Merge pull request #7762 from schrodingersket/feature/7665

Account Management API: Added v2 API endpoint to list project collaborators…

Author: haraldschilly

src/packages/next/components/project/project.tsx

@@ -17,7 +17,7 @@ import Loading from "components/share/loading";
 import { Layout } from "components/share/layout";
 import A from "components/misc/A";
 import { Customize } from "lib/share/customize";
-import { User } from "lib/share/types";
+import { ProjectCollaborator } from "lib/api/schema/projects/collaborators/list";
 import Edit from "./edit";
 import editURL from "lib/share/edit-url";
 import Markdown from "@cocalc/frontend/editors/slate/static-markdown";
@@ -104,7 +104,7 @@ export default function Project({
 
 function isCollaborator(
   account: undefined | { account_id: string },
-  collaborators: User[]
+  collaborators: ProjectCollaborator[],
 ): boolean {
   const account_id = account?.account_id;
   if (account_id == null) return false;

src/packages/next/components/share/collaborators.tsx

@@ -1,10 +1,10 @@
 import User from "./user";
-import { User as IUser } from "lib/share/types";
+import { ProjectCollaborator } from "lib/api/schema/projects/collaborators/list";
 
 export default function Collaborators({
   collaborators,
 }: {
-  collaborators: IUser[];
+  collaborators: ProjectCollaborator[];
 }) {
   const v: JSX.Element[] = [];
   for (const user of collaborators ?? []) {

src/packages/next/lib/api/schema/projects/collaborators/list.ts

@@ -0,0 +1,37 @@
+import { z } from "../../../framework";
+
+import { FailedAPIOperationSchema } from "../../common";
+
+import { ProjectIdSchema } from "../common";
+
+export const ProjectCollaboratorSchema = z.object({
+  account_id: z.string().uuid(),
+  first_name: z.string(),
+  last_name: z.string(),
+});
+
+export type ProjectCollaborator = z.infer<typeof ProjectCollaboratorSchema>;
+
+// OpenAPI spec
+//
+export const ListProjectCollaboratorsInputSchema = z
+  .object({
+    project_id: ProjectIdSchema,
+  })
+  .describe(
+    `List all collaborators on a project. When executed as an administrator, any project 
+     may be queried; otherwise, this endpoint only returns collaborators on projects for 
+     which the client account is itself a collaborator.`,
+  );
+
+export const ListProjectCollaboratorsOutputSchema = z.union([
+  FailedAPIOperationSchema,
+  z.array(ProjectCollaboratorSchema),
+]);
+
+export type ListProjectCollaboratorsInput = z.infer<
+  typeof ListProjectCollaboratorsInputSchema
+>;
+export type ListProjectCollaboratorsOutput = z.infer<
+  typeof ListProjectCollaboratorsOutputSchema
+>;

src/packages/next/lib/share/get-collaborators.ts

@@ -8,19 +8,31 @@ Get the collaborators on a given project.  Unlisted collaborators are NOT includ
 */
 
 import getPool from "@cocalc/database/pool";
-import { User } from "./types";
 import { isUUID } from "./util";
+import { ProjectCollaborator } from "../api/schema/projects/collaborators/list";
 
 export default async function getCollaborators(
-  project_id: string
-): Promise<User[]> {
+  project_id: string,
+  account_id?: string,
+): Promise<ProjectCollaborator[]> {
   if (!isUUID(project_id)) {
     throw Error("project_id must be a uuid");
   }
-  const pool = getPool('medium');
+  const pool = getPool("medium");
+  let subQuery = `SELECT jsonb_object_keys(users) AS account_id FROM projects WHERE project_id=$1`;
+
+  const queryParams = [project_id];
+
+  if (account_id) {
+    queryParams.push(account_id);
+    subQuery += ` AND users ? $${queryParams.length}::TEXT`;
+  }
+
   const result = await pool.query(
-    "SELECT accounts.account_id, accounts.first_name, accounts.last_name FROM accounts, (SELECT jsonb_object_keys(users) AS account_id FROM projects WHERE project_id=$1) AS users WHERE accounts.account_id=users.account_id::UUID AND accounts.unlisted IS NOT TRUE",
-    [project_id]
+    `SELECT accounts.account_id, accounts.first_name, accounts.last_name FROM accounts, (${subQuery}) 
+        AS users WHERE accounts.account_id=users.account_id::UUID 
+                   AND accounts.unlisted IS NOT TRUE`,
+    queryParams,
   );
   return result.rows;
 }

src/packages/next/lib/share/types.ts

@@ -3,12 +3,6 @@
  *  License: MS-RSL – see LICENSE.md for details
  */
 
-export interface User {
-  account_id: string;
-  first_name: string;
-  last_name: string;
-}
-
 export interface PublicPath {
   id: string;
   path?: string;

src/packages/next/pages/api/v2/projects/collaborators/list.ts

@@ -0,0 +1,62 @@
+/*
+API endpoint to list collaborators for a particular project.
+
+Permissions checks are performed by the underlying API call and are NOT
+executed at this stage.
+
+*/
+import userIsInGroup from "@cocalc/server/accounts/is-in-group";
+
+import getAccountId from "lib/account/get-account";
+import getParams from "lib/api/get-params";
+import { apiRoute, apiRouteOperation } from "lib/api";
+import {
+  ListProjectCollaboratorsInputSchema,
+  ListProjectCollaboratorsOutputSchema,
+} from "lib/api/schema/projects/collaborators/list";
+import getCollaborators from "lib/share/get-collaborators";
+
+async function handle(req, res) {
+  try {
+    const client_account_id = await getAccountId(req);
+    const { project_id } = getParams(req);
+
+    // Check authentication
+    //
+    if (!client_account_id) {
+      throw Error("must be signed in");
+    }
+
+    // Allow arbitrary project collaborator queries if client is an administrator.
+    // Otherwise, restrict by client account id.
+    //
+    const collaborators = (await userIsInGroup(client_account_id, "admin"))
+      ? await getCollaborators(project_id)
+      : await getCollaborators(project_id, client_account_id);
+
+    res.json(collaborators);
+  } catch (err) {
+    res.json({ error: err.message });
+  }
+}
+
+export default apiRoute({
+  listProjectCollaborators: apiRouteOperation({
+    method: "POST",
+    openApiOperation: {
+      tags: ["Projects", "Admin"],
+    },
+  })
+    .input({
+      contentType: "application/json",
+      body: ListProjectCollaboratorsInputSchema,
+    })
+    .outputs([
+      {
+        status: 200,
+        contentType: "application/json",
+        body: ListProjectCollaboratorsOutputSchema,
+      },
+    ])
+    .handler(handle),
+});