Work in progress: Add the team management page

2013-11-04 14:56:54 -05:00 · 2013-11-04 14:56:54 -05:00 · ecbd1f1ef3
commit ecbd1f1ef3
parent 100ec563fa
9 changed files with 272 additions and 6 deletions
--- a/endpoints/api.py
+++ b/endpoints/api.py
@ -57,9 +57,11 @@ def plans_list():
@app.route('/api/user/', methods=['GET'])
 def get_logged_in_user():
  def org_view(o):
+    # TODO: return whether the user is really the admin of the organization
    return {
      'name': o.username,
      'gravatar': compute_hash(o.email),
+      'is_org_admin': True
    }

  if current_user.is_anonymous():
@ -256,7 +258,7 @@ def get_organization(orgname):
    abort(404)

  teams = model.get_user_teams_within_org(user.username, org)
-  return jsonify(org_view(organization, teams))
+  return jsonify(org_view(org, teams))


@app.route('/api/organization/<orgname>/private', methods=['GET'])
@ -286,6 +288,89 @@ def get_organization_private_allowed(orgname):
  })


+@app.route('/api/organization/<orgname>/team/<teamname>/members', methods=['GET'])
+def get_organization_team_members(orgname, teamname):
+  def member_view(m):
+    return {
+      'username': m.username
+    }
+
+  if current_user.is_anonymous():
+    abort(404)
+
+  # TODO: determine whether the user has permission to view the team members of this team
+  # (i.e. they are a member of the team [maybe??] OR they are an admin of the org)
+  user = current_user.db_user()
+  team = None
+
+  try:
+    team = model.get_organization_team(orgname, teamname)
+  except:
+    abort(404)
+    
+  members = model.get_organization_team_members(team.id)
+  return jsonify({
+    'members': [member_view(m) for m in members]
+  })
+
+
+@app.route('/api/organization/<orgname>/team/<teamname>/members/<membername>', methods=['PUT', 'POST'])
+def update_organization_team_member(orgname, teamname, membername):
+  if current_user.is_anonymous():
+    abort(404)
+
+  # TODO: determine whether the user has permission to put this user as a member of the team.
+  team = None
+  user = None
+
+  # Find the team.
+  try:
+    team = model.get_organization_team(orgname, teamname)
+  except:
+    abort(404)
+
+  # Find the user.
+  user = model.get_user(membername)
+  if not user:
+    abort(400)
+    
+  # Add the user to the team.
+  model.add_user_to_team(user, team)
+
+  return jsonify({
+    'success': True
+  })
+
+
+@app.route('/api/organization/<orgname>/team/<teamname>/members/<membername>', methods=['DELETE'])
+def delete_organization_team_member(orgname, teamname, membername):
+  if current_user.is_anonymous():
+    abort(404)
+
+  # TODO: determine whether the user has permission to delete this user as a member of the team.
+  team = None
+  user = None
+
+  # Find the team.
+  try:
+    team = model.get_organization_team(orgname, teamname)
+  except:
+    abort(404)
+
+  # Find the user.
+  user = model.get_user(membername)
+  if not user:
+    abort(400)
+    
+  # Remote the user from the team.
+  model.remove_user_from_team(user, team)
+
+  return jsonify({
+    'success': True
+  })
+
+
+
@app.route('/api/repository', methods=['POST'])
@api_login_required
 def create_repo_api():