argilla-io · jfcalvo · May 13, 2024 · May 7, 2024 · May 7, 2024 · May 8, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,6 +18,10 @@ These are the section headers that we use:
 
 - Added `POST /api/v1/token` endpoint to generate a new API token for a user. ([#138](https://github.com/argilla-io/argilla-server/pull/138))
 - Added `GET /api/v1/me` endpoint to get the current user information. ([#140](https://github.com/argilla-io/argilla-server/pull/140))
+- Added `POST /api/v1/workspaces` endpoint to create a new workspace. ([#150](https://github.com/argilla-io/argilla-server/pull/150))
+- Added `GET /api/v1/workspaces/:workspace_id/users` endpoint to get the users of a workspace. ([#153](https://github.com/argilla-io/argilla-server/pull/153))
+- Added `POST /api/v1/workspaces/:workspace_id/users` endpoind to add a user to a workspace. ([#156](https://github.com/argilla-io/argilla-server/pull/156))
+- Added `DELETE /api/v1/workspaces/:workspace_id/users/:user_id` endpoint to remove a user from a workspace. ([#158](https://github.com/argilla-io/argilla-server/pull/158))
 
 ## [Unreleased]()
 

diff --git a/src/argilla_server/apis/v0/handlers/workspaces.py b/src/argilla_server/apis/v0/handlers/workspaces.py
@@ -24,7 +24,7 @@
 from argilla_server.policies import WorkspacePolicy, WorkspaceUserPolicy, authorize
 from argilla_server.pydantic_v1 import parse_obj_as
 from argilla_server.schemas.v0.users import User
-from argilla_server.schemas.v0.workspaces import Workspace, WorkspaceCreate, WorkspaceUserCreate
+from argilla_server.schemas.v0.workspaces import Workspace, WorkspaceCreate
 from argilla_server.security import auth
 
 router = APIRouter(tags=["workspaces"])
@@ -42,7 +42,7 @@ async def create_workspace(
     if await accounts.get_workspace_by_name(db, workspace_create.name):
         raise EntityAlreadyExistsError(name=workspace_create.name, type=Workspace)
 
-    workspace = await accounts.create_workspace(db, workspace_create)
+    workspace = await accounts.create_workspace(db, workspace_create.dict())
 
     return Workspace.from_orm(workspace)
 
@@ -88,9 +88,8 @@ async def create_workspace_user(
     if workspace_user is not None:
         raise EntityAlreadyExistsError(name=str(user_id), type=User)
 
-    workspace_user = await accounts.create_workspace_user(
-        db, WorkspaceUserCreate(workspace_id=workspace_id, user_id=user_id)
-    )
+    workspace_user = await accounts.create_workspace_user(db, {"workspace_id": workspace_id, "user_id": user_id})
+
     await db.refresh(user, attribute_names=["workspaces"])
 
     return User.from_orm(workspace_user.user)

diff --git a/src/argilla_server/apis/v1/handlers/authentication.py b/src/argilla_server/apis/v1/handlers/authentication.py
@@ -14,7 +14,7 @@
 
 from typing import Annotated
 
-from fastapi import APIRouter, Depends, Form
+from fastapi import APIRouter, Depends, Form, status
 from sqlalchemy.ext.asyncio import AsyncSession
 
 from argilla_server.contexts import accounts
@@ -25,7 +25,7 @@
 router = APIRouter(tags=["Authentication"])
 
 
-@router.post("/token", response_model=Token)
+@router.post("/token", status_code=status.HTTP_201_CREATED, response_model=Token)
 async def create_token(
     *,
     db: AsyncSession = Depends(get_async_db),

diff --git a/src/argilla_server/apis/v1/handlers/users.py b/src/argilla_server/apis/v1/handlers/users.py
@@ -20,7 +20,6 @@
 from argilla_server import models, telemetry
 from argilla_server.contexts import accounts
 from argilla_server.database import get_async_db
-from argilla_server.models import User
 from argilla_server.policies import UserPolicyV1, authorize
 from argilla_server.schemas.v1.users import User
 from argilla_server.schemas.v1.workspaces import Workspaces

diff --git a/src/argilla_server/apis/v1/handlers/workspaces.py b/src/argilla_server/apis/v1/handlers/workspaces.py
@@ -17,11 +17,13 @@
 from fastapi import APIRouter, Depends, HTTPException, Security, status
 from sqlalchemy.ext.asyncio import AsyncSession
 
+from argilla_server import models
 from argilla_server.contexts import accounts, datasets
 from argilla_server.database import get_async_db
-from argilla_server.models import User
-from argilla_server.policies import WorkspacePolicyV1, authorize
-from argilla_server.schemas.v1.workspaces import Workspace, Workspaces
+from argilla_server.errors import EntityAlreadyExistsError
+from argilla_server.policies import WorkspacePolicyV1, WorkspaceUserPolicyV1, authorize
+from argilla_server.schemas.v1.users import User, Users
+from argilla_server.schemas.v1.workspaces import Workspace, WorkspaceCreate, Workspaces, WorkspaceUserCreate
 from argilla_server.security import auth
 from argilla_server.services.datasets import DatasetsService
 
@@ -33,7 +35,7 @@ async def get_workspace(
     *,
     db: AsyncSession = Depends(get_async_db),
     workspace_id: UUID,
-    current_user: User = Security(auth.get_current_user),
+    current_user: models.User = Security(auth.get_current_user),
 ):
     await authorize(current_user, WorkspacePolicyV1.get(workspace_id))
 
@@ -47,13 +49,28 @@ async def get_workspace(
     return workspace
 
 
+@router.post("/workspaces", status_code=status.HTTP_201_CREATED, response_model=Workspace)
+async def create_workspace(
+    *,
+    db: AsyncSession = Depends(get_async_db),
+    workspace_create: WorkspaceCreate,
+    current_user: models.User = Security(auth.get_current_user),
+):
+    await authorize(current_user, WorkspacePolicyV1.create)
+
+    if await accounts.get_workspace_by_name(db, workspace_create.name):
+        raise EntityAlreadyExistsError(name=workspace_create.name, type=Workspace)
+
+    return await accounts.create_workspace(db, workspace_create.dict())
+
+
 @router.delete("/workspaces/{workspace_id}", response_model=Workspace)
 async def delete_workspace(
     *,
     db: AsyncSession = Depends(get_async_db),
     datasets_service: DatasetsService = Depends(DatasetsService.get_instance),
     workspace_id: UUID,
-    current_user: User = Security(auth.get_current_user),
+    current_user: models.User = Security(auth.get_current_user),
 ):
     await authorize(current_user, WorkspacePolicyV1.delete)
 
@@ -81,7 +98,9 @@ async def delete_workspace(
 
 @router.get("/me/workspaces", response_model=Workspaces)
 async def list_workspaces_me(
-    *, db: AsyncSession = Depends(get_async_db), current_user: User = Security(auth.get_current_user)
+    *,
+    db: AsyncSession = Depends(get_async_db),
+    current_user: models.User = Security(auth.get_current_user),
 ) -> Workspaces:
     await authorize(current_user, WorkspacePolicyV1.list_workspaces_me)
 
@@ -91,3 +110,82 @@ async def list_workspaces_me(
         workspaces = await accounts.list_workspaces_by_user_id(db, current_user.id)
 
     return Workspaces(items=workspaces)
+
+
+@router.get("/workspaces/{workspace_id}/users", response_model=Users)
+async def list_workspace_users(
+    *,
+    db: AsyncSession = Depends(get_async_db),
+    workspace_id: UUID,
+    current_user: models.User = Security(auth.get_current_user),
+):
+    await authorize(current_user, WorkspaceUserPolicyV1.list(workspace_id))
+
+    workspace = await accounts.get_workspace_by_id(db, workspace_id)
+    if workspace is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Workspace with id `{workspace_id}` not found",
+        )
+
+    await workspace.awaitable_attrs.users
+
+    return Users(items=workspace.users)
+
+
+@router.post("/workspaces/{workspace_id}/users", status_code=status.HTTP_201_CREATED, response_model=User)
+async def create_workspace_user(
+    *,
+    db: AsyncSession = Depends(get_async_db),
+    workspace_id: UUID,
+    workspace_user_create: WorkspaceUserCreate,
+    current_user: models.User = Security(auth.get_current_user),
+):
+    await authorize(current_user, WorkspaceUserPolicyV1.create)
+
+    workspace = await accounts.get_workspace_by_id(db, workspace_id)
+    if workspace is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Workspace with id `{workspace_id}` not found",
+        )
+
+    user = await accounts.get_user_by_id(db, workspace_user_create.user_id)
+    if user is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"User with id `{workspace_user_create.user_id}` not found",
+        )
+
+    workspace_user = await accounts.get_workspace_user_by_workspace_id_and_user_id(db, workspace_id, user.id)
+    if workspace_user is not None:
+        raise HTTPException(
+            status_code=status.HTTP_409_CONFLICT,
+            detail=f"User with id `{user.id}` already exists in workspace with id `{workspace_id}`",
+        )
+
+    workspace_user = await accounts.create_workspace_user(db, {"workspace_id": workspace_id, "user_id": user.id})
+
+    return workspace_user.user
+
+
+@router.delete("/workspaces/{workspace_id}/users/{user_id}", response_model=User)
+async def delete_workspace_user(
+    *,
+    db: AsyncSession = Depends(get_async_db),
+    workspace_id: UUID,
+    user_id: UUID,
+    current_user: models.User = Security(auth.get_current_user),
+):
+    workspace_user = await accounts.get_workspace_user_by_workspace_id_and_user_id(db, workspace_id, user_id)
+    if workspace_user is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"User with id `{user_id}` not found in workspace with id `{workspace_id}`",
+        )
+
+    await authorize(current_user, WorkspaceUserPolicyV1.delete(workspace_user))
+
+    await accounts.delete_workspace_user(db, workspace_user)
+
+    return await workspace_user.awaitable_attrs.user
diff --git a/src/argilla_server/contexts/accounts.py b/src/argilla_server/contexts/accounts.py
@@ -23,7 +23,7 @@
 from argilla_server.enums import UserRole
 from argilla_server.models import User, Workspace, WorkspaceUser
 from argilla_server.schemas.v0.users import UserCreate
-from argilla_server.schemas.v0.workspaces import WorkspaceCreate, WorkspaceUserCreate
+from argilla_server.schemas.v0.workspaces import WorkspaceCreate
 from argilla_server.security.authentication.jwt import JWT
 from argilla_server.security.authentication.userinfo import UserInfo
 
@@ -37,13 +37,16 @@ async def get_workspace_user_by_workspace_id_and_user_id(
     return result.scalar_one_or_none()
 
 
-async def create_workspace_user(db: AsyncSession, workspace_user_create: WorkspaceUserCreate) -> WorkspaceUser:
+async def create_workspace_user(db: AsyncSession, workspace_user_attrs: dict) -> WorkspaceUser:
     workspace_user = await WorkspaceUser.create(
         db,
-        workspace_id=workspace_user_create.workspace_id,
-        user_id=workspace_user_create.user_id,
+        workspace_id=workspace_user_attrs["workspace_id"],
+        user_id=workspace_user_attrs["user_id"],
     )
+
+    # TODO: Once we delete API v0 endpoint we can reduce this to refresh only the user.
     await db.refresh(workspace_user, attribute_names=["workspace", "user"])
+
     return workspace_user
 
 
@@ -75,8 +78,8 @@ async def list_workspaces_by_user_id(db: AsyncSession, user_id: UUID) -> List[Wo
     return result.scalars().all()
 
 
-async def create_workspace(db: AsyncSession, workspace_create: WorkspaceCreate) -> Workspace:
-    return await Workspace.create(db, schema=workspace_create)
+async def create_workspace(db: AsyncSession, workspace_attrs: dict) -> Workspace:
+    return await Workspace.create(db, name=workspace_attrs["name"])
 
 
 async def delete_workspace(db: AsyncSession, workspace: Workspace):

diff --git a/src/argilla_server/policies.py b/src/argilla_server/policies.py
@@ -77,6 +77,31 @@ async def is_allowed(actor: User) -> bool:
         return is_allowed
 
 
+class WorkspaceUserPolicyV1:
+    @classmethod
+    def list(cls, workspace_id: UUID) -> PolicyAction:
+        async def is_allowed(actor: User) -> bool:
+            return actor.is_owner or (
+                actor.is_admin and await _exists_workspace_user_by_user_and_workspace_id(actor, workspace_id)
+            )
+
+        return is_allowed
+
+    @classmethod
+    async def create(cls, actor: User) -> bool:
+        return actor.is_owner
+
+    @classmethod
+    def delete(cls, workspace_user: WorkspaceUser) -> PolicyAction:
+        async def is_allowed(actor: User) -> bool:
+            return actor.is_owner or (
+                actor.is_admin
+                and await _exists_workspace_user_by_user_and_workspace_id(actor, workspace_user.workspace_id)
+            )
+
+        return is_allowed
+
+
 class WorkspacePolicy:
     @classmethod
     async def list(cls, actor: User) -> bool:
@@ -102,6 +127,10 @@ async def is_allowed(actor: User) -> bool:
 
         return is_allowed
 
+    @classmethod
+    async def create(cls, actor: User) -> bool:
+        return actor.is_owner
+
     @classmethod
     async def delete(cls, actor: User) -> bool:
         return actor.is_owner

diff --git a/src/argilla_server/schemas/v0/workspaces.py b/src/argilla_server/schemas/v0/workspaces.py
@@ -31,10 +31,5 @@ class Config:
         orm_mode = True
 
 
-class WorkspaceUserCreate(BaseModel):
-    user_id: UUID
-    workspace_id: UUID
-
-
 class WorkspaceCreate(BaseModel):
     name: str = Field(..., regex=WORKSPACE_NAME_REGEX, min_length=1)
diff --git a/src/argilla_server/schemas/v1/users.py b/src/argilla_server/schemas/v1/users.py
@@ -32,3 +32,7 @@ class User(BaseModel):
 
     class Config:
         orm_mode = True
+
+
+class Users(BaseModel):
+    items: list[User]
diff --git a/src/argilla_server/schemas/v1/workspaces.py b/src/argilla_server/schemas/v1/workspaces.py
@@ -16,7 +16,10 @@
 from typing import List
 from uuid import UUID
 
-from argilla_server.pydantic_v1 import BaseModel
+from argilla_server.constants import ES_INDEX_REGEX_PATTERN
+from argilla_server.pydantic_v1 import BaseModel, Field
+
+WORKSPACE_NAME_REGEX = ES_INDEX_REGEX_PATTERN
 
 
 class Workspace(BaseModel):
@@ -29,5 +32,13 @@ class Config:
         orm_mode = True
 
 
+class WorkspaceCreate(BaseModel):
+    name: str = Field(regex=WORKSPACE_NAME_REGEX, min_length=1)
+
+
 class Workspaces(BaseModel):
     items: List[Workspace]
+
+
+class WorkspaceUserCreate(BaseModel):
+    user_id: UUID
diff --git a/src/argilla_server/security/model.py b/src/argilla_server/security/model.py
@@ -28,11 +28,6 @@
 USER_PASSWORD_MAX_LENGTH = 100
 
 
-class WorkspaceUserCreate(BaseModel):
-    user_id: UUID
-    workspace_id: UUID
-
-
 class Workspace(BaseModel):
     id: UUID
     name: str

diff --git a/tests/unit/api/v1/authentication/test_create_token.py b/tests/unit/api/v1/authentication/test_create_token.py
@@ -35,7 +35,7 @@ async def test_create_token(self, async_client: AsyncClient):
             },
         )
 
-        assert response.status_code == 200
+        assert response.status_code == 201
         assert response.json()["access_token"]
         assert response.json()["token_type"] == "bearer"
 

diff --git a/tests/unit/api/v1/workspaces/__init__.py b/tests/unit/api/v1/workspaces/__init__.py
@@ -0,0 +1,13 @@
+#  Copyright 2021-present, the Recognai S.L. team.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.