From 8e6bfd5742f5e6e7422f48a4081cc07d80c13c06 Mon Sep 17 00:00:00 2001
From: Julio Biason <julio.biason@gmail.com>
Date: Sun, 6 Apr 2014 10:49:23 -0300
Subject: [PATCH] list group members

---
 luncho/blueprints/groups.py | 63 +++++++++++++++++++++++++++++++++++++
 luncho/server.py            |  2 +-
 tests/group_tests.py        | 48 ++++++++++++++++++++++++++++
 3 files changed, 112 insertions(+), 1 deletion(-)

diff --git a/luncho/blueprints/groups.py b/luncho/blueprints/groups.py
index 6750929..8e84635 100644
--- a/luncho/blueprints/groups.py
+++ b/luncho/blueprints/groups.py
@@ -68,6 +68,22 @@ class UserIsNotAdminException(LunchoException):
         self.message = 'User is not admin'
 
 
+class UserIsNotMemberException(LunchoException):
+    """The user is not the admin of the group.
+
+    .. sourcecode:: http
+
+       HTTP/1.1 403 Forbidden
+       Content-Type: test/json
+
+       { "status": "ERROR", "message": "User is not member of this group" }
+    """
+    def __init__(self):
+        super(UserIsNotMemberException, self).__init__()
+        self.status = 403
+        self.message = 'User is not member of this group'
+
+
 class SomeUsersNotFoundException(LunchoException):
     """Some users in the add list do not exist.
 
@@ -345,3 +361,50 @@ def add_users_to_group(groupId):
         raise SomeUsersNotFoundException(unknown)
 
     return jsonify(status='OK')
+
+
+@groups.route('<groupId>/users/', methods=['GET'])
+@auth
+def list_group_members(groupId):
+    """*Authenticated request* Return a list of the users in the group. The
+    user must be part of the group to request this list.
+
+    **Success (200)**:
+
+    .. sourcecode:: http
+
+       HTTP/1.1 200 OK
+       Content-Type: text/json
+
+       { "status": "OK", "users": [ { "username": "<username>",
+                                      "full_name": "<full name>"},
+                                      ...] }
+
+    **User is not member of the group (403)**:
+        :py:class:`UserIsNotMemberException`
+
+    **User not found (via token) (404)**:
+        :py:class:`UserNotFoundException`
+
+    **Incomplete request, some users not found (404)**:
+        :py:class:`SomeUsersNotFoundException`
+
+    **Authorization required (412)**:
+        :py:class:`AuthorizationRequiredException`
+    """
+    user = request.user
+    group = Group.query.get(groupId)
+    if not group:
+        raise ElementNotFoundException('Group')
+
+    LOG.debug('user groups: {groups}'.format(groups=user.groups))
+
+    if not group in user.groups:
+        raise UserIsNotMemberException()
+
+    users = []
+    for user in group.users:
+        users.append({'username': user.username,
+                      'full_name': user.fullname})
+
+    return jsonify(status='OK', users=users)
diff --git a/luncho/server.py b/luncho/server.py
index c2c01d7..fd9fc93 100644
--- a/luncho/server.py
+++ b/luncho/server.py
@@ -55,7 +55,7 @@ class User(db.Model):
     created_at = db.Column(db.DateTime, nullable=False)
     groups = db.relationship('Group',
                              secondary=userGroups,
-                             backref=db.backref('groups', lazy='dynamic'))
+                             backref=db.backref('users', lazy='dynamic'))
 
     def __init__(self, username, fullname, passhash, token=None,
                  issued_date=None, verified=False):
diff --git a/tests/group_tests.py b/tests/group_tests.py
index ce44dc8..71db201 100644
--- a/tests/group_tests.py
+++ b/tests/group_tests.py
@@ -3,6 +3,8 @@
 
 import unittest
 
+from json import loads
+
 from luncho import server
 
 from luncho.server import User
@@ -231,6 +233,8 @@ class TestUsersInGroup(LunchoTests):
         self.group = Group(name='Test group',
                            owner=self.user.username)
         server.db.session.add(self.group)
+
+        self.user.groups.append(self.group)
         server.db.session.commit()
         self.user.get_token()
 
@@ -287,5 +291,49 @@ class TestUsersInGroup(LunchoTests):
                       token=self.user.token)
         self.assertJsonError(rv, 404, 'Group not found')
 
+    def test_get_members(self):
+        """Try to get a list of group members."""
+        rv = self.get('/group/{groupId}/users/'.format(groupId=self.group.id),
+                      token=self.user.token)
+        self.assertJsonOk(rv)
+        json = loads(rv.data)
+        self.assertTrue('users' in json)
+        self.assertEqual(len(json['users']), 1)     # just the owner
+        self.assertEqual(json['users'][0]['username'],
+                         self.user.username)
+        self.assertEqual(json['users'][0]['full_name'],
+                         self.user.fullname)
+
+    def test_get_members_by_member(self):
+        """Non admin user requests the list of group members."""
+        new_user = User(username='another_user',
+                        fullname='Another user',
+                        passhash='hash')
+        server.db.session.add(new_user)
+        new_user.groups.append(self.group)
+        server.db.session.commit()
+        new_user.get_token()
+
+        rv = self.get('/group/{groupId}/users/'.format(groupId=self.group.id),
+                      token=new_user.token)
+        self.assertJsonOk(rv)
+
+        json = loads(rv.data)
+        self.assertTrue('users' in json)
+        self.assertEqual(len(json['users']), 2)     # owner and new user
+
+    def test_get_members_by_non_member(self):
+        """A user that is not part of the group ask for members."""
+        new_user = User(username='another_user',
+                        fullname='Another user',
+                        passhash='hash')
+        server.db.session.add(new_user)
+        server.db.session.commit()
+        new_user.get_token()
+
+        rv = self.get('/group/{groupId}/users/'.format(groupId=self.group.id),
+                      token=new_user.token)
+        self.assertJsonError(rv, 403, 'User is not member of this group')
+
 if __name__ == '__main__':
     unittest.main()