simonsobs
diff --git a/‎soauth/api/app.py‎
Lines changed: 2 additions & 0 deletions b/‎soauth/api/app.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎soauth/api/members.py‎
Lines changed: 258 additions & 0 deletions b/‎soauth/api/members.py‎
Lines changed: 258 additions & 0 deletions
diff --git a/‎soauth/app/app.py‎
Lines changed: 4 additions & 0 deletions b/‎soauth/app/app.py‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎soauth/app/dependencies.py‎
Lines changed: 1 addition & 0 deletions b/‎soauth/app/dependencies.py‎
Lines changed: 1 addition & 0 deletions
@@ -18,6 +18,7 @@
 from .groups import group_app
 from .keys import key_management_routes
 from .login import login_app
+from .members import membership_app
 
 settings = SETTINGS()
 
@@ -90,3 +91,4 @@ async def lifespan(app: FastAPI):
 app.include_router(app_management_routes, prefix="/apps")
 app.include_router(key_management_routes, prefix="/keys")
 app.include_router(group_app, prefix="/groups")
+app.include_router(membership_app, prefix="/membership")
@@ -0,0 +1,258 @@
+"""
+Membership management.
+"""
+
+
+from fastapi import APIRouter, HTTPException
+from pydantic import BaseModel
+
+from soauth.api.dependencies import DatabaseDependency, LoggerDependency
+from soauth.core.members import InstitutionData, InstitutionalMembershipData
+from soauth.toolkit.fastapi import AuthenticatedUserDependency
+
+from soauth.service import membership as membership_service
+from soauth.service import user as user_service
+from soauth.core.uuid import UUID
+
+membership_app = APIRouter(tags=["Membership Management"])
+
+
+@membership_app.put(
+    "",
+    summary="Create a new institution",
+    description="Create a new institution, only available to either admins or users "
+    "with the membership grant.",
+    responses={
+        200: {"description": "Institution created."},
+        401: {"description": "Unauthorized."},
+    }
+)
+async def create_institution(
+    institution: InstitutionData,
+    user: AuthenticatedUserDependency,
+    conn: DatabaseDependency,
+    log: LoggerDependency,
+) -> InstitutionData:
+    """
+    Create a new institution.
+    """
+    log = log.bind(user_id=user.user_id)
+
+    if "admin" not in user.grants and "membership" not in user.grants:
+        await log.awarning("institution.create_unauthorized")
+        raise HTTPException(status_code=401, detail="Unauthorized")
+
+    created_institution = await membership_service.create_institution(
+        institution_name=institution.institution_name,
+        unit_name=institution.unit_name,
+        publication_text=institution.publication_text,
+        role=institution.role,
+        conn=conn,
+        log=log
+    )
+    await log.ainfo("institution.created", institution_id=created_institution.institution_id)
+
+    return created_institution.to_core()
+
+
+@membership_app.get(
+    "/list",
+    summary="List all institutions",
+    description="Retrieve a list of all institutions, only available to either admins "
+    "or users with the membership grant.",
+    responses={
+        200: {"description": "List of institutions."},
+        401: {"description": "Unauthorized."},
+    }
+)
+async def list_institutions(
+    user: AuthenticatedUserDependency,
+    conn: DatabaseDependency,
+    log: LoggerDependency,
+) -> list[InstitutionData]:
+    """
+    List all institutions.
+    """
+    log = log.bind(user_id=user.user_id)
+
+    if "admin" not in user.grants and "membership" not in user.grants:
+        await log.awarning("institution.list_unauthorized")
+        raise HTTPException(status_code=401, detail="Unauthorized")
+
+    institutions = await membership_service.get_institution_list(conn=conn, log=log)
+    await log.adebug("institution.listed")
+
+    return [i.to_core() for i in institutions]
+
+
+@membership_app.get(
+    "/{institution_id}",
+    summary="Get institution by ID",
+    description="Retrieve an institution by its ID, only available to either admins "
+    "or users with the membership grant.",
+    responses={
+        200: {"description": "Institution details."},
+        401: {"description": "Unauthorized."},
+        404: {"description": "Institution not found."},
+    }
+)
+async def get_institution(
+    institution_id: UUID,
+    user: AuthenticatedUserDependency,
+    conn: DatabaseDependency,
+    log: LoggerDependency,
+) -> dict[str, InstitutionData | list[InstitutionalMembershipData]]:
+    """
+    Get institution by ID.
+    """
+    log = log.bind(user_id=user.user_id)
+
+    if "admin" not in user.grants and "membership" not in user.grants:
+        await log.awarning("institution.get_unauthorized", institution_id=institution_id)
+        raise HTTPException(status_code=401, detail="Unauthorized")
+
+    institution = await membership_service.read_by_id(institution_id=institution_id, conn=conn, log=log)
+    await log.adebug("institution.retrieved", institution_id=institution_id)
+
+    members = await membership_service.get_membership_list_of_institution(institution_id=institution_id, conn=conn, log=log)
+    await log.adebug("institution.members_retrieved", institution_id=institution_id, number_of_members=len(members))
+
+    return {
+        "institution": institution.to_core(),
+        "members": [x.to_core() for x in members]
+    }
+
+
+@membership_app.post(
+    "/{institution_id}/add_member/{user_id}",
+    summary="Add a member to an institution",
+    description="Add a user as a member to an institution, only available to either "
+    "admins or users with the membership grant.",
+    responses={
+        200: {"description": "User added as member."},
+        401: {"description": "Unauthorized."},
+        404: {"description": "Institution or user not found."},
+        400: {"description": "User is not a member."},
+    })
+async def add_member_to_institution(
+    institution_id: UUID,
+    user_id: UUID,
+    user: AuthenticatedUserDependency,
+    conn: DatabaseDependency,
+    log: LoggerDependency,
+) -> None:
+    """
+    Add a member to an institution.
+    """
+    log = log.bind(user_id=user.user_id, institution_id=institution_id, new_member_id=user_id)
+
+    if "admin" not in user.grants and "membership" not in user.grants:
+        await log.awarning("institution.add_member_unauthorized", institution_id=institution_id)
+        raise HTTPException(status_code=401, detail="Unauthorized")
+
+    await membership_service.add_member_to_institution(
+        institution_id=institution_id,
+        user_id=user_id,
+        conn=conn,
+        log=log
+    )
+    await log.ainfo("institution.member_added")
+
+    return None
+
+
+@membership_app.post(
+    "/{institution_id}/remove_member/{user_id}",
+)
+async def remove_member_from_institution():
+    raise NotImplementedError()
+
+
+@membership_app.get(
+    "/details/{user_id}",
+    summary="Get member details",
+    description="Retrieve member details by user ID, only available to either admins "
+    "or users with the membership grant.",
+    responses={
+        200: {"description": "Member details."},
+        401: {"description": "Unauthorized."},
+        404: {"description": "User not found."},
+    }
+)
+async def get_member_details(
+    user_id: UUID,
+    user: AuthenticatedUserDependency,
+    conn: DatabaseDependency,
+    log: LoggerDependency,
+) -> dict:
+    """
+    Get member details by user ID.
+    """
+    log = log.bind(user_id=user.user_id, queried_user_id=user_id)
+
+    if "admin" not in user.grants and "membership" not in user.grants:
+        await log.awarning("membership.get_details_unauthorized", queried_user_id=user_id)
+        raise HTTPException(status_code=401, detail="Unauthorized")
+
+    user = await user_service.read_by_id(user_id=user_id, conn=conn)
+
+    await log.adebug("membership.details_retrieved", queried_user_id=user_id)
+
+    if user.membership is None:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    return user.membership.to_core()
+
+
+class PromoteToMemberRequest(BaseModel):
+    first_name: str
+    last_name: str
+    email: str
+    status: str
+    confluence: str | None = None
+    website: str | None = None
+    orcid: str | None = None
+
+@membership_app.post(
+    "/promote/{user_id}",
+    summary="Promote a user to member",
+    description="Promote a user to member, only available to either admins "
+    "or users with the membership grant.",
+    responses={
+        200: {"description": "User promoted to member."},
+        401: {"description": "Unauthorized."},
+        404: {"description": "User not found."},
+    }
+)
+async def promote_user_to_member(
+    user_id: UUID,
+    details: PromoteToMemberRequest,
+    user: AuthenticatedUserDependency,
+    conn: DatabaseDependency,
+    log: LoggerDependency,
+) -> None:
+    """
+    Promote a user to member.
+    """
+    log = log.bind(user_id=user.user_id, promoted_user_id=user_id)
+
+    if "admin" not in user.grants and "membership" not in user.grants:
+        await log.awarning("membership.promote_unauthorized", promoted_user_id=user_id)
+        raise HTTPException(status_code=401, detail="Unauthorized")
+
+    await membership_service.update_user_to_be_member(
+        user_id=user_id,
+        first_name=details.first_name,
+        last_name=details.last_name,
+        email=details.email,
+        status=details.status,
+        confluence=details.confluence,
+        website=details.website,
+        orcid=details.orcid,
+        conn=conn,
+        log=log
+    )
+    await log.ainfo("membership.user_promoted")
+
+    return None
+
@@ -18,6 +18,7 @@
 from .groups import router as group_router
 from .keys import router as key_router
 from .users import router as user_router
+from .institutions import router as institutions_router
 
 settings = Settings()
 
@@ -69,6 +70,8 @@ async def lifespan(app: FastAPI):
     app.group_detail_url = f"{settings.hostname}/groups"
     app.group_list_url = f"{settings.hostname}/groups/list"
     app.group_grant_update_url = f"{settings.hostname}/admin/group"
+    app.institution_detail_url = f"{settings.hostname}/membership"
+    app.institution_list_url = f"{settings.hostname}/membership/list"
     yield
 
 
@@ -101,3 +104,4 @@ async def apple(param: str | None):
 app.include_router(user_router)
 app.include_router(key_router)
 app.include_router(group_router)
+app.include_router(institutions_router)
@@ -27,6 +27,7 @@ def internal_urls(request: Request):
             logout_url=f"{settings.management_hostname}{settings.management_path}/logout",
             login_url=f"{settings.hostname}/login/{request.app.app_id}",
             group_list=f"{settings.management_hostname}{settings.management_path}/groups",
+            institution_list=f"{settings.management_hostname}{settings.management_path}/institutions",
         )
 
     def user_and_scope(request: Request):
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ def internal_urls(request: Request):`
`27`	`27`	`logout_url=f"{settings.management_hostname}{settings.management_path}/logout",`
`28`	`28`	`login_url=f"{settings.hostname}/login/{request.app.app_id}",`
`29`	`29`	`group_list=f"{settings.management_hostname}{settings.management_path}/groups",`
	`30`	`+ institution_list=f"{settings.management_hostname}{settings.management_path}/institutions",`
`30`	`31`	`)`
`31`	`32`
`32`	`33`	`def user_and_scope(request: Request):`