Added manager to the admin dashboard (#1352)

Co-authored-by: Matthew Evans <[email protected]>

Author: BenjaminCharmes

pydatalab/schemas/cell.json

@@ -363,6 +363,16 @@
         "name"
       ]
     },
+    "UserRole": {
+      "title": "UserRole",
+      "description": "An enumeration.",
+      "enum": [
+        "user",
+        "admin",
+        "manager"
+      ],
+      "type": "string"
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -426,6 +436,14 @@
             "type": "string"
           }
         },
+        "role": {
+          "default": "user",
+          "allOf": [
+            {
+              "$ref": "#/definitions/UserRole"
+            }
+          ]
+        },
         "account_status": {
           "default": "unverified",
           "allOf": [

pydatalab/schemas/equipment.json

@@ -327,6 +327,16 @@
         "name"
       ]
     },
+    "UserRole": {
+      "title": "UserRole",
+      "description": "An enumeration.",
+      "enum": [
+        "user",
+        "admin",
+        "manager"
+      ],
+      "type": "string"
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -390,6 +400,14 @@
             "type": "string"
           }
         },
+        "role": {
+          "default": "user",
+          "allOf": [
+            {
+              "$ref": "#/definitions/UserRole"
+            }
+          ]
+        },
         "account_status": {
           "default": "unverified",
           "allOf": [

pydatalab/schemas/sample.json

@@ -416,6 +416,16 @@
         "name"
       ]
     },
+    "UserRole": {
+      "title": "UserRole",
+      "description": "An enumeration.",
+      "enum": [
+        "user",
+        "admin",
+        "manager"
+      ],
+      "type": "string"
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -479,6 +489,14 @@
             "type": "string"
           }
         },
+        "role": {
+          "default": "user",
+          "allOf": [
+            {
+              "$ref": "#/definitions/UserRole"
+            }
+          ]
+        },
         "account_status": {
           "default": "unverified",
           "allOf": [

pydatalab/schemas/startingmaterial.json

@@ -469,6 +469,16 @@
         "name"
       ]
     },
+    "UserRole": {
+      "title": "UserRole",
+      "description": "An enumeration.",
+      "enum": [
+        "user",
+        "admin",
+        "manager"
+      ],
+      "type": "string"
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -532,6 +542,14 @@
             "type": "string"
           }
         },
+        "role": {
+          "default": "user",
+          "allOf": [
+            {
+              "$ref": "#/definitions/UserRole"
+            }
+          ]
+        },
         "account_status": {
           "default": "unverified",
           "allOf": [

pydatalab/src/pydatalab/models/people.py

@@ -6,7 +6,7 @@
 from pydantic import EmailStr as PydanticEmailStr
 
 from pydatalab.models.entries import Entry
-from pydatalab.models.utils import PyObjectId
+from pydatalab.models.utils import PyObjectId, UserRole
 
 
 class IdentityType(str, Enum):
@@ -115,6 +115,9 @@ class Person(Entry):
     managers: list[PyObjectId] | None
     """A list of user IDs that can manage this person's items."""
 
+    role: UserRole = Field(UserRole.USER)
+    """The role assigned to this person."""
+
     account_status: AccountStatus = Field(AccountStatus.UNVERIFIED)
     """The status of the user's account."""
 

pydatalab/src/pydatalab/routes/v0_1/admin.py

@@ -5,9 +5,37 @@
 from flask_login import current_user
 
 from pydatalab.config import CONFIG
+from pydatalab.models.people import Person
 from pydatalab.mongo import flask_mongo
 from pydatalab.permissions import admin_only, get_default_permissions
 
+
+def check_manager_cycle(user_id_str, new_manager_id_str):
+    visited = set()
+    current_id = new_manager_id_str
+
+    while current_id is not None:
+        if current_id == user_id_str:
+            return True
+        if current_id in visited:
+            break
+        visited.add(current_id)
+
+        try:
+            manager = flask_mongo.db.users.find_one({"_id": ObjectId(current_id)})
+            if manager and "managers" in manager and manager["managers"]:
+                if isinstance(manager["managers"], list) and len(manager["managers"]) > 0:
+                    current_id = manager["managers"][0]
+                else:
+                    break
+            else:
+                break
+        except Exception:
+            break
+
+    return False
+
+
 ADMIN = Blueprint("admins", __name__)
 
 
@@ -37,13 +65,21 @@ def get_users():
                             "then": "user",
                             "else": {"$arrayElemAt": ["$role.role", 0]},
                         }
-                    }
+                    },
                 }
             },
         ]
     )
 
-    return jsonify({"status": "success", "data": list(users)})
+    users_list = list(users)
+
+    for user in users_list:
+        if "managers" not in user:
+            user["managers"] = []
+        elif not isinstance(user["managers"], list):
+            user["managers"] = []
+
+    return jsonify({"status": "success", "data": [Person(**d).dict() for d in users_list]})
 
 
 @ADMIN.route("/roles/<user_id>", methods=["PATCH"])
@@ -97,6 +133,59 @@ def save_role(user_id):
     return (jsonify({"status": "success"}), 200)
 
 
+@ADMIN.route("/users/<user_id>/managers", methods=["PATCH"])
+def update_user_managers(user_id):
+    """Update the managers for a specific user using ObjectIds"""
+
+    request_json = request.get_json()
+
+    if request_json is None or "managers" not in request_json:
+        return jsonify({"status": "error", "message": "Managers list not provided"}), 400
+
+    managers = request_json["managers"]
+
+    if not isinstance(managers, list):
+        return jsonify({"status": "error", "message": "Managers must be a list"}), 400
+
+    existing_user = flask_mongo.db.users.find_one({"_id": ObjectId(user_id)})
+    if not existing_user:
+        return jsonify({"status": "error", "message": "User not found"}), 404
+
+    manager_object_ids = []
+    for manager_id in managers:
+        if manager_id:
+            try:
+                manager_oid = ObjectId(manager_id)
+            except Exception:
+                return jsonify(
+                    {"status": "error", "message": f"Invalid manager ID format: {manager_id}"}
+                ), 400
+
+            if not flask_mongo.db.users.find_one({"_id": manager_oid}):
+                return jsonify(
+                    {"status": "error", "message": f"Manager with ID {manager_id} not found"}
+                ), 404
+
+            if check_manager_cycle(user_id, manager_id):
+                return jsonify(
+                    {
+                        "status": "error",
+                        "message": "Cannot assign manager: would create a circular management hierarchy",
+                    }
+                ), 400
+
+            manager_object_ids.append(str(manager_oid))
+
+    update_result = flask_mongo.db.users.update_one(
+        {"_id": ObjectId(user_id)}, {"$set": {"managers": manager_object_ids}}
+    )
+
+    if update_result.matched_count != 1:
+        return jsonify({"status": "error", "message": "Unable to update user managers"}), 400
+
+    return jsonify({"status": "success"}), 200
+
+
 @ADMIN.route("/items/<refcode>/invalidate-access-token", methods=["POST"])
 def invalidate_access_token(refcode: str):
     if len(refcode.split(":")) != 2: