From 82bfa376856eb2d51659cbcdc8486a57e86ecfe5 Mon Sep 17 00:00:00 2001 From: Greg V Date: Tue, 30 Jul 2024 20:08:19 -0700 Subject: [PATCH] feat: admin permissions required to view profile details --- api/messages/messages_service.py | 16 ++++++++++++++++ api/messages/messages_views.py | 16 +++++++++++++++- 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/api/messages/messages_service.py b/api/messages/messages_service.py index fe20df6..58096e3 100644 --- a/api/messages/messages_service.py +++ b/api/messages/messages_service.py @@ -1235,6 +1235,22 @@ def get_profile_metadata_old(propel_id): return Message(response) + +def get_all_profiles(): + db = get_db() + docs = db.collection('users').stream() # steam() gets all records + if docs is None: + return {[]} + else: + results = [] + for doc in docs: + results.append(doc_to_json(docid=doc.id, doc=doc)) + + # log result + logger.info(results) + return { "profiles": results } + + # Caching is not needed because the parent method already is caching @limits(calls=100, period=ONE_MINUTE) def get_history_old(db_id): diff --git a/api/messages/messages_views.py b/api/messages/messages_views.py index 30afa5b..3392e67 100644 --- a/api/messages/messages_views.py +++ b/api/messages/messages_views.py @@ -35,7 +35,8 @@ link_problem_statements_to_events_old, save_news, save_lead_async, - get_news + get_news, + get_all_profiles ) @@ -273,3 +274,16 @@ def save_profile(): def get_profile_by_id(id): return get_user_by_id_old(id) + +def getOrgId(req): + # Ref: https://docs.propelauth.com/reference/backend-apis/flask#req-to-org-id + return "77f70865-7da9-4588-850b-a5ebb6974410" # PropelAuth wants you to pass this in as a req param, but let's keep it simple + + +# Used to provide profile details - user must be logged in +@bp.route("/admin/profiles", methods=["GET"]) +@auth.require_org_member_with_permission("profile.admin", req_to_org_id=getOrgId) +def all_profiles(): + return get_all_profiles() + +