Organisation admin role

src/backend/app/db/db_models.py

@@ -147,6 +147,7 @@ class DbOrganisation(Base):
     description = Column(String)
     url = Column(String)
     type = Column(Enum(OrganisationType), default=OrganisationType.FREE, nullable=False)
+    approved = Column(Boolean, default=False)
     # subscription_tier = Column(Integer)
 
     managers = relationship(

src/backend/app/organisations/organisation_crud.py

@@ -24,21 +24,28 @@
 from sqlalchemy import update
 from sqlalchemy.orm import Session
 
+from app.auth.osm import AuthUser
 from app.config import settings
 from app.db import db_models
-from app.models.enums import HTTPStatus
+from app.models.enums import HTTPStatus, UserRole
 from app.organisations.organisation_deps import (
     get_organisation_by_name,
 )
 from app.organisations.organisation_schemas import OrganisationEdit, OrganisationIn
 from app.s3 import add_obj_to_bucket
+from app.users import user_crud
 
 
-def get_organisations(
-    db: Session,
-):
+def get_organisations(db: Session, current_user: AuthUser, approved: bool):
     """Get all orgs."""
-    return db.query(db_models.DbOrganisation).all()
+    if (
+        db.query(db_models.DbUser)
+        .filter_by(id=current_user["id"], role=UserRole.ADMIN)
+        .first()
+    ):
+        return db.query(db_models.DbOrganisation).filter_by(approved=approved).all()
+
+    return db.query(db_models.DbOrganisation).filter_by(approved=True).all()
 
 
 async def upload_logo_to_s3(
@@ -186,3 +193,46 @@ async def delete_organisation(
     db.commit()
 
     return Response(status_code=HTTPStatus.NO_CONTENT)
+
+
+async def add_organisation_admin(
+    db: Session, user_id: int, organization: db_models.DbOrganisation
+):
+    """Adds a user as an admin to the specified organisation.
+
+    Args:
+        db (Session): The database session.
+        user_id (int): The ID of the user to be added as an admin.
+        organization (DbOrganisation): The organisation model instance.
+
+    Returns:
+        Response: The HTTP response with status code 200.
+    """
+    # get the user model instance
+    user_model_instance = await user_crud.get_user(db, user_id)
+
+    # add data to the managers field in organisation model
+    organization.managers.append(user_model_instance)
+    db.commit()
+
+    return Response(status_code=HTTPStatus.OK)
+
+
+async def approve_organisation(db, organisation_id):
+    """Approves an oranisation request made by the user .
+
+    Args:
+        db: The database session.
+        organisation_id: The ID of the organisation to be approved.
+
+    Returns:
+        Response: An HTTP response with the status code 200.
+    """
+    db_org = (
+        db.query(db_models.DbOrganisation)
+        .filter(db_models.DbOrganisation.id == organisation_id)
+        .first()
+    )
+    db_org.approved = True
+    db.commit()
+    return Response(status_code=HTTPStatus.OK)

src/backend/app/organisations/organisation_deps.py

@@ -43,6 +43,7 @@ async def get_organisation_by_name(db: Session, org_name: str) -> DbOrganisation
     """
     return (
         db.query(DbOrganisation)
+        .filter_by(approved=True)
         .filter(func.lower(DbOrganisation.name).like(func.lower(f"%{org_name}%")))
         .first()
     )
@@ -58,7 +59,7 @@ async def get_organisation_by_id(db: Session, org_id: int) -> DbOrganisation:
     Returns:
         DbOrganisation: organisation with the given id
     """
-    return db.query(DbOrganisation).filter(DbOrganisation.id == org_id).first()
+    return db.query(DbOrganisation).filter_by(id=org_id, approved=True).first()
 
 
 async def org_exists(

src/backend/app/organisations/organisation_routes.py

@@ -25,10 +25,13 @@
 )
 from sqlalchemy.orm import Session
 
+from app.auth.osm import AuthUser, login_required
+from app.auth.roles import org_admin, super_admin
 from app.db import database
 from app.db.db_models import DbOrganisation
 from app.organisations import organisation_crud, organisation_schemas
 from app.organisations.organisation_deps import org_exists
+from app.users.user_deps import user_exists
 
 router = APIRouter(
     prefix="/organisation",
@@ -41,9 +44,11 @@
 @router.get("/", response_model=list[organisation_schemas.OrganisationOut])
 def get_organisations(
     db: Session = Depends(database.get_db),
+    current_user: AuthUser = Depends(login_required),
+    approved: bool = True,
 ) -> list[organisation_schemas.OrganisationOut]:
     """Get a list of all organisations."""
-    return organisation_crud.get_organisations(db)
+    return organisation_crud.get_organisations(db, current_user, approved)
 
 
 @router.get("/{org_id}", response_model=organisation_schemas.OrganisationOut)
@@ -85,3 +90,35 @@ async def delete_organisations(
 ):
     """Delete an organisation."""
     return await organisation_crud.delete_organisation(db, organisation)
+
+
+@router.post("/approve/")
+async def approve_organisation(
+    organisation_id: int,
+    db: Session = Depends(database.get_db),
+    current_user: AuthUser = Depends(login_required),
+):
+    """Approve the organisation request made by the user.
+
+    The logged in user must be super admin to perform this action .
+    """
+    # check if the current_user is the super admin
+    super_admin(db, current_user)
+    return await organisation_crud.approve_organisation(db, organisation_id)
+
+
+@router.post("/add_admin/")
+async def add_new_organisation_admin(
+    db: Session = Depends(database.get_db),
+    current_user: AuthUser = Depends(login_required),
+    user: AuthUser = Depends(user_exists),
+    organisation: DbOrganisation = Depends(org_exists),
+):
+    """Add a new organisation admin.
+
+    The logged in user must be either the owner of the organisation or a super admin.
+    """
+    # check if the current_user is the organisation admin
+    org_admin(db, organisation.id, current_user)
+
+    return await organisation_crud.add_organisation_admin(db, user, organization)

src/backend/app/users/user_deps.py

@@ -0,0 +1,70 @@
+# Copyright (c) 2022, 2023 Humanitarian OpenStreetMap Team
+#
+# This file is part of FMTM.
+#
+#     FMTM is free software: you can redistribute it and/or modify
+#     it under the terms of the GNU General Public License as published by
+#     the Free Software Foundation, either version 3 of the License, or
+#     (at your option) any later version.
+#
+#     FMTM is distributed in the hope that it will be useful,
+#     but WITHOUT ANY WARRANTY; without even the implied warranty of
+#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#     GNU General Public License for more details.
+#
+#     You should have received a copy of the GNU General Public License
+#     along with FMTM.  If not, see <https:#www.gnu.org/licenses/>.
+#
+
+"""User dependencies for use in Depends."""
+
+
+from typing import Union
+
+from fastapi import Depends
+from fastapi.exceptions import HTTPException
+from loguru import logger as log
+from sqlalchemy.orm import Session
+
+from app.db.database import get_db
+from app.db.db_models import DbUser
+from app.models.enums import HTTPStatus
+from app.users.user_crud import get_user, get_user_by_username
+
+
+async def user_exists(
+    user_id: Union[str, int],
+    db: Session = Depends(get_db),
+) -> DbUser:
+    """Check if a user exists, else Error.
+
+    Args:
+        user_id (Union[str, int]): The user ID (integer) or username (string) to check.
+        db (Session, optional): The SQLAlchemy database session.
+
+    Returns:
+        DbUser: The user if found.
+
+    Raises:
+        HTTPException: Raised with a 404 status code if the user is not found.
+    """
+    try:
+        user_id = int(user_id)
+    except ValueError:
+        pass
+
+    if isinstance(user_id, int):
+        log.debug(f"Getting user by ID: {user_id}")
+        db_user = await get_user(db, user_id)
+
+    if isinstance(user_id, str):
+        log.debug(f"Getting user by username: {user_id}")
+        db_user = await get_user_by_username(db, user_id)
+
+    if not db_user:
+        raise HTTPException(
+            status_code=HTTPStatus.NOT_FOUND,
+            detail=f"User {user_id} does not exist",
+        )
+
+    return db_user

src/backend/migrations/002-add-profile-img.sql

@@ -7,4 +7,4 @@ BEGIN;
 ALTER TABLE IF EXISTS public.users
     ADD COLUMN IF NOT EXISTS profile_img VARCHAR;
 -- Commit the transaction
-COMMIT;
+COMMIT;

src/backend/migrations/003-project-roles.sql

@@ -17,4 +17,4 @@ ALTER TABLE public.user_roles ALTER COLUMN "role" TYPE public.projectrole USING
 ALTER TYPE public.projectrole OWNER TO fmtm;
 
 -- Commit the transaction
-COMMIT;
+COMMIT;

src/backend/migrations/004-organisation-odk-creds.sql

@@ -0,0 +1,14 @@
+-- ## Migration to:
+-- * Add odk central credentials (str) to organisations table.
+-- * Add the approved (bool) field to organisations table.
+
+-- Start a transaction
+BEGIN;
+
+ALTER TABLE IF EXISTS public.organisations
+    ADD COLUMN IF NOT EXISTS approved BOOLEAN DEFAULT false,
+    ADD COLUMN IF NOT EXISTS odk_central_url VARCHAR,
+    ADD COLUMN IF NOT EXISTS odk_central_user VARCHAR,
+    ADD COLUMN IF NOT EXISTS odk_central_password VARCHAR;
+-- Commit the transaction
+COMMIT;

src/backend/migrations/init/fmtm_base_schema.sql

@@ -276,7 +276,10 @@ CREATE TABLE public.organisations (
     logo character varying,
     description character varying,
     url character varying,
-    type public.organisationtype NOT NULL
+    type public.organisationtype NOT NULL,
+    odk_central_url character varying,
+    odk_central_user character varying,
+    odk_central_password character varying
 );
 ALTER TABLE public.organisations OWNER TO fmtm;
 CREATE SEQUENCE public.organisations_id_seq

src/backend/migrations/revert/002-add-profile-img.sql

@@ -6,4 +6,4 @@ ALTER TABLE IF EXISTS public.users
     DROP COLUMN IF EXISTS profile_img;
 
 -- Commit the transaction
-COMMIT;
+COMMIT;

src/backend/migrations/revert/004-organisation-odk-creds.sql

@@ -0,0 +1,13 @@
+-- Start a transaction
+BEGIN;
+
+-- Remove the odk central credentials columns and approved column
+--- from the public.organisations table
+ALTER TABLE IF EXISTS public.organisations
+    DROP COLUMN IF EXISTS approved,
+    DROP COLUMN IF EXISTS odk_central_url CASCADE,
+    DROP COLUMN IF EXISTS odk_central_user CASCADE,
+    DROP COLUMN IF EXISTS odk_central_password CASCADE;
+
+-- Commit the transaction
+COMMIT;