feat: add user to group endpoint

romanetar · romanetar · commit 39bde2aa3f7d · 2025-08-05T20:02:21.000+02:00
Signed-off-by: romanetar &lt;roman_ag@hotmail.com&gt;
diff --git a/app/Http/Controllers/Api/OAuth2/OAuth2UserApiController.php b/app/Http/Controllers/Api/OAuth2/OAuth2UserApiController.php
@@ -13,11 +13,16 @@
  **/
 
 use App\Http\Controllers\GetAllTrait;
+use App\Http\Controllers\Traits\RequestProcessor;
+use App\Http\Controllers\UserGroupsValidationRulesFactory;
 use App\Http\Controllers\UserValidationRulesFactory;
+use App\Http\Exceptions\HTTP403ForbiddenException;
 use App\Http\Utils\HTMLCleaner;
 use App\ModelSerializers\SerializerRegistry;
 use Auth\Repositories\IUserRepository;
+use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request as LaravelRequest;
+use Illuminate\Support\Facades\App;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Request;
 use Illuminate\Support\Facades\Log;
@@ -27,6 +32,7 @@
 use models\exceptions\ValidationException;
 use OAuth2\Builders\IdTokenBuilder;
 use OAuth2\IResourceServerContext;
+use OAuth2\Models\IClient;
 use OAuth2\Repositories\IClientRepository;
 use OAuth2\ResourceServer\IUserService;
 use Utils\Http\HttpContentType;
@@ -41,6 +47,8 @@ final class OAuth2UserApiController extends OAuth2ProtectedController
 {
     use GetAllTrait;
 
+    use RequestProcessor;
+
     protected function getAllSerializerType(): string
     {
         return SerializerRegistry::SerializerType_Private;
@@ -324,4 +332,34 @@ public function get($id)
         }
     }
 
+    /**
+     * @param $user_id
+     * @return JsonResponse|mixed
+     */
+    public function addUserToGroup($user_id): mixed
+    {
+        return $this->processRequest(function() use($user_id) {
+            //check if it's a service app
+            $app_type = $this->resource_server_context->getApplicationType();
+            if (App::environment() != "testing" && !empty($app_type) && $app_type != IClient::ApplicationType_Service) {
+                throw new HTTP403ForbiddenException("You are not allowed to perform this action.");
+            }
+
+            if(!Request::isJson()) return $this->error400();
+
+            $payload = Request::json()->all();
+            // Creates a Validator instance and validates the data.
+            $validation = Validator::make($payload, UserGroupsValidationRulesFactory::build($payload));
+            if ($validation->fails()) {
+                $ex = new ValidationException();
+                throw $ex->setMessages($validation->messages()->toArray());
+            }
+            $user_groups_payload = [
+                "groups" => $payload["groups"],
+            ];
+            $this->openid_user_service->update(intval($user_id), $user_groups_payload);
+            return $this->updated();
+        });
+    }
+
 }
diff --git a/app/Http/Controllers/Factories/UserGroupsValidationRulesFactory.php b/app/Http/Controllers/Factories/UserGroupsValidationRulesFactory.php
@@ -0,0 +1,39 @@
+<?php namespace App\Http\Controllers;
+/**
+ * Copyright 2025 OpenStack Foundation
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+use Auth\User;
+/**
+ * Class UserGroupsValidationRulesFactory
+ * @package App\Http\Controllers
+ */
+final class UserGroupsValidationRulesFactory
+{
+    /**
+     * @param array $data
+     * @param false $update
+     * @param User|null $currentUser
+     * @return string[]
+     */
+    public static function build(array $data, $update = false, ?User $currentUser = null){
+
+        if($update){
+            return  [
+                'groups' => 'sometimes|int_array',
+            ];
+        }
+
+        return [
+            'groups' => 'required|int_array',
+        ];
+    }
+}
diff --git a/app/libs/OAuth2/IUserScopes.php b/app/libs/OAuth2/IUserScopes.php
@@ -29,4 +29,5 @@ interface IUserScopes
     const MeRead = 'me/read';
     const MeWrite = 'me/write';
     const Write = 'users/write';
+    const UserGroupWrite = 'users/groups/write';
 }
diff --git a/app/libs/OpenId/Services/IUserService.php b/app/libs/OpenId/Services/IUserService.php
@@ -16,6 +16,8 @@
 use Illuminate\Http\UploadedFile;
 use models\exceptions\EntityNotFoundException;
 use models\exceptions\ValidationException;
+use models\utils\IEntity;
+
 /**
  * Interface IUserService
  * @package OpenId\Services
@@ -72,6 +74,15 @@ public function saveProfileInfo($user_id, $show_pic, $show_full_name, $show_emai
      */
     public function updateProfilePhoto($user_id, UploadedFile $file, $max_file_size = 10485760):User;
 
+    /**
+     * @param int $id
+     * @param array $payload
+     * @return IEntity
+     * @throws ValidationException
+     * @throws EntityNotFoundException
+     */
+    public function update(int $id, array $payload): IEntity;
+
     /**
      * @param string $action
      * @param int $user_id
diff --git a/composer.json b/composer.json
@@ -89,6 +89,7 @@
       "Database\\Seeders\\": "database/seeders/"
     },
     "files": [
+      "app/Utils/helpers.php",
       "app/libs/Utils/Html/HtmlHelpers.php"
     ]
   },
diff --git a/database/migrations/Version20250805084926.php b/database/migrations/Version20250805084926.php
@@ -0,0 +1,61 @@
+<?php namespace Database\Migrations;
+/**
+ * Copyright 2025 OpenStack Foundation
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+use App\libs\OAuth2\IUserScopes;
+use Database\Seeders\SeedUtils;
+use Doctrine\Migrations\AbstractMigration;
+use Doctrine\DBAL\Schema\Schema as Schema;
+/**
+ * Class Version20250805084926
+ * @package Database\Migrations
+ */
+class Version20250805084926 extends AbstractMigration
+{
+    /**
+     * @param Schema $schema
+     */
+    public function up(Schema $schema):void
+    {
+        SeedUtils::seedScopes([
+            [
+                'name'               => IUserScopes::UserGroupWrite,
+                'short_description'  => 'Allows associate Users to Groups.',
+                'description'        => 'Allows associate Users to Groups.',
+                'system'             => false,
+                'default'            => false,
+                'groups'             => false,
+            ]
+        ], 'users');
+
+        SeedUtils::seedApiEndpoints('users', [
+            [
+                'name' => 'add-user-to-groups',
+                'active' => true,
+                'route' => '/api/v1/users/{id}/groups',
+                'http_method' => 'PUT',
+                'scopes' => [
+                    IUserScopes::UserGroupWrite
+                ],
+            ],
+        ]);
+    }
+
+    /**
+     * @param Schema $schema
+     */
+    public function down(Schema $schema):void
+    {
+
+    }
+}
diff --git a/database/seeds/ApiEndpointSeeder.php b/database/seeds/ApiEndpointSeeder.php
@@ -11,6 +11,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  **/
+
+use App\libs\OAuth2\IUserScopes;
 use Illuminate\Database\Seeder;
 use Illuminate\Support\Facades\DB;
 /**
@@ -119,6 +121,15 @@ private function seedUsersEndpoints()
                         \App\libs\OAuth2\IUserScopes::MeWrite
                     ],
                 ],
+                [
+                    'name' => 'add-user-to-groups',
+                    'active' => true,
+                    'route' => '/api/v1/users/{id}/groups',
+                    'http_method' => 'PUT',
+                    'scopes' => [
+                        \App\libs\OAuth2\IUserScopes::UserGroupWrite
+                    ],
+                ],
             ]
         );
     }
diff --git a/database/seeds/ApiScopeSeeder.php b/database/seeds/ApiScopeSeeder.php
@@ -91,6 +91,14 @@ private function seedUsersScopes(){
                 'system'             => false,
                 'default'            => false,
                 'groups'             => false,
+            ],
+            [
+                'name'               => IUserScopes::UserGroupWrite,
+                'short_description'  => 'Allows associate Users to Groups',
+                'description'        => 'Allows associate Users to Groups',
+                'system'             => false,
+                'default'            => false,
+                'groups'             => false,
             ]
         ], 'users');
 
diff --git a/routes/api.php b/routes/api.php
@@ -31,6 +31,7 @@
     Route::group(['prefix' => '{id}'], function () {
         Route::get('', 'OAuth2UserApiController@get');
         Route::put('', 'OAuth2UserApiController@update');
+        Route::put('groups', 'OAuth2UserApiController@addUserToGroup');
     });
 
     Route::group(['prefix' => 'me'], function () {
diff --git a/tests/OAuth2UserServiceApiTest.php b/tests/OAuth2UserServiceApiTest.php
@@ -12,6 +12,12 @@
  * limitations under the License.
  **/
 use App\libs\OAuth2\IUserScopes;
+use Auth\Group;
+use Auth\User;
+use Illuminate\Support\Facades\App;
+use LaravelDoctrine\ORM\Facades\EntityManager;
+use OAuth2\IResourceServerContext;
+use OAuth2\Models\IClient;
 use OAuth2\ResourceServer\IUserService;
 /**
  * Class OAuth2UserServiceApiTest
@@ -102,14 +108,55 @@ public function testGetAllWithoutFilter(){
         $this->assertTrue($page->total > 0);
     }
 
+    public function testAddUserToGroup(){
+        $repo = EntityManager::getRepository(Group::class);
+        $group = $repo->getOneBySlug('raw-users');
+
+        $repo = EntityManager::getRepository(User::class);
+        $user = $repo->getAll()[0];
+
+        $params = [
+            'id' => $user->getId()
+        ];
+
+        $data = [
+            'groups' => [$group->getId()],
+        ];
+
+        $headers = [
+            "HTTP_Authorization" => " Bearer " . $this->access_token,
+            "CONTENT_TYPE"        => "application/json"
+        ];
+
+        $former_groups_count = count($user->getGroups());
+
+        $this->action(
+            "PUT",
+            "Api\OAuth2\OAuth2UserApiController@addUserToGroup",
+            $params,
+            [],
+            [],
+            [],
+            $headers,
+            json_encode($data)
+        );
+
+        $this->assertResponseStatus(201);
+
+        $user = $repo->getById($user->getId());
+        $this->assertNotNull($user);
+        $this->assertCount(1, $user->getGroups());
+    }
+
     protected function getScopes()
     {
         $scope = array(
             IUserService::UserProfileScope_Address,
             IUserService::UserProfileScope_Email,
             IUserService::UserProfileScope_Profile,
             IUserScopes::MeWrite,
-            IUserScopes::ReadAll
+            IUserScopes::ReadAll,
+            IUserScopes::UserGroupWrite
         );
 
         return $scope;

Original file line number	Diff line number	Diff line change
`@@ -29,4 +29,5 @@ interface IUserScopes`
`29`	`29`	`const MeRead = 'me/read';`
`30`	`30`	`const MeWrite = 'me/write';`
`31`	`31`	`const Write = 'users/write';`
	`32`	`+ const UserGroupWrite = 'users/groups/write';`
`32`	`33`	`}`
Original file line number	Diff line number	Diff line change
`@@ -89,6 +89,7 @@`
`89`	`89`	`"Database\\Seeders\\": "database/seeders/"`
`90`	`90`	`},`
`91`	`91`	`"files": [`
	`92`	`+ "app/Utils/helpers.php",`
`92`	`93`	`"app/libs/Utils/Html/HtmlHelpers.php"`
`93`	`94`	`]`
`94`	`95`	`},`