feat: add user to group endpoint

Signed-off-by: romanetar <roman_ag@hotmail.com>

Author: romanetar

app/Http/Controllers/Api/OAuth2/OAuth2GroupApiController.php

@@ -15,6 +15,7 @@
 use App\Http\Controllers\GetAllTrait;
 use App\libs\Auth\Repositories\IGroupRepository;
 use App\ModelSerializers\SerializerRegistry;
+use App\Services\Auth\IGroupService;
 use OAuth2\IResourceServerContext;
 use Utils\Services\ILogService;
 
@@ -26,21 +27,26 @@ final class OAuth2GroupApiController extends OAuth2ProtectedController
 {
     use GetAllTrait;
 
+    private IGroupService $service;
+
     /**
      * OAuth2UserApiController constructor.
      * @param IGroupRepository $repository
+     * @param IGroupService $service
      * @param IResourceServerContext $resource_server_context
      * @param ILogService $log_service
      */
     public function __construct
     (
         IGroupRepository $repository,
+        IGroupService $service,
         IResourceServerContext $resource_server_context,
         ILogService $log_service,
     )
     {
         parent::__construct($resource_server_context, $log_service);
         $this->repository = $repository;
+        $this->service = $service;
     }
 
     protected function getAllSerializerType(): string

app/Http/Controllers/Api/OAuth2/OAuth2UserApiController.php

@@ -13,11 +13,19 @@
  **/
 
 use App\Http\Controllers\GetAllTrait;
+use App\Http\Controllers\Traits\RequestProcessor;
+use App\Http\Controllers\UserGroupsValidationRulesFactory;
 use App\Http\Controllers\UserValidationRulesFactory;
+use App\Http\Exceptions\HTTP403ForbiddenException;
 use App\Http\Utils\HTMLCleaner;
+use App\Jobs\AddUserAction;
 use App\ModelSerializers\SerializerRegistry;
+use App\Services\Auth\IGroupService;
+use Auth\Group;
 use Auth\Repositories\IUserRepository;
+use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request as LaravelRequest;
+use Illuminate\Support\Facades\App;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Request;
 use Illuminate\Support\Facades\Log;
@@ -27,9 +35,11 @@
 use models\exceptions\ValidationException;
 use OAuth2\Builders\IdTokenBuilder;
 use OAuth2\IResourceServerContext;
+use OAuth2\Models\IClient;
 use OAuth2\Repositories\IClientRepository;
 use OAuth2\ResourceServer\IUserService;
 use Utils\Http\HttpContentType;
+use Utils\IPHelper;
 use Utils\Services\ILogService;
 use Exception;
 use OpenId\Services\IUserService as IOpenIdUserService;
@@ -41,6 +51,8 @@ final class OAuth2UserApiController extends OAuth2ProtectedController
 {
     use GetAllTrait;
 
+    use RequestProcessor;
+
     protected function getAllSerializerType(): string
     {
         return SerializerRegistry::SerializerType_Private;
@@ -82,6 +94,11 @@ protected function getFilterValidatorRules(): array
      */
     private $user_service;
 
+     /**
+     * @var IGroupService
+     */
+    private $group_service;
+
     /**
      * @var IClientRepository
      */
@@ -112,6 +129,7 @@ public function __construct
     (
         IUserRepository $repository,
         IUserService $user_service,
+        IGroupService $group_service,
         IResourceServerContext $resource_server_context,
         ILogService $log_service,
         IOpenIdUserService $openid_user_service,
@@ -122,6 +140,7 @@ public function __construct
         parent::__construct($resource_server_context, $log_service);
         $this->repository = $repository;
         $this->user_service = $user_service;
+        $this->group_service = $group_service;
         $this->client_repository = $client_repository;
         $this->id_token_builder = $id_token_builder;
         $this->openid_user_service = $openid_user_service;
@@ -324,4 +343,31 @@ public function get($id)
         }
     }
 
+    /**
+     * @param $user_id
+     * @return JsonResponse|mixed
+     */
+    public function addUserToGroup($user_id): mixed
+    {
+        return $this->processRequest(function() use($user_id) {
+            //check if it's a service app
+            $app_type = $this->resource_server_context->getApplicationType();
+            if (App::environment() != "testing" && !empty($app_type) && $app_type != IClient::ApplicationType_Service) {
+                throw new HTTP403ForbiddenException("You are not allowed to perform this action.");
+            }
+
+            if(!Request::isJson()) return $this->error400();
+
+            $payload = Request::json()->all();
+            // Creates a Validator instance and validates the data.
+            $validation = Validator::make($payload, UserGroupsValidationRulesFactory::build($payload));
+            if ($validation->fails()) {
+                $ex = new ValidationException();
+                throw $ex->setMessages($validation->messages()->toArray());
+            }
+            $this->group_service->addUser2Groups(intval($user_id), $payload['groups']);
+            return $this->updated();
+        });
+    }
+
 }

app/Http/Controllers/Factories/UserGroupsValidationRulesFactory.php

@@ -0,0 +1,39 @@
+<?php namespace App\Http\Controllers;
+/**
+ * Copyright 2025 OpenStack Foundation
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+use Auth\User;
+/**
+ * Class UserGroupsValidationRulesFactory
+ * @package App\Http\Controllers
+ */
+final class UserGroupsValidationRulesFactory
+{
+    /**
+     * @param array $data
+     * @param false $update
+     * @param User|null $currentUser
+     * @return string[]
+     */
+    public static function build(array $data, $update = false, ?User $currentUser = null){
+
+        if($update){
+            return  [
+                'groups' => 'sometimes|int_array',
+            ];
+        }
+
+        return [
+            'groups' => 'required|int_array',
+        ];
+    }
+}

app/Services/Auth/GroupService.php

@@ -164,6 +164,30 @@ public function addUser2Group(Group $group, int $user_id): void
         }
     }
 
+    /**
+     * @param int $user_id
+     * @param array $group_ids
+     * @throw ValidationException
+     * @throws \Exception
+     */
+    public function addUser2Groups(int $user_id, array $group_ids): void
+    {
+       $this->tx_service->transaction(function() use($group_ids, $user_id){
+            $user = $this->user_repository->getById($user_id);
+            if(is_null($user))
+                throw new EntityNotFoundException();
+
+            foreach($group_ids as $group_id){
+                $group = $this->group_repository->getById(intval($group_id));
+                if(is_null($group) || !$group instanceof Group)
+                    throw new EntityNotFoundException("group $group_id not found");
+
+                if (!$user->belongToGroup($group->getSlug()))
+                    $user->addToGroup($group);
+            }
+       });
+    }
+
     /**
      * @param Group $group
      * @param int $user_id

app/Services/Auth/IGroupService.php

@@ -28,6 +28,14 @@ interface IGroupService extends IBaseService
      */
     public function addUser2Group(Group $group,int $user_id):void;
 
+    /**
+     * @param int $user_id
+     * @param array $group_ids
+     * @throw ValidationException
+     * @throws \Exception
+     */
+    public function addUser2Groups(int $user_id, array $group_ids):void;
+
     /**
      * @param Group $group
      * @param int $user_id

app/libs/OAuth2/IUserScopes.php

@@ -29,4 +29,5 @@ interface IUserScopes
     const MeRead = 'me/read';
     const MeWrite = 'me/write';
     const Write = 'users/write';
+    const UserGroupWrite = 'users/groups/write';
 }

composer.json

@@ -89,6 +89,7 @@
       "Database\\Seeders\\": "database/seeders/"
     },
     "files": [
+      "app/Utils/helpers.php",
       "app/libs/Utils/Html/HtmlHelpers.php"
     ]
   },

database/migrations/Version20250805084926.php

@@ -0,0 +1,61 @@
+<?php namespace Database\Migrations;
+/**
+ * Copyright 2025 OpenStack Foundation
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+use App\libs\OAuth2\IUserScopes;
+use Database\Seeders\SeedUtils;
+use Doctrine\Migrations\AbstractMigration;
+use Doctrine\DBAL\Schema\Schema as Schema;
+/**
+ * Class Version20250805084926
+ * @package Database\Migrations
+ */
+class Version20250805084926 extends AbstractMigration
+{
+    /**
+     * @param Schema $schema
+     */
+    public function up(Schema $schema):void
+    {
+        SeedUtils::seedScopes([
+            [
+                'name'               => IUserScopes::UserGroupWrite,
+                'short_description'  => 'Allows associate Users to Groups.',
+                'description'        => 'Allows associate Users to Groups.',
+                'system'             => false,
+                'default'            => false,
+                'groups'             => false,
+            ]
+        ], 'users');
+
+        SeedUtils::seedApiEndpoints('users', [
+            [
+                'name' => 'add-user-to-groups',
+                'active' => true,
+                'route' => '/api/v1/users/{id}/groups',
+                'http_method' => 'PUT',
+                'scopes' => [
+                    IUserScopes::UserGroupWrite
+                ],
+            ],
+        ]);
+    }
+
+    /**
+     * @param Schema $schema
+     */
+    public function down(Schema $schema):void
+    {
+
+    }
+}

database/seeds/ApiEndpointSeeder.php

@@ -11,6 +11,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  **/
+
+use App\libs\OAuth2\IUserScopes;
 use Illuminate\Database\Seeder;
 use Illuminate\Support\Facades\DB;
 /**
@@ -119,6 +121,15 @@ private function seedUsersEndpoints()
                         \App\libs\OAuth2\IUserScopes::MeWrite
                     ],
                 ],
+                [
+                    'name' => 'add-user-to-groups',
+                    'active' => true,
+                    'route' => '/api/v1/users/{id}/groups',
+                    'http_method' => 'PUT',
+                    'scopes' => [
+                        \App\libs\OAuth2\IUserScopes::UserGroupWrite
+                    ],
+                ],
             ]
         );
     }

database/seeds/ApiScopeSeeder.php

@@ -91,6 +91,14 @@ private function seedUsersScopes(){
                 'system'             => false,
                 'default'            => false,
                 'groups'             => false,
+            ],
+            [
+                'name'               => IUserScopes::UserGroupWrite,
+                'short_description'  => 'Allows associate Users to Groups',
+                'description'        => 'Allows associate Users to Groups',
+                'system'             => false,
+                'default'            => false,
+                'groups'             => false,
             ]
         ], 'users');