Add endpoints for group management

Relocate search-users endpoint

Add tests for group creation

Add admin endpoints for group listing and tweak user listing

Restructure group routes and add test for search-groups

Refactor API routes

Fix group lookup for users

Improve endpoint and testing for adding user to existing group

Co-Authored-By: Benjamin Charmes <BenjaminCharmes@users.noreply.github.com>

Author: ml-evs

pydatalab/schemas/cell.json

@@ -381,6 +381,64 @@
       ],
       "type": "string"
     },
+    "Group": {
+      "title": "Group",
+      "description": "A model that describes a group of users, for the sake\nof applying group permissions.\n\nEach `Person` can point to multiple groups.\n\nRelationships between groups can be described via the `relationships`\nfield inherited from `Entry`.",
+      "type": "object",
+      "properties": {
+        "type": {
+          "title": "Type",
+          "default": "groups",
+          "const": "groups",
+          "type": "string"
+        },
+        "immutable_id": {
+          "title": "Immutable ID",
+          "format": "uuid",
+          "type": "string"
+        },
+        "last_modified": {
+          "title": "Last Modified",
+          "type": "string",
+          "format": "date-time"
+        },
+        "relationships": {
+          "title": "Relationships",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/TypedRelationship"
+          }
+        },
+        "group_id": {
+          "title": "Group Id",
+          "minLength": 1,
+          "maxLength": 40,
+          "pattern": "^(?:[a-zA-Z0-9]+|[a-zA-Z0-9][a-zA-Z0-9._-]+[a-zA-Z0-9])$",
+          "type": "string"
+        },
+        "display_name": {
+          "title": "Display Name",
+          "minLength": 1,
+          "maxLength": 150,
+          "type": "string"
+        },
+        "description": {
+          "title": "Description",
+          "type": "string"
+        },
+        "managers": {
+          "title": "Managers",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "required": [
+        "group_id",
+        "display_name"
+      ]
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -452,6 +510,13 @@
             }
           ]
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "account_status": {
           "default": "unverified",
           "allOf": [

pydatalab/schemas/equipment.json

@@ -345,6 +345,64 @@
       ],
       "type": "string"
     },
+    "Group": {
+      "title": "Group",
+      "description": "A model that describes a group of users, for the sake\nof applying group permissions.\n\nEach `Person` can point to multiple groups.\n\nRelationships between groups can be described via the `relationships`\nfield inherited from `Entry`.",
+      "type": "object",
+      "properties": {
+        "type": {
+          "title": "Type",
+          "default": "groups",
+          "const": "groups",
+          "type": "string"
+        },
+        "immutable_id": {
+          "title": "Immutable ID",
+          "format": "uuid",
+          "type": "string"
+        },
+        "last_modified": {
+          "title": "Last Modified",
+          "type": "string",
+          "format": "date-time"
+        },
+        "relationships": {
+          "title": "Relationships",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/TypedRelationship"
+          }
+        },
+        "group_id": {
+          "title": "Group Id",
+          "minLength": 1,
+          "maxLength": 40,
+          "pattern": "^(?:[a-zA-Z0-9]+|[a-zA-Z0-9][a-zA-Z0-9._-]+[a-zA-Z0-9])$",
+          "type": "string"
+        },
+        "display_name": {
+          "title": "Display Name",
+          "minLength": 1,
+          "maxLength": 150,
+          "type": "string"
+        },
+        "description": {
+          "title": "Description",
+          "type": "string"
+        },
+        "managers": {
+          "title": "Managers",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "required": [
+        "group_id",
+        "display_name"
+      ]
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -416,6 +474,13 @@
             }
           ]
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "account_status": {
           "default": "unverified",
           "allOf": [

pydatalab/schemas/sample.json

@@ -434,6 +434,64 @@
       ],
       "type": "string"
     },
+    "Group": {
+      "title": "Group",
+      "description": "A model that describes a group of users, for the sake\nof applying group permissions.\n\nEach `Person` can point to multiple groups.\n\nRelationships between groups can be described via the `relationships`\nfield inherited from `Entry`.",
+      "type": "object",
+      "properties": {
+        "type": {
+          "title": "Type",
+          "default": "groups",
+          "const": "groups",
+          "type": "string"
+        },
+        "immutable_id": {
+          "title": "Immutable ID",
+          "format": "uuid",
+          "type": "string"
+        },
+        "last_modified": {
+          "title": "Last Modified",
+          "type": "string",
+          "format": "date-time"
+        },
+        "relationships": {
+          "title": "Relationships",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/TypedRelationship"
+          }
+        },
+        "group_id": {
+          "title": "Group Id",
+          "minLength": 1,
+          "maxLength": 40,
+          "pattern": "^(?:[a-zA-Z0-9]+|[a-zA-Z0-9][a-zA-Z0-9._-]+[a-zA-Z0-9])$",
+          "type": "string"
+        },
+        "display_name": {
+          "title": "Display Name",
+          "minLength": 1,
+          "maxLength": 150,
+          "type": "string"
+        },
+        "description": {
+          "title": "Description",
+          "type": "string"
+        },
+        "managers": {
+          "title": "Managers",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "required": [
+        "group_id",
+        "display_name"
+      ]
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -505,6 +563,13 @@
             }
           ]
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "account_status": {
           "default": "unverified",
           "allOf": [

pydatalab/schemas/startingmaterial.json

@@ -487,6 +487,64 @@
       ],
       "type": "string"
     },
+    "Group": {
+      "title": "Group",
+      "description": "A model that describes a group of users, for the sake\nof applying group permissions.\n\nEach `Person` can point to multiple groups.\n\nRelationships between groups can be described via the `relationships`\nfield inherited from `Entry`.",
+      "type": "object",
+      "properties": {
+        "type": {
+          "title": "Type",
+          "default": "groups",
+          "const": "groups",
+          "type": "string"
+        },
+        "immutable_id": {
+          "title": "Immutable ID",
+          "format": "uuid",
+          "type": "string"
+        },
+        "last_modified": {
+          "title": "Last Modified",
+          "type": "string",
+          "format": "date-time"
+        },
+        "relationships": {
+          "title": "Relationships",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/TypedRelationship"
+          }
+        },
+        "group_id": {
+          "title": "Group Id",
+          "minLength": 1,
+          "maxLength": 40,
+          "pattern": "^(?:[a-zA-Z0-9]+|[a-zA-Z0-9][a-zA-Z0-9._-]+[a-zA-Z0-9])$",
+          "type": "string"
+        },
+        "display_name": {
+          "title": "Display Name",
+          "minLength": 1,
+          "maxLength": 150,
+          "type": "string"
+        },
+        "description": {
+          "title": "Description",
+          "type": "string"
+        },
+        "managers": {
+          "title": "Managers",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "required": [
+        "group_id",
+        "display_name"
+      ]
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -558,6 +616,13 @@
             }
           ]
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "account_status": {
           "default": "unverified",
           "allOf": [

pydatalab/src/pydatalab/login.py

@@ -9,7 +9,7 @@
 from flask_login import LoginManager, UserMixin
 
 from pydatalab.models import Person
-from pydatalab.models.people import AccountStatus, Identity, IdentityType
+from pydatalab.models.people import AccountStatus, Group, Identity, IdentityType
 from pydatalab.models.utils import UserRole
 from pydatalab.mongo import flask_mongo
 
@@ -72,6 +72,11 @@ def identity_types(self) -> list[IdentityType]:
         """Returns a list of the identity types associated with the user."""
         return [_.identity_type for _ in self.person.identities]
 
+    @property
+    def groups(self) -> list[Group]:
+        """Returns the list of groups that the user is a member of."""
+        return self.person.groups
+
     def refresh(self) -> None:
         """Reconstruct the user object from their database entry, to be used when,
         e.g., a new identity has been associated with them.
@@ -87,6 +92,19 @@ def get_by_id_cached(user_id):
     return get_by_id(user_id)
 
 
+def groups_lookup() -> dict:
+    return {
+        "from": "groups",
+        "let": {"group_ids": "$groups.immutable_id"},
+        "pipeline": [
+            {"$match": {"$expr": {"$in": ["$_id", {"$ifNull": ["$$group_ids", []]}]}}},
+            {"$sort": {"__order": 1}},
+            {"$project": {"_id": 1, "display_name": 1, "group_id": 1}},
+        ],
+        "as": "groups",
+    }
+
+
 def get_by_id(user_id: str) -> LoginUser | None:
     """Lookup the user database ID and create a new `LoginUser`
     with the relevant metadata.
@@ -100,7 +118,12 @@ def get_by_id(user_id: str) -> LoginUser | None:
 
     """
 
-    user = flask_mongo.db.users.find_one({"_id": ObjectId(user_id)})
+    user = flask_mongo.db.users.aggregate(
+        [
+            {"$match": {"_id": ObjectId(user_id)}},
+            {"$lookup": groups_lookup()},
+        ]
+    ).next()
     if not user:
         return None