feat(auth): added admin utilities for UserGroup

Author: klajdicaushi

python_utils/django/keycloak/admin.py

@@ -0,0 +1,86 @@
+from django.contrib import admin, messages
+from django.core.cache import cache
+from django.urls import path
+from django.shortcuts import redirect
+
+from .service import KeycloakService
+
+
+class UserGroupAdmin(admin.ModelAdmin):
+    list_display = ("path",)
+    search_fields = ("id", "path")
+    readonly_fields = ("id", "path")
+    
+    # To show ManyToMany fields with a horizontal filter widget
+    # filter_horizontal = ("allowed_entities",)
+
+    change_list_template = "user_groups_changelist.html"
+
+    # To show fields in this order in the detail view
+    # fieldsets = (
+    #     (
+    #         None,
+    #         {
+    #             "fields": (
+    #                 "id",
+    #                 "path",
+    #                 "allow_all_entities",
+    #                 "allowed_entities",
+    #             )
+    #         },
+    #     ),
+    # )
+
+    def has_add_permission(self, request):
+        # Manual addition of user groups is not allowed
+        return False
+
+    def has_delete_permission(self, request, obj=None):
+        # Manual deletion of user groups is not allowed
+        return False
+
+    # To show annotated fields in the list view
+    # def get_queryset(self, request):
+    #     return (
+    #         super()
+    #         .get_queryset(request)
+    #         .annotate(allowed_job_configs_count=Count("allowed_job_configs"))
+    #     )
+
+    def get_urls(self):
+        return [
+            path("sync-with-keycloak/", self.sync_groups_with_keycloak),
+            *super().get_urls(),
+        ]
+
+    @staticmethod
+    def sync_groups_with_keycloak(request):  # noqa
+        """Syncs user groups with Keycloak"""
+
+        try:
+            KeycloakService().sync_user_groups(raise_exceptions=True)
+            messages.success(request, "User groups synced successfully.")
+        except Exception as e:
+            messages.error(request, f"Error syncing user groups: {e}")
+
+        return redirect("..")
+
+    # To allow sorting by annotated fields
+    # @admin.display(
+    #     description="Allowed Job Configs", ordering="allowed_job_configs_count"
+    # )
+    # def allowed_job_configs_count(self, obj):
+    #     return obj.allowed_job_configs_count
+
+    def changelist_view(self, request, extra_context=None):
+        """
+        When the list view is accessed, sync the user groups from Keycloak.
+        Cache the sync for 10 minutes to avoid excessive requests.
+        """
+        cache_key = "keycloak_group_sync_lock"
+
+        if cache.get(cache_key) is None:
+            KeycloakService().sync_user_groups()
+            cache.set(cache_key, "true", 60 * 10)
+
+        return super().changelist_view(request, extra_context)

python_utils/django/keycloak/models.py

@@ -0,0 +1,19 @@
+from django.db import models
+
+
+class UserGroupBase(models.Model):
+    """
+    Abstract base model for Keycloak user groups.
+    """
+    id = models.UUIDField(
+        primary_key=True,
+        help_text="The ID of the group, as coming from Keycloak.",
+    )
+    path = models.CharField(
+        max_length=255,
+        help_text="The full path of the group, as coming from Keycloak.",
+        db_index=True,
+    )
+
+    class Meta:
+        abstract = True

python_utils/django/auth/keycloak.py python_utils/django/keycloak/service.pypython_utils/django/auth/keycloak.py renamed to python_utils/django/keycloak/service.py

@@ -1,29 +1,10 @@
 from django.apps import apps
 from django.conf import settings
-from django.db import models
 from keycloak import KeycloakAdmin
 from keycloak import KeycloakOpenIDConnection
 from keycloak.exceptions import KeycloakGetError
 
 
-class UserGroupBase(models.Model):
-    """
-    Abstract base model for Keycloak user groups.
-    """
-    id = models.UUIDField(
-        primary_key=True,
-        help_text="The ID of the group, as coming from Keycloak.",
-    )
-    path = models.CharField(
-        max_length=255,
-        help_text="The full path of the group, as coming from Keycloak.",
-        db_index=True,
-    )
-
-    class Meta:
-        abstract = True
-
-
 class KeycloakService:
     def __init__(self):
         self._user_group_model = self._get_user_group_model()

python_utils/django/keycloak/user_groups_changelist.html

@@ -0,0 +1,7 @@
+{% extends 'admin/change_list.html' %}
+
+{% block object-tools-items %}
+{{ block.super }}
+    <li><a href="sync-with-keycloak/">Sync groups with Keycloak 🔄</a></li>
+
+{% endblock %}