            keycloak_id=keycloak_id,
+            admin=True,
+        )
+    else:
+        user = UserDB(
+            email=email,
+            first_name=given_name,
+            last_name=family_name,
+            hashed_password="",
+            keycloak_id=keycloak_id,
+            admin=False,
+        )
     matched_user = await UserDB.find_one(UserDB.email == email)
     if matched_user is None:
         await user.insert()

frontend/src/openapi/v2/services/LoginService.ts

@@ -49,4 +49,27 @@ export class LoginService {
         });
     }
 
+    /**
+     * Set Admin
+     * @param useremail
+     * @param datasetId
+     * @returns UserOut Successful Response
+     * @throws ApiError
+     */
+    public static setAdminApiV2UsersSetAdminUseremailPost(
+        useremail: string,
+        datasetId?: string,
+    ): CancelablePromise<UserOut> {
+        return __request({
+            method: 'POST',
+            path: `/api/v2/users/set_admin/${useremail}`,
+            query: {
+                'dataset_id': datasetId,
+            },
+            errors: {
+                422: `Validation Error`,
+            },
+        });
+    }
+
 }