WIP: add change role to the user's invitations

chore: add change role to the user's invitations
Merge branch 'master' into PRWLR-4669-Roles-Page-API-UI
2026-05-17 01:33:16 +00:00 · 2024-12-15 10:37:51 +01:00 · 2024-12-13 12:38:08 +01:00 · 2024-12-13 06:02:29 +01:00 · 2024-12-11 08:30:12 +01:00 · 2024-12-10 18:14:57 +01:00
47 changed files with 6073 additions and 320 deletions
@@ -1,5 +1,6 @@
 import uuid
 from django.core.exceptions import ObjectDoesNotExist
 from django.db import connection, transaction
 from rest_framework import permissions
 from rest_framework.exceptions import NotAuthenticated
@@ -10,6 +11,8 @@ from rest_framework_json_api.views import ModelViewSet
 from rest_framework_simplejwt.authentication import JWTAuthentication
 from api.filters import CustomDjangoFilterBackend
 from api.models import Role, Tenant
 from api.db_router import MainRouter
 class BaseViewSet(ModelViewSet):
@@ -66,7 +69,39 @@ class BaseRLSViewSet(BaseViewSet):
 class BaseTenantViewset(BaseViewSet):
    def dispatch(self, request, *args, **kwargs):
        with transaction.atomic():
-            return super().dispatch(request, *args, **kwargs)
+            tenant = super().dispatch(request, *args, **kwargs)
        try:
            # If the request is a POST, create the admin role
            if request.method == "POST":
                isinstance(tenant, dict) and self._create_admin_role(tenant.data["id"])
        except Exception as e:
            self._handle_creation_error(e, tenant)
            raise
        return tenant
    def _create_admin_role(self, tenant_id):
        Role.objects.using(MainRouter.admin_db).create(
            name="admin",
            tenant_id=tenant_id,
            manage_users=True,
            manage_account=True,
            manage_billing=True,
            manage_providers=True,
            manage_integrations=True,
            manage_scans=True,
            unlimited_visibility=True,
        )
    def _handle_creation_error(self, error, tenant):
        if tenant.data.get("id"):
            try:
                Tenant.objects.using(MainRouter.admin_db).filter(
                    id=tenant.data["id"]
                ).delete()
            except ObjectDoesNotExist:
                pass  # Tenant might not exist, handle gracefully
    def initial(self, request, *args, **kwargs):
        if (
@@ -22,13 +22,10 @@ from api.db_utils import (
    StatusEnumField,
 )
 from api.models import (
    ComplianceOverview,
    Finding,
    Invitation,
    Membership,
    Provider,
    ProviderGroup,
    ProviderSecret,
    Resource,
    ResourceTag,
    Scan,
@@ -36,6 +33,10 @@ from api.models import (
    SeverityChoices,
    StateChoices,
    StatusChoices,
    ProviderSecret,
    Invitation,
    Role,
    ComplianceOverview,
    Task,
    User,
 )
@@ -481,6 +482,43 @@ class UserFilter(FilterSet):
        }
 class RoleFilter(FilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
    permission_state = CharFilter(method="filter_permission_state")
    def filter_permission_state(self, queryset, name, value):
        permission_fields = [
            "manage_users",
            "manage_account",
            "manage_billing",
            "manage_providers",
            "manage_integrations",
            "manage_scans",
        ]
        q_all_true = Q(**{field: True for field in permission_fields})
        q_all_false = Q(**{field: False for field in permission_fields})
        if value == "unlimited":
            return queryset.filter(q_all_true)
        elif value == "none":
            return queryset.filter(q_all_false)
        elif value == "limited":
            return queryset.exclude(q_all_true | q_all_false)
        else:
            return queryset.none()
    class Meta:
        model = Role
        fields = {
            "id": ["exact", "in"],
            "name": ["exact", "in"],
            "inserted_at": ["gte", "lte"],
            "updated_at": ["gte", "lte"],
        }
 class ComplianceOverviewFilter(FilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    provider_type = ChoiceFilter(choices=Provider.ProviderChoices.choices)
@@ -58,5 +58,96 @@
      "provider_group": "525e91e7-f3f3-4254-bbc3-27ce1ade86b1",
      "inserted_at": "2024-11-13T11:55:41.237Z"
    }
  },
  {
    "model": "api.role",
    "pk": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
    "fields": {
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "name": "admin",
      "manage_users": true,
      "manage_account": true,
      "manage_billing": true,
      "manage_providers": true,
      "manage_integrations": true,
      "manage_scans": true,
      "unlimited_visibility": true,
      "inserted_at": "2024-11-20T15:32:42.402Z",
      "updated_at": "2024-11-20T15:32:42.402Z"
    }
  },
  {
    "model": "api.role",
    "pk": "845ff03a-87ef-42ba-9786-6577c70c4df0",
    "fields": {
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "name": "first_role",
      "manage_users": true,
      "manage_account": true,
      "manage_billing": true,
      "manage_providers": true,
      "manage_integrations": false,
      "manage_scans": false,
      "unlimited_visibility": true,
      "inserted_at": "2024-11-20T15:31:53.239Z",
      "updated_at": "2024-11-20T15:31:53.239Z"
    }
  },
  {
    "model": "api.role",
    "pk": "902d726c-4bd5-413a-a2a4-f7b4754b6b20",
    "fields": {
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "name": "third_role",
      "manage_users": false,
      "manage_account": false,
      "manage_billing": false,
      "manage_providers": false,
      "manage_integrations": false,
      "manage_scans": true,
      "unlimited_visibility": false,
      "inserted_at": "2024-11-20T15:34:05.440Z",
      "updated_at": "2024-11-20T15:34:05.440Z"
    }
  },
  {
    "model": "api.roleprovidergrouprelationship",
    "pk": "57fd024a-0a7f-49b4-a092-fa0979a07aaf",
    "fields": {
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "role": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
      "provider_group": "3fe28fb8-e545-424c-9b8f-69aff638f430",
      "inserted_at": "2024-11-20T15:32:42.402Z"
    }
  },
  {
    "model": "api.roleprovidergrouprelationship",
    "pk": "a3cd0099-1c13-4df1-a5e5-ecdfec561b35",
    "fields": {
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "role": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
      "provider_group": "481769f5-db2b-447b-8b00-1dee18db90ec",
      "inserted_at": "2024-11-20T15:32:42.402Z"
    }
  },
  {
    "model": "api.roleprovidergrouprelationship",
    "pk": "cfd84182-a058-40c2-af3c-0189b174940f",
    "fields": {
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "role": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
      "provider_group": "525e91e7-f3f3-4254-bbc3-27ce1ade86b1",
      "inserted_at": "2024-11-20T15:32:42.402Z"
    }
  },
  {
    "model": "api.userrolerelationship",
    "pk": "92339663-e954-4fd8-98fb-8bfe15949975",
    "fields": {
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "role": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
      "user": "8b38e2eb-6689-4f1e-a4ba-95b275130200",
      "inserted_at": "2024-11-20T15:36:14.302Z"
    }
  }
 ]
@@ -552,7 +552,7 @@ class Migration(migrations.Migration):
        migrations.AddConstraint(
            model_name="providergroupmembership",
            constraint=models.UniqueConstraint(
-                fields=("provider_id", "provider_group"),
+                fields=("provider_id", "provider_group_id"),
                name="unique_provider_group_membership",
            ),
        ),
@@ -0,0 +1,246 @@
 # Generated by Django 5.1.1 on 2024-12-05 12:29
 import api.rls
 import django.db.models.deletion
 import uuid
 from django.conf import settings
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ("api", "0002_token_migrations"),
    ]
    operations = [
        migrations.CreateModel(
            name="Role",
            fields=[
                (
                    "id",
                    models.UUIDField(
                        default=uuid.uuid4,
                        editable=False,
                        primary_key=True,
                        serialize=False,
                    ),
                ),
                ("name", models.CharField(max_length=255)),
                ("manage_users", models.BooleanField(default=False)),
                ("manage_account", models.BooleanField(default=False)),
                ("manage_billing", models.BooleanField(default=False)),
                ("manage_providers", models.BooleanField(default=False)),
                ("manage_integrations", models.BooleanField(default=False)),
                ("manage_scans", models.BooleanField(default=False)),
                ("unlimited_visibility", models.BooleanField(default=False)),
                ("inserted_at", models.DateTimeField(auto_now_add=True)),
                ("updated_at", models.DateTimeField(auto_now=True)),
                (
                    "tenant",
                    models.ForeignKey(
                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
                    ),
                ),
            ],
            options={
                "db_table": "roles",
            },
        ),
        migrations.CreateModel(
            name="RoleProviderGroupRelationship",
            fields=[
                (
                    "id",
                    models.UUIDField(
                        default=uuid.uuid4,
                        editable=False,
                        primary_key=True,
                        serialize=False,
                    ),
                ),
                ("inserted_at", models.DateTimeField(auto_now_add=True)),
                (
                    "tenant",
                    models.ForeignKey(
                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
                    ),
                ),
            ],
            options={
                "db_table": "role_provider_group_relationship",
            },
        ),
        migrations.CreateModel(
            name="UserRoleRelationship",
            fields=[
                (
                    "id",
                    models.UUIDField(
                        default=uuid.uuid4,
                        editable=False,
                        primary_key=True,
                        serialize=False,
                    ),
                ),
                ("inserted_at", models.DateTimeField(auto_now_add=True)),
                (
                    "tenant",
                    models.ForeignKey(
                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
                    ),
                ),
            ],
            options={
                "db_table": "role_user_relationship",
            },
        ),
        migrations.AddField(
            model_name="roleprovidergrouprelationship",
            name="provider_group",
            field=models.ForeignKey(
                on_delete=django.db.models.deletion.CASCADE, to="api.providergroup"
            ),
        ),
        migrations.AddField(
            model_name="roleprovidergrouprelationship",
            name="role",
            field=models.ForeignKey(
                on_delete=django.db.models.deletion.CASCADE, to="api.role"
            ),
        ),
        migrations.AddField(
            model_name="role",
            name="provider_groups",
            field=models.ManyToManyField(
                related_name="roles",
                through="api.RoleProviderGroupRelationship",
                to="api.providergroup",
            ),
        ),
        migrations.AddField(
            model_name="userrolerelationship",
            name="role",
            field=models.ForeignKey(
                on_delete=django.db.models.deletion.CASCADE, to="api.role"
            ),
        ),
        migrations.AddField(
            model_name="userrolerelationship",
            name="user",
            field=models.ForeignKey(
                on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL
            ),
        ),
        migrations.AddField(
            model_name="role",
            name="users",
            field=models.ManyToManyField(
                related_name="roles",
                through="api.UserRoleRelationship",
                to=settings.AUTH_USER_MODEL,
            ),
        ),
        migrations.AddConstraint(
            model_name="roleprovidergrouprelationship",
            constraint=models.UniqueConstraint(
                fields=("role_id", "provider_group_id"),
                name="unique_role_provider_group_relationship",
            ),
        ),
        migrations.AddConstraint(
            model_name="roleprovidergrouprelationship",
            constraint=api.rls.RowLevelSecurityConstraint(
                "tenant_id",
                name="rls_on_roleprovidergrouprelationship",
                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
            ),
        ),
        migrations.AddConstraint(
            model_name="userrolerelationship",
            constraint=models.UniqueConstraint(
                fields=("role_id", "user_id"), name="unique_role_user_relationship"
            ),
        ),
        migrations.AddConstraint(
            model_name="userrolerelationship",
            constraint=api.rls.RowLevelSecurityConstraint(
                "tenant_id",
                name="rls_on_userrolerelationship",
                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
            ),
        ),
        migrations.AddConstraint(
            model_name="role",
            constraint=models.UniqueConstraint(
                fields=("tenant_id", "name"), name="unique_role_per_tenant"
            ),
        ),
        migrations.AddConstraint(
            model_name="role",
            constraint=api.rls.RowLevelSecurityConstraint(
                "tenant_id",
                name="rls_on_role",
                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
            ),
        ),
        migrations.CreateModel(
            name="InvitationRoleRelationship",
            fields=[
                (
                    "id",
                    models.UUIDField(
                        default=uuid.uuid4,
                        editable=False,
                        primary_key=True,
                        serialize=False,
                    ),
                ),
                ("inserted_at", models.DateTimeField(auto_now_add=True)),
                (
                    "invitation",
                    models.ForeignKey(
                        on_delete=django.db.models.deletion.CASCADE, to="api.invitation"
                    ),
                ),
                (
                    "role",
                    models.ForeignKey(
                        on_delete=django.db.models.deletion.CASCADE, to="api.role"
                    ),
                ),
                (
                    "tenant",
                    models.ForeignKey(
                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
                    ),
                ),
            ],
            options={
                "db_table": "role_invitation_relationship",
            },
        ),
        migrations.AddConstraint(
            model_name="invitationrolerelationship",
            constraint=models.UniqueConstraint(
                fields=("role_id", "invitation_id"),
                name="unique_role_invitation_relationship",
            ),
        ),
        migrations.AddConstraint(
            model_name="invitationrolerelationship",
            constraint=api.rls.RowLevelSecurityConstraint(
                "tenant_id",
                name="rls_on_invitationrolerelationship",
                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
            ),
        ),
        migrations.AddField(
            model_name="role",
            name="invitations",
            field=models.ManyToManyField(
                related_name="roles",
                through="api.InvitationRoleRelationship",
                to="api.invitation",
            ),
        ),
    ]
@@ -294,29 +294,20 @@ class ProviderGroup(RowLevelSecurityProtectedModel):
        ]
    class JSONAPIMeta:
-        resource_name = "provider-groups"
+        resource_name = "provider-group"
 class ProviderGroupMembership(RowLevelSecurityProtectedModel):
    objects = ActiveProviderManager()
    all_objects = models.Manager()
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    provider = models.ForeignKey(
+    provider_group = models.ForeignKey(ProviderGroup, on_delete=models.CASCADE)
-        Provider,
+    provider = models.ForeignKey(Provider, on_delete=models.CASCADE)
-        on_delete=models.CASCADE,
+    inserted_at = models.DateTimeField(auto_now_add=True)
    )
    provider_group = models.ForeignKey(
        ProviderGroup,
        on_delete=models.CASCADE,
    )
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
    class Meta:
        db_table = "provider_group_memberships"
        constraints = [
            models.UniqueConstraint(
-                fields=["provider_id", "provider_group"],
+                fields=["provider_id", "provider_group_id"],
                name="unique_provider_group_membership",
            ),
            RowLevelSecurityConstraint(
@@ -327,7 +318,7 @@ class ProviderGroupMembership(RowLevelSecurityProtectedModel):
        ]
    class JSONAPIMeta:
-        resource_name = "provider-group-memberships"
+        resource_name = "provider_groups-provider"
 class Task(RowLevelSecurityProtectedModel):
@@ -851,6 +842,118 @@ class Invitation(RowLevelSecurityProtectedModel):
        resource_name = "invitations"
 class Role(RowLevelSecurityProtectedModel):
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    name = models.CharField(max_length=255)
    manage_users = models.BooleanField(default=False)
    manage_account = models.BooleanField(default=False)
    manage_billing = models.BooleanField(default=False)
    manage_providers = models.BooleanField(default=False)
    manage_integrations = models.BooleanField(default=False)
    manage_scans = models.BooleanField(default=False)
    unlimited_visibility = models.BooleanField(default=False)
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
    updated_at = models.DateTimeField(auto_now=True, editable=False)
    provider_groups = models.ManyToManyField(
        ProviderGroup, through="RoleProviderGroupRelationship", related_name="roles"
    )
    users = models.ManyToManyField(
        User, through="UserRoleRelationship", related_name="roles"
    )
    invitations = models.ManyToManyField(
        Invitation, through="InvitationRoleRelationship", related_name="roles"
    )
    class Meta:
        db_table = "roles"
        constraints = [
            models.UniqueConstraint(
                fields=["tenant_id", "name"],
                name="unique_role_per_tenant",
            ),
            RowLevelSecurityConstraint(
                field="tenant_id",
                name="rls_on_%(class)s",
                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
            ),
        ]
    class JSONAPIMeta:
        resource_name = "role"
 class RoleProviderGroupRelationship(RowLevelSecurityProtectedModel):
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    role = models.ForeignKey(Role, on_delete=models.CASCADE)
    provider_group = models.ForeignKey(ProviderGroup, on_delete=models.CASCADE)
    inserted_at = models.DateTimeField(auto_now_add=True)
    class Meta:
        db_table = "role_provider_group_relationship"
        constraints = [
            models.UniqueConstraint(
                fields=["role_id", "provider_group_id"],
                name="unique_role_provider_group_relationship",
            ),
            RowLevelSecurityConstraint(
                field="tenant_id",
                name="rls_on_%(class)s",
                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
            ),
        ]
    class JSONAPIMeta:
        resource_name = "role-provider_groups"
 class UserRoleRelationship(RowLevelSecurityProtectedModel):
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    role = models.ForeignKey(Role, on_delete=models.CASCADE)
    user = models.ForeignKey(User, on_delete=models.CASCADE)
    inserted_at = models.DateTimeField(auto_now_add=True)
    class Meta:
        db_table = "role_user_relationship"
        constraints = [
            models.UniqueConstraint(
                fields=["role_id", "user_id"],
                name="unique_role_user_relationship",
            ),
            RowLevelSecurityConstraint(
                field="tenant_id",
                name="rls_on_%(class)s",
                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
            ),
        ]
    class JSONAPIMeta:
        resource_name = "user-roles"
 class InvitationRoleRelationship(RowLevelSecurityProtectedModel):
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    role = models.ForeignKey(Role, on_delete=models.CASCADE)
    invitation = models.ForeignKey(Invitation, on_delete=models.CASCADE)
    inserted_at = models.DateTimeField(auto_now_add=True)
    class Meta:
        db_table = "role_invitation_relationship"
        constraints = [
            models.UniqueConstraint(
                fields=["role_id", "invitation_id"],
                name="unique_role_invitation_relationship",
            ),
            RowLevelSecurityConstraint(
                field="tenant_id",
                name="rls_on_%(class)s",
                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
            ),
        ]
    class JSONAPIMeta:
        resource_name = "invitation-roles"
 class ComplianceOverview(RowLevelSecurityProtectedModel):
    objects = ActiveProviderManager()
    all_objects = models.Manager()
@@ -0,0 +1,40 @@
 from config.django.base import DISABLE_RBAC
 from enum import Enum
 from rest_framework.permissions import BasePermission
 class Permissions(Enum):
    MANAGE_USERS = "manage_users"
    MANAGE_ACCOUNT = "manage_account"
    MANAGE_BILLING = "manage_billing"
    MANAGE_PROVIDERS = "manage_providers"
    MANAGE_INTEGRATIONS = "manage_integrations"
    MANAGE_SCANS = "manage_scans"
    UNLIMITED_VISIBILITY = "unlimited_visibility"
 class HasPermissions(BasePermission):
    """
    Custom permission to check if the user's role has the required permissions.
    The required permissions should be specified in the view as a list in `required_permissions`.
    """
    def has_permission(self, request, view):
        # This is for testing/demo purposes only
        if DISABLE_RBAC:
            return True
        required_permissions = getattr(view, "required_permissions", [])
        if not required_permissions:
            return True
        user_roles = request.user.roles.all()
        if not user_roles:
            return False
        for perm in required_permissions:
            if not getattr(user_roles[0], perm.value, False):
                return False
        return True
@@ -11,6 +11,7 @@ from conftest import TEST_USER, TEST_PASSWORD, get_api_tokens, get_authorization
 def test_check_resources_between_different_tenants(
    schedule_mock,
    enforce_test_user_db_connection,
    patch_testing_flag,
    authenticated_api_client,
    tenants_fixture,
 ):
@@ -0,0 +1,302 @@
 # TODO: Enable this tests
 import pytest
 from django.urls import reverse
 from rest_framework import status
 from unittest.mock import patch, ANY, Mock
@pytest.mark.django_db
 class TestUserViewSet:
    def test_list_users_with_all_permissions(self, authenticated_client_rbac):
        response = authenticated_client_rbac.get(reverse("user-list"))
        assert response.status_code == status.HTTP_200_OK
        assert isinstance(response.json()["data"], list)
    def test_list_users_with_no_permissions(
        self, authenticated_client_no_permissions_rbac
    ):
        response = authenticated_client_no_permissions_rbac.get(reverse("user-list"))
        assert response.status_code == status.HTTP_403_FORBIDDEN
    def test_retrieve_user_with_all_permissions(
        self, authenticated_client_rbac, create_test_user_rbac
    ):
        response = authenticated_client_rbac.get(
            reverse("user-detail", kwargs={"pk": create_test_user_rbac.id})
        )
        assert response.status_code == status.HTTP_200_OK
        assert (
            response.json()["data"]["attributes"]["email"]
            == create_test_user_rbac.email
        )
    def test_retrieve_user_with_no_permissions(
        self, authenticated_client_no_permissions_rbac, create_test_user
    ):
        response = authenticated_client_no_permissions_rbac.get(
            reverse("user-detail", kwargs={"pk": create_test_user.id})
        )
        assert response.status_code == status.HTTP_403_FORBIDDEN
    @patch("api.db_router.MainRouter.admin_db", new="default")
    def test_create_user_with_all_permissions(self, authenticated_client_rbac):
        valid_user_payload = {
            "name": "test",
            "password": "newpassword123",
            "email": "new_user@test.com",
        }
        response = authenticated_client_rbac.post(
            reverse("user-list"), data=valid_user_payload, format="vnd.api+json"
        )
        assert response.status_code == status.HTTP_201_CREATED
        assert response.json()["data"]["attributes"]["email"] == "new_user@test.com"
    @patch("api.db_router.MainRouter.admin_db", new="default")
    def test_create_user_with_no_permissions(
        self, authenticated_client_no_permissions_rbac
    ):
        valid_user_payload = {
            "name": "test",
            "password": "newpassword123",
            "email": "new_user@test.com",
        }
        response = authenticated_client_no_permissions_rbac.post(
            reverse("user-list"), data=valid_user_payload, format="vnd.api+json"
        )
        assert response.status_code == status.HTTP_201_CREATED
        assert response.json()["data"]["attributes"]["email"] == "new_user@test.com"
    def test_partial_update_user_with_all_permissions(
        self, authenticated_client_rbac, create_test_user_rbac
    ):
        updated_data = {
            "data": {
                "type": "users",
                "id": str(create_test_user_rbac.id),
                "attributes": {"name": "Updated Name"},
            },
        }
        response = authenticated_client_rbac.patch(
            reverse("user-detail", kwargs={"pk": create_test_user_rbac.id}),
            data=updated_data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_200_OK
        assert response.json()["data"]["attributes"]["name"] == "Updated Name"
    def test_partial_update_user_with_no_permissions(
        self, authenticated_client_no_permissions_rbac, create_test_user
    ):
        updated_data = {
            "data": {
                "type": "users",
                "attributes": {"name": "Updated Name"},
            }
        }
        response = authenticated_client_no_permissions_rbac.patch(
            reverse("user-detail", kwargs={"pk": create_test_user.id}),
            data=updated_data,
            format="vnd.api+json",
        )
        assert response.status_code == status.HTTP_403_FORBIDDEN
    def test_delete_user_with_all_permissions(
        self, authenticated_client_rbac, create_test_user_rbac
    ):
        response = authenticated_client_rbac.delete(
            reverse("user-detail", kwargs={"pk": create_test_user_rbac.id})
        )
        assert response.status_code == status.HTTP_204_NO_CONTENT
    def test_delete_user_with_no_permissions(
        self, authenticated_client_no_permissions_rbac, create_test_user
    ):
        response = authenticated_client_no_permissions_rbac.delete(
            reverse("user-detail", kwargs={"pk": create_test_user.id})
        )
        assert response.status_code == status.HTTP_403_FORBIDDEN
    def test_me_with_all_permissions(
        self, authenticated_client_rbac, create_test_user_rbac
    ):
        response = authenticated_client_rbac.get(reverse("user-me"))
        assert response.status_code == status.HTTP_200_OK
        assert (
            response.json()["data"]["attributes"]["email"]
            == create_test_user_rbac.email
        )
    def test_me_with_no_permissions(
        self, authenticated_client_no_permissions_rbac, create_test_user
    ):
        response = authenticated_client_no_permissions_rbac.get(reverse("user-me"))
        assert response.status_code == status.HTTP_200_OK
        assert response.json()["data"]["attributes"]["email"] == "rbac_limited@rbac.com"
@pytest.mark.django_db
 class TestProviderViewSet:
    def test_list_providers_with_all_permissions(
        self, authenticated_client_rbac, providers_fixture
    ):
        response = authenticated_client_rbac.get(reverse("provider-list"))
        assert response.status_code == status.HTTP_200_OK
        assert len(response.json()["data"]) == len(providers_fixture)
    def test_list_providers_with_no_permissions(
        self, authenticated_client_no_permissions_rbac
    ):
        response = authenticated_client_no_permissions_rbac.get(
            reverse("provider-list")
        )
        assert response.status_code == status.HTTP_200_OK
        assert len(response.json()["data"]) == 0
    def test_retrieve_provider_with_all_permissions(
        self, authenticated_client_rbac, providers_fixture
    ):
        provider = providers_fixture[0]
        response = authenticated_client_rbac.get(
            reverse("provider-detail", kwargs={"pk": provider.id})
        )
        assert response.status_code == status.HTTP_200_OK
        assert response.json()["data"]["attributes"]["alias"] == provider.alias
    def test_retrieve_provider_with_no_permissions(
        self, authenticated_client_no_permissions_rbac, providers_fixture
    ):
        provider = providers_fixture[0]
        response = authenticated_client_no_permissions_rbac.get(
            reverse("provider-detail", kwargs={"pk": provider.id})
        )
        assert response.status_code == status.HTTP_404_NOT_FOUND
    def test_create_provider_with_all_permissions(self, authenticated_client_rbac):
        payload = {"provider": "aws", "uid": "111111111111", "alias": "new_alias"}
        response = authenticated_client_rbac.post(
            reverse("provider-list"), data=payload, format="json"
        )
        assert response.status_code == status.HTTP_201_CREATED
        assert response.json()["data"]["attributes"]["alias"] == "new_alias"
    def test_create_provider_with_no_permissions(
        self, authenticated_client_no_permissions_rbac
    ):
        payload = {"provider": "aws", "uid": "111111111111", "alias": "new_alias"}
        response = authenticated_client_no_permissions_rbac.post(
            reverse("provider-list"), data=payload, format="json"
        )
        assert response.status_code == status.HTTP_403_FORBIDDEN
    def test_partial_update_provider_with_all_permissions(
        self, authenticated_client_rbac, providers_fixture
    ):
        provider = providers_fixture[0]
        payload = {
            "data": {
                "type": "providers",
                "id": provider.id,
                "attributes": {"alias": "updated_alias"},
            },
        }
        response = authenticated_client_rbac.patch(
            reverse("provider-detail", kwargs={"pk": provider.id}),
            data=payload,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_200_OK
        assert response.json()["data"]["attributes"]["alias"] == "updated_alias"
    def test_partial_update_provider_with_no_permissions(
        self, authenticated_client_no_permissions_rbac, providers_fixture
    ):
        provider = providers_fixture[0]
        update_payload = {
            "data": {
                "type": "providers",
                "attributes": {"alias": "updated_alias"},
            }
        }
        response = authenticated_client_no_permissions_rbac.patch(
            reverse("provider-detail", kwargs={"pk": provider.id}),
            data=update_payload,
            format="vnd.api+json",
        )
        assert response.status_code == status.HTTP_403_FORBIDDEN
    @patch("api.v1.views.Task.objects.get")
    @patch("api.v1.views.delete_provider_task.delay")
    def test_delete_provider_with_all_permissions(
        self,
        mock_delete_task,
        mock_task_get,
        authenticated_client_rbac,
        providers_fixture,
        tasks_fixture,
    ):
        prowler_task = tasks_fixture[0]
        task_mock = Mock()
        task_mock.id = prowler_task.id
        mock_delete_task.return_value = task_mock
        mock_task_get.return_value = prowler_task
        provider1, *_ = providers_fixture
        response = authenticated_client_rbac.delete(
            reverse("provider-detail", kwargs={"pk": provider1.id})
        )
        assert response.status_code == status.HTTP_202_ACCEPTED
        mock_delete_task.assert_called_once_with(
            provider_id=str(provider1.id), tenant_id=ANY
        )
        assert "Content-Location" in response.headers
        assert response.headers["Content-Location"] == f"/api/v1/tasks/{task_mock.id}"
    def test_delete_provider_with_no_permissions(
        self, authenticated_client_no_permissions_rbac, providers_fixture
    ):
        provider = providers_fixture[0]
        response = authenticated_client_no_permissions_rbac.delete(
            reverse("provider-detail", kwargs={"pk": provider.id})
        )
        assert response.status_code == status.HTTP_403_FORBIDDEN
    @patch("api.v1.views.Task.objects.get")
    @patch("api.v1.views.check_provider_connection_task.delay")
    def test_connection_with_all_permissions(
        self,
        mock_provider_connection,
        mock_task_get,
        authenticated_client_rbac,
        providers_fixture,
        tasks_fixture,
    ):
        prowler_task = tasks_fixture[0]
        task_mock = Mock()
        task_mock.id = prowler_task.id
        task_mock.status = "PENDING"
        mock_provider_connection.return_value = task_mock
        mock_task_get.return_value = prowler_task
        provider1, *_ = providers_fixture
        assert provider1.connected is None
        assert provider1.connection_last_checked_at is None
        response = authenticated_client_rbac.post(
            reverse("provider-connection", kwargs={"pk": provider1.id})
        )
        assert response.status_code == status.HTTP_202_ACCEPTED
        mock_provider_connection.assert_called_once_with(
            provider_id=str(provider1.id), tenant_id=ANY
        )
        assert "Content-Location" in response.headers
        assert response.headers["Content-Location"] == f"/api/v1/tasks/{task_mock.id}"
    def test_connection_with_no_permissions(
        self, authenticated_client_no_permissions_rbac, providers_fixture
    ):
        provider = providers_fixture[0]
        response = authenticated_client_no_permissions_rbac.post(
            reverse("provider-connection", kwargs={"pk": provider.id})
        )
        assert response.status_code == status.HTTP_403_FORBIDDEN
@@ -9,11 +9,14 @@ from django.urls import reverse
 from rest_framework import status
 from api.models import (
    Invitation,
    Membership,
    Provider,
    ProviderGroup,
    ProviderGroupMembership,
    Role,
    RoleProviderGroupRelationship,
    Invitation,
    UserRoleRelationship,
    ProviderSecret,
    Scan,
    StateChoices,
@@ -24,6 +27,14 @@ from api.rls import Tenant
 TODAY = str(datetime.today().date())
@pytest.fixture(autouse=True)
 def enable_testing_flag(patch_testing_flag):
    """
    Automatically applies the patch_testing_flag fixture to all tests in this file.
    """
    pass
@pytest.mark.django_db
 class TestUserViewSet:
    def test_users_list(self, authenticated_client, create_test_user):
@@ -1200,7 +1211,7 @@ class TestProviderGroupViewSet:
    def test_provider_group_create(self, authenticated_client):
        data = {
            "data": {
-                "type": "provider-groups",
+                "type": "provider-group",
                "attributes": {
                    "name": "Test Provider Group",
                },
@@ -1219,7 +1230,7 @@ class TestProviderGroupViewSet:
    def test_provider_group_create_invalid(self, authenticated_client):
        data = {
            "data": {
-                "type": "provider-groups",
+                "type": "provider-group",
                "attributes": {
                    # Name is missing
                },
@@ -1241,7 +1252,7 @@ class TestProviderGroupViewSet:
        data = {
            "data": {
                "id": str(provider_group.id),
-                "type": "provider-groups",
+                "type": "provider-group",
                "attributes": {
                    "name": "Updated Provider Group Name",
                },
@@ -1263,7 +1274,7 @@ class TestProviderGroupViewSet:
        data = {
            "data": {
                "id": str(provider_group.id),
-                "type": "provider-groups",
+                "type": "provider-group",
                "attributes": {
                    "name": "",  # Invalid name
                },
@@ -1294,100 +1305,6 @@ class TestProviderGroupViewSet:
        )
        assert response.status_code == status.HTTP_404_NOT_FOUND
    def test_provider_group_providers_update(
        self, authenticated_client, provider_groups_fixture, providers_fixture
    ):
        provider_group = provider_groups_fixture[0]
        provider_ids = [str(provider.id) for provider in providers_fixture]
        data = {
            "data": {
                "type": "provider-group-memberships",
                "id": str(provider_group.id),
                "attributes": {"provider_ids": provider_ids},
            }
        }
        response = authenticated_client.put(
            reverse("providergroup-providers", kwargs={"pk": provider_group.id}),
            data=json.dumps(data),
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_200_OK
        memberships = ProviderGroupMembership.objects.filter(
            provider_group=provider_group
        )
        assert memberships.count() == len(provider_ids)
        for membership in memberships:
            assert str(membership.provider_id) in provider_ids
    def test_provider_group_providers_update_non_existent_provider(
        self, authenticated_client, provider_groups_fixture, providers_fixture
    ):
        provider_group = provider_groups_fixture[0]
        provider_ids = [str(provider.id) for provider in providers_fixture]
        provider_ids[-1] = "1b59e032-3eb6-4694-93a5-df84cd9b3ce2"
        data = {
            "data": {
                "type": "provider-group-memberships",
                "id": str(provider_group.id),
                "attributes": {"provider_ids": provider_ids},
            }
        }
        response = authenticated_client.put(
            reverse("providergroup-providers", kwargs={"pk": provider_group.id}),
            data=json.dumps(data),
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_400_BAD_REQUEST
        errors = response.json()["errors"]
        assert (
            errors[0]["detail"]
            == f"The following provider IDs do not exist: {provider_ids[-1]}"
        )
    def test_provider_group_providers_update_invalid_provider(
        self, authenticated_client, provider_groups_fixture
    ):
        provider_group = provider_groups_fixture[1]
        invalid_provider_id = "non-existent-id"
        data = {
            "data": {
                "type": "provider-group-memberships",
                "id": str(provider_group.id),
                "attributes": {"provider_ids": [invalid_provider_id]},
            }
        }
        response = authenticated_client.put(
            reverse("providergroup-providers", kwargs={"pk": provider_group.id}),
            data=json.dumps(data),
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_400_BAD_REQUEST
        errors = response.json()["errors"]
        assert errors[0]["detail"] == "Must be a valid UUID."
    def test_provider_group_providers_update_invalid_payload(
        self, authenticated_client, provider_groups_fixture
    ):
        provider_group = provider_groups_fixture[2]
        data = {
            # Missing "provider_ids"
        }
        response = authenticated_client.put(
            reverse("providergroup-providers", kwargs={"pk": provider_group.id}),
            data=json.dumps(data),
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_400_BAD_REQUEST
        errors = response.json()["errors"]
        assert errors[0]["detail"] == "Received document does not contain primary data"
    def test_provider_group_retrieve_not_found(self, authenticated_client):
        response = authenticated_client.get(
            reverse("providergroup-detail", kwargs={"pk": "non-existent-id"})
@@ -2652,7 +2569,9 @@ class TestInvitationViewSet:
        )
        assert response.status_code == status.HTTP_404_NOT_FOUND
-    def test_invitations_create_valid(self, authenticated_client, create_test_user):
+    def test_invitations_create_valid(
        self, authenticated_client, create_test_user, roles_fixture
    ):
        user = create_test_user
        data = {
            "data": {
@@ -2661,6 +2580,11 @@ class TestInvitationViewSet:
                    "email": "any_email@prowler.com",
                    "expires_at": self.TOMORROW_ISO,
                },
                "relationships": {
                    "roles": {
                        "data": [{"type": "role", "id": str(roles_fixture[0].id)}]
                    }
                },
            }
        }
        response = authenticated_client.post(
@@ -2719,6 +2643,11 @@ class TestInvitationViewSet:
            response.json()["errors"][0]["source"]["pointer"]
            == "/data/attributes/email"
        )
        assert response.json()["errors"][1]["code"] == "required"
        assert (
            response.json()["errors"][1]["source"]["pointer"]
            == "/data/relationships/roles"
        )
    def test_invitations_create_invalid_expires_at(
        self, authenticated_client, invitations_fixture
@@ -2745,6 +2674,11 @@ class TestInvitationViewSet:
            response.json()["errors"][0]["source"]["pointer"]
            == "/data/attributes/expires_at"
        )
        assert response.json()["errors"][1]["code"] == "required"
        assert (
            response.json()["errors"][1]["source"]["pointer"]
            == "/data/relationships/roles"
        )
    def test_invitations_partial_update_valid(
        self, authenticated_client, invitations_fixture
@@ -2983,7 +2917,6 @@ class TestInvitationViewSet:
        response = authenticated_client.post(
            reverse("invitation-accept"), data=data, format="json"
        )
        assert response.status_code == status.HTTP_201_CREATED
        invitation.refresh_from_db()
        assert Membership.objects.filter(
@@ -3166,6 +3099,596 @@ class TestInvitationViewSet:
        assert response.status_code == status.HTTP_400_BAD_REQUEST
@pytest.mark.django_db
 class TestRoleViewSet:
    def test_role_list(self, authenticated_client, roles_fixture):
        response = authenticated_client.get(reverse("role-list"))
        assert response.status_code == status.HTTP_200_OK
        assert len(response.json()["data"]) == len(roles_fixture)
    def test_role_retrieve(self, authenticated_client, roles_fixture):
        role = roles_fixture[0]
        response = authenticated_client.get(
            reverse("role-detail", kwargs={"pk": role.id})
        )
        assert response.status_code == status.HTTP_200_OK
        data = response.json()["data"]
        assert data["id"] == str(role.id)
        assert data["attributes"]["name"] == role.name
    def test_role_create(self, authenticated_client):
        data = {
            "data": {
                "type": "role",
                "attributes": {
                    "name": "Test Role",
                    "manage_users": "false",
                    "manage_account": "false",
                    "manage_billing": "false",
                    "manage_providers": "true",
                    "manage_integrations": "true",
                    "manage_scans": "true",
                    "unlimited_visibility": "true",
                },
                "relationships": {"provider_groups": {"data": []}},
            }
        }
        response = authenticated_client.post(
            reverse("role-list"),
            data=json.dumps(data),
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_201_CREATED
        response_data = response.json()["data"]
        assert response_data["attributes"]["name"] == "Test Role"
        assert Role.objects.filter(name="Test Role").exists()
    def test_role_provider_groups_create(
        self, authenticated_client, provider_groups_fixture
    ):
        data = {
            "data": {
                "type": "role",
                "attributes": {
                    "name": "Test Role",
                    "manage_users": "false",
                    "manage_account": "false",
                    "manage_billing": "false",
                    "manage_providers": "true",
                    "manage_integrations": "true",
                    "manage_scans": "true",
                    "unlimited_visibility": "true",
                },
                "relationships": {
                    "provider_groups": {
                        "data": [
                            {"type": "provider-group", "id": str(provider_group.id)}
                            for provider_group in provider_groups_fixture[:2]
                        ]
                    }
                },
            }
        }
        response = authenticated_client.post(
            reverse("role-list"),
            data=json.dumps(data),
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_201_CREATED
        response_data = response.json()["data"]
        assert response_data["attributes"]["name"] == "Test Role"
        assert Role.objects.filter(name="Test Role").exists()
        relationships = (
            Role.objects.filter(name="Test Role").first().provider_groups.all()
        )
        assert relationships.count() == 2
        for relationship in relationships:
            assert relationship.id in [pg.id for pg in provider_groups_fixture[:2]]
    def test_role_create_invalid(self, authenticated_client):
        data = {
            "data": {
                "type": "role",
                "attributes": {
                    # Name is missing
                },
            }
        }
        response = authenticated_client.post(
            reverse("role-list"),
            data=json.dumps(data),
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_400_BAD_REQUEST
        errors = response.json()["errors"]
        assert errors[0]["source"]["pointer"] == "/data/attributes/name"
    def test_role_partial_update(self, authenticated_client, roles_fixture):
        role = roles_fixture[1]
        data = {
            "data": {
                "id": str(role.id),
                "type": "role",
                "attributes": {
                    "name": "Updated Provider Group Name",
                },
            }
        }
        response = authenticated_client.patch(
            reverse("role-detail", kwargs={"pk": role.id}),
            data=json.dumps(data),
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_200_OK
        role.refresh_from_db()
        assert role.name == "Updated Provider Group Name"
    def test_role_partial_update_invalid(self, authenticated_client, roles_fixture):
        role = roles_fixture[2]
        data = {
            "data": {
                "id": str(role.id),
                "type": "role",
                "attributes": {
                    "name": "",  # Invalid name
                },
            }
        }
        response = authenticated_client.patch(
            reverse("role-detail", kwargs={"pk": role.id}),
            data=json.dumps(data),
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_400_BAD_REQUEST
        errors = response.json()["errors"]
        assert errors[0]["source"]["pointer"] == "/data/attributes/name"
    def test_role_destroy(self, authenticated_client, roles_fixture):
        role = roles_fixture[2]
        response = authenticated_client.delete(
            reverse("role-detail", kwargs={"pk": role.id})
        )
        assert response.status_code == status.HTTP_204_NO_CONTENT
        assert not Role.objects.filter(id=role.id).exists()
    def test_role_destroy_invalid(self, authenticated_client):
        response = authenticated_client.delete(
            reverse("role-detail", kwargs={"pk": "non-existent-id"})
        )
        assert response.status_code == status.HTTP_404_NOT_FOUND
    def test_role_retrieve_not_found(self, authenticated_client):
        response = authenticated_client.get(
            reverse("role-detail", kwargs={"pk": "non-existent-id"})
        )
        assert response.status_code == status.HTTP_404_NOT_FOUND
    def test_role_list_filters(self, authenticated_client, roles_fixture):
        role = roles_fixture[0]
        response = authenticated_client.get(
            reverse("role-list"), {"filter[name]": role.name}
        )
        assert response.status_code == status.HTTP_200_OK
        data = response.json()["data"]
        assert len(data) == 1
        assert data[0]["attributes"]["name"] == role.name
    def test_role_list_sorting(self, authenticated_client, roles_fixture):
        response = authenticated_client.get(reverse("role-list"), {"sort": "name"})
        assert response.status_code == status.HTTP_200_OK
        data = response.json()["data"]
        names = [item["attributes"]["name"] for item in data]
        assert names == sorted(names)
    def test_role_invalid_method(self, authenticated_client):
        response = authenticated_client.put(reverse("role-list"))
        assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED
@pytest.mark.django_db
 class TestUserRoleRelationshipViewSet:
    def test_create_relationship(
        self, authenticated_client, roles_fixture, create_test_user
    ):
        data = {
            "data": [{"type": "role", "id": str(role.id)} for role in roles_fixture[:2]]
        }
        response = authenticated_client.post(
            reverse("user-roles-relationship", kwargs={"pk": create_test_user.id}),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_204_NO_CONTENT
        relationships = UserRoleRelationship.objects.filter(user=create_test_user.id)
        assert relationships.count() == 2
        for relationship in relationships[1:]:  # Skip admin role
            assert relationship.role.id in [r.id for r in roles_fixture[:2]]
    def test_create_relationship_already_exists(
        self, authenticated_client, roles_fixture, create_test_user
    ):
        data = {
            "data": [{"type": "role", "id": str(role.id)} for role in roles_fixture[:2]]
        }
        authenticated_client.post(
            reverse("user-roles-relationship", kwargs={"pk": create_test_user.id}),
            data=data,
            content_type="application/vnd.api+json",
        )
        data = {
            "data": [
                {"type": "role", "id": str(roles_fixture[0].id)},
            ]
        }
        response = authenticated_client.post(
            reverse("user-roles-relationship", kwargs={"pk": create_test_user.id}),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_400_BAD_REQUEST
        errors = response.json()["errors"]["detail"]
        assert "already associated" in errors
    def test_partial_update_relationship(
        self, authenticated_client, roles_fixture, create_test_user
    ):
        data = {
            "data": [
                {"type": "role", "id": str(roles_fixture[1].id)},
            ]
        }
        response = authenticated_client.patch(
            reverse("user-roles-relationship", kwargs={"pk": create_test_user.id}),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_204_NO_CONTENT
        relationships = UserRoleRelationship.objects.filter(user=create_test_user.id)
        assert relationships.count() == 1
        assert {rel.role.id for rel in relationships} == {roles_fixture[1].id}
        data = {
            "data": [
                {"type": "role", "id": str(roles_fixture[1].id)},
                {"type": "role", "id": str(roles_fixture[2].id)},
            ]
        }
        response = authenticated_client.patch(
            reverse("user-roles-relationship", kwargs={"pk": create_test_user.id}),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_204_NO_CONTENT
        relationships = UserRoleRelationship.objects.filter(user=create_test_user.id)
        assert relationships.count() == 2
        assert {rel.role.id for rel in relationships} == {
            roles_fixture[1].id,
            roles_fixture[2].id,
        }
    def test_destroy_relationship(
        self, authenticated_client, roles_fixture, create_test_user
    ):
        response = authenticated_client.delete(
            reverse("user-roles-relationship", kwargs={"pk": create_test_user.id}),
        )
        assert response.status_code == status.HTTP_204_NO_CONTENT
        relationships = UserRoleRelationship.objects.filter(role=roles_fixture[0].id)
        assert relationships.count() == 0
    def test_invalid_provider_group_id(self, authenticated_client, create_test_user):
        invalid_id = "non-existent-id"
        data = {"data": [{"type": "provider-group", "id": invalid_id}]}
        response = authenticated_client.post(
            reverse("user-roles-relationship", kwargs={"pk": create_test_user.id}),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_400_BAD_REQUEST
        errors = response.json()["errors"][0]["detail"]
        assert "valid UUID" in errors
@pytest.mark.django_db
 class TestRoleProviderGroupRelationshipViewSet:
    def test_create_relationship(
        self, authenticated_client, roles_fixture, provider_groups_fixture
    ):
        data = {
            "data": [
                {"type": "provider-group", "id": str(provider_group.id)}
                for provider_group in provider_groups_fixture[:2]
            ]
        }
        response = authenticated_client.post(
            reverse(
                "role-provider-groups-relationship", kwargs={"pk": roles_fixture[0].id}
            ),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_204_NO_CONTENT
        relationships = RoleProviderGroupRelationship.objects.filter(
            role=roles_fixture[0].id
        )
        assert relationships.count() == 2
        for relationship in relationships:
            assert relationship.provider_group.id in [
                pg.id for pg in provider_groups_fixture[:2]
            ]
    def test_create_relationship_already_exists(
        self, authenticated_client, roles_fixture, provider_groups_fixture
    ):
        data = {
            "data": [
                {"type": "provider-group", "id": str(provider_group.id)}
                for provider_group in provider_groups_fixture[:2]
            ]
        }
        authenticated_client.post(
            reverse(
                "role-provider-groups-relationship", kwargs={"pk": roles_fixture[0].id}
            ),
            data=data,
            content_type="application/vnd.api+json",
        )
        data = {
            "data": [
                {"type": "provider-group", "id": str(provider_groups_fixture[0].id)},
            ]
        }
        response = authenticated_client.post(
            reverse(
                "role-provider-groups-relationship", kwargs={"pk": roles_fixture[0].id}
            ),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_400_BAD_REQUEST
        errors = response.json()["errors"]["detail"]
        assert "already associated" in errors
    def test_partial_update_relationship(
        self, authenticated_client, roles_fixture, provider_groups_fixture
    ):
        data = {
            "data": [
                {"type": "provider-group", "id": str(provider_groups_fixture[1].id)},
            ]
        }
        response = authenticated_client.patch(
            reverse(
                "role-provider-groups-relationship", kwargs={"pk": roles_fixture[2].id}
            ),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_204_NO_CONTENT
        relationships = RoleProviderGroupRelationship.objects.filter(
            role=roles_fixture[2].id
        )
        assert relationships.count() == 1
        assert {rel.provider_group.id for rel in relationships} == {
            provider_groups_fixture[1].id
        }
        data = {
            "data": [
                {"type": "provider-group", "id": str(provider_groups_fixture[1].id)},
                {"type": "provider-group", "id": str(provider_groups_fixture[2].id)},
            ]
        }
        response = authenticated_client.patch(
            reverse(
                "role-provider-groups-relationship", kwargs={"pk": roles_fixture[2].id}
            ),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_204_NO_CONTENT
        relationships = RoleProviderGroupRelationship.objects.filter(
            role=roles_fixture[2].id
        )
        assert relationships.count() == 2
        assert {rel.provider_group.id for rel in relationships} == {
            provider_groups_fixture[1].id,
            provider_groups_fixture[2].id,
        }
    def test_destroy_relationship(
        self, authenticated_client, roles_fixture, provider_groups_fixture
    ):
        response = authenticated_client.delete(
            reverse(
                "role-provider-groups-relationship", kwargs={"pk": roles_fixture[0].id}
            ),
        )
        assert response.status_code == status.HTTP_204_NO_CONTENT
        relationships = RoleProviderGroupRelationship.objects.filter(
            role=roles_fixture[0].id
        )
        assert relationships.count() == 0
    def test_invalid_provider_group_id(self, authenticated_client, roles_fixture):
        invalid_id = "non-existent-id"
        data = {"data": [{"type": "provider-group", "id": invalid_id}]}
        response = authenticated_client.post(
            reverse(
                "role-provider-groups-relationship", kwargs={"pk": roles_fixture[1].id}
            ),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_400_BAD_REQUEST
        errors = response.json()["errors"][0]["detail"]
        assert "valid UUID" in errors
@pytest.mark.django_db
 class TestProviderGroupMembershipViewSet:
    def test_create_relationship(
        self, authenticated_client, providers_fixture, provider_groups_fixture
    ):
        provider_group, *_ = provider_groups_fixture
        data = {
            "data": [
                {"type": "provider", "id": str(provider.id)}
                for provider in providers_fixture[:2]
            ]
        }
        response = authenticated_client.post(
            reverse(
                "provider_group-providers-relationship",
                kwargs={"pk": provider_group.id},
            ),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_204_NO_CONTENT
        relationships = ProviderGroupMembership.objects.filter(
            provider_group=provider_group.id
        )
        assert relationships.count() == 2
        for relationship in relationships:
            assert relationship.provider.id in [p.id for p in providers_fixture[:2]]
    def test_create_relationship_already_exists(
        self, authenticated_client, providers_fixture, provider_groups_fixture
    ):
        provider_group, *_ = provider_groups_fixture
        data = {
            "data": [
                {"type": "provider", "id": str(provider.id)}
                for provider in providers_fixture[:2]
            ]
        }
        authenticated_client.post(
            reverse(
                "provider_group-providers-relationship",
                kwargs={"pk": provider_group.id},
            ),
            data=data,
            content_type="application/vnd.api+json",
        )
        data = {
            "data": [
                {"type": "provider", "id": str(providers_fixture[0].id)},
            ]
        }
        response = authenticated_client.post(
            reverse(
                "provider_group-providers-relationship",
                kwargs={"pk": provider_group.id},
            ),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_400_BAD_REQUEST
        errors = response.json()["errors"]["detail"]
        assert "already associated" in errors
    def test_partial_update_relationship(
        self, authenticated_client, providers_fixture, provider_groups_fixture
    ):
        provider_group, *_ = provider_groups_fixture
        data = {
            "data": [
                {"type": "provider", "id": str(providers_fixture[1].id)},
            ]
        }
        response = authenticated_client.patch(
            reverse(
                "provider_group-providers-relationship",
                kwargs={"pk": provider_group.id},
            ),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_204_NO_CONTENT
        relationships = ProviderGroupMembership.objects.filter(
            provider_group=provider_group.id
        )
        assert relationships.count() == 1
        assert {rel.provider.id for rel in relationships} == {providers_fixture[1].id}
        data = {
            "data": [
                {"type": "provider", "id": str(providers_fixture[1].id)},
                {"type": "provider", "id": str(providers_fixture[2].id)},
            ]
        }
        response = authenticated_client.patch(
            reverse(
                "provider_group-providers-relationship",
                kwargs={"pk": provider_group.id},
            ),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_204_NO_CONTENT
        relationships = ProviderGroupMembership.objects.filter(
            provider_group=provider_group.id
        )
        assert relationships.count() == 2
        assert {rel.provider.id for rel in relationships} == {
            providers_fixture[1].id,
            providers_fixture[2].id,
        }
    def test_destroy_relationship(
        self, authenticated_client, providers_fixture, provider_groups_fixture
    ):
        provider_group, *_ = provider_groups_fixture
        data = {
            "data": [
                {"type": "provider", "id": str(provider.id)}
                for provider in providers_fixture[:2]
            ]
        }
        response = authenticated_client.post(
            reverse(
                "provider_group-providers-relationship",
                kwargs={"pk": provider_group.id},
            ),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_204_NO_CONTENT
        response = authenticated_client.delete(
            reverse(
                "provider_group-providers-relationship",
                kwargs={"pk": provider_group.id},
            ),
        )
        assert response.status_code == status.HTTP_204_NO_CONTENT
        relationships = ProviderGroupMembership.objects.filter(
            provider_group=providers_fixture[0].id
        )
        assert relationships.count() == 0
    def test_invalid_provider_group_id(
        self, authenticated_client, provider_groups_fixture
    ):
        provider_group, *_ = provider_groups_fixture
        invalid_id = "non-existent-id"
        data = {"data": [{"type": "provider-group", "id": invalid_id}]}
        response = authenticated_client.post(
            reverse(
                "provider_group-providers-relationship",
                kwargs={"pk": provider_group.id},
            ),
            data=data,
            content_type="application/vnd.api+json",
        )
        assert response.status_code == status.HTTP_400_BAD_REQUEST
        errors = response.json()["errors"][0]["detail"]
        assert "valid UUID" in errors
@pytest.mark.django_db
 class TestComplianceOverviewViewSet:
    def test_compliance_overview_list_none(self, authenticated_client):
@@ -14,16 +14,20 @@ from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
 from rest_framework_simplejwt.tokens import RefreshToken
 from api.models import (
    ComplianceOverview,
    Finding,
    Invitation,
    Membership,
    Provider,
    ProviderGroup,
    ProviderGroupMembership,
    ProviderSecret,
    Resource,
    ResourceTag,
    Finding,
    ProviderSecret,
    Invitation,
    InvitationRoleRelationship,
    Role,
    RoleProviderGroupRelationship,
    UserRoleRelationship,
    ComplianceOverview,
    Scan,
    StateChoices,
    Task,
@@ -176,10 +180,26 @@ class UserSerializer(BaseSerializerV1):
    """
    memberships = serializers.ResourceRelatedField(many=True, read_only=True)
    roles = serializers.ResourceRelatedField(many=True, read_only=True)
    class Meta:
        model = User
-        fields = ["id", "name", "email", "company_name", "date_joined", "memberships"]
+        fields = [
            "id",
            "name",
            "email",
            "company_name",
            "date_joined",
            "memberships",
            "roles",
        ]
        extra_kwargs = {
            "roles": {"read_only": True},
        }
    included_serializers = {
        "roles": "api.v1.serializers.RoleSerializer",
    }
 class UserCreateSerializer(BaseWriteSerializer):
@@ -235,6 +255,73 @@ class UserUpdateSerializer(BaseWriteSerializer):
        return super().update(instance, validated_data)
 class RoleResourceIdentifierSerializer(serializers.Serializer):
    resource_type = serializers.CharField(source="type")
    id = serializers.UUIDField()
    class JSONAPIMeta:
        resource_name = "role-identifier"
    def to_representation(self, instance):
        """
        Ensure 'type' is used in the output instead of 'resource_type'.
        """
        representation = super().to_representation(instance)
        representation["type"] = representation.pop("resource_type", None)
        return representation
    def to_internal_value(self, data):
        """
        Map 'type' back to 'resource_type' during input.
        """
        data["resource_type"] = data.pop("type", None)
        return super().to_internal_value(data)
 class UserRoleRelationshipSerializer(RLSSerializer, BaseWriteSerializer):
    """
    Serializer for modifying user memberships
    """
    roles = serializers.ListField(
        child=RoleResourceIdentifierSerializer(),
        help_text="List of resource identifier objects representing roles.",
    )
    def create(self, validated_data):
        role_ids = [item["id"] for item in validated_data["roles"]]
        roles = Role.objects.filter(id__in=role_ids)
        tenant_id = self.context.get("tenant_id")
        new_relationships = [
            UserRoleRelationship(
                user=self.context.get("user"), role=r, tenant_id=tenant_id
            )
            for r in roles
        ]
        UserRoleRelationship.objects.bulk_create(new_relationships)
        return self.context.get("user")
    def update(self, instance, validated_data):
        role_ids = [item["id"] for item in validated_data["roles"]]
        roles = Role.objects.filter(id__in=role_ids)
        tenant_id = self.context.get("tenant_id")
        instance.roles.clear()
        new_relationships = [
            UserRoleRelationship(user=instance, role=r, tenant_id=tenant_id)
            for r in roles
        ]
        UserRoleRelationship.objects.bulk_create(new_relationships)
        return instance
    class Meta:
        model = UserRoleRelationship
        fields = ["id", "roles"]
 # Tasks
 class TaskBase(serializers.ModelSerializer):
    state_mapping = {
@@ -361,31 +448,30 @@ class ProviderGroupSerializer(RLSSerializer, BaseWriteSerializer):
    providers = serializers.ResourceRelatedField(many=True, read_only=True)
    def validate(self, attrs):
-        tenant = self.context["tenant_id"]
+        if ProviderGroup.objects.filter(name=attrs.get("name")).exists():
        name = attrs.get("name", self.instance.name if self.instance else None)
        # Exclude the current instance when checking for uniqueness during updates
        queryset = ProviderGroup.objects.filter(tenant=tenant, name=name)
        if self.instance:
            queryset = queryset.exclude(pk=self.instance.pk)
        if queryset.exists():
            raise serializers.ValidationError(
-                {
+                {"name": "A provider group with this name already exists."}
                    "name": "A provider group with this name already exists for this tenant."
                }
            )
        return super().validate(attrs)
    class Meta:
        model = ProviderGroup
-        fields = ["id", "name", "inserted_at", "updated_at", "providers", "url"]
+        fields = [
-        read_only_fields = ["id", "inserted_at", "updated_at"]
+            "id",
            "name",
            "inserted_at",
            "updated_at",
            "providers",
            "roles",
            "url",
        ]
        extra_kwargs = {
            "id": {"read_only": True},
            "inserted_at": {"read_only": True},
            "updated_at": {"read_only": True},
            "roles": {"read_only": True},
            "url": {"read_only": True},
        }
@@ -406,41 +492,75 @@ class ProviderGroupUpdateSerializer(RLSSerializer, BaseWriteSerializer):
        fields = ["id", "name"]
-class ProviderGroupMembershipUpdateSerializer(RLSSerializer, BaseWriteSerializer):
+class ProviderResourceIdentifierSerializer(serializers.Serializer):
    resource_type = serializers.CharField(source="type")
    id = serializers.UUIDField()
    class JSONAPIMeta:
        resource_name = "provider-identifier"
    def to_representation(self, instance):
        """
        Ensure 'type' is used in the output instead of 'resource_type'.
        """
        representation = super().to_representation(instance)
        representation["type"] = representation.pop("resource_type", None)
        return representation
    def to_internal_value(self, data):
        """
        Map 'type' back to 'resource_type' during input.
        """
        data["resource_type"] = data.pop("type", None)
        return super().to_internal_value(data)
 class ProviderGroupMembershipSerializer(RLSSerializer, BaseWriteSerializer):
    """
-    Serializer for modifying provider group memberships
+    Serializer for modifying provider_group memberships
    """
-    provider_ids = serializers.ListField(
+    providers = serializers.ListField(
-        child=serializers.UUIDField(),
+        child=ProviderResourceIdentifierSerializer(),
-        help_text="List of provider UUIDs to add to the group",
+        help_text="List of resource identifier objects representing providers.",
    )
-    def validate(self, attrs):
+    def create(self, validated_data):
-        tenant_id = self.context["tenant_id"]
+        provider_ids = [item["id"] for item in validated_data["providers"]]
-        provider_ids = attrs.get("provider_ids", [])
+        providers = Provider.objects.filter(id__in=provider_ids)
        tenant_id = self.context.get("tenant_id")
-        existing_provider_ids = set(
+        new_relationships = [
-            Provider.objects.filter(
+            ProviderGroupMembership(
-                id__in=provider_ids, tenant_id=tenant_id
+                provider_group=self.context.get("provider_group"),
-            ).values_list("id", flat=True)
+                provider=p,
-        )
+                tenant_id=tenant_id,
        provided_provider_ids = set(provider_ids)
        missing_provider_ids = provided_provider_ids - existing_provider_ids
        if missing_provider_ids:
            raise serializers.ValidationError(
                {
                    "provider_ids": f"The following provider IDs do not exist: {', '.join(str(id) for id in missing_provider_ids)}"
                }
            )
            for p in providers
        ]
        ProviderGroupMembership.objects.bulk_create(new_relationships)
-        return super().validate(attrs)
+        return self.context.get("provider_group")
    def update(self, instance, validated_data):
        provider_ids = [item["id"] for item in validated_data["providers"]]
        providers = Provider.objects.filter(id__in=provider_ids)
        tenant_id = self.context.get("tenant_id")
        instance.providers.clear()
        new_relationships = [
            ProviderGroupMembership(
                provider_group=instance, provider=p, tenant_id=tenant_id
            )
            for p in providers
        ]
        ProviderGroupMembership.objects.bulk_create(new_relationships)
        return instance
    class Meta:
        model = ProviderGroupMembership
-        fields = ["id", "provider_ids"]
+        fields = ["id", "providers"]
 # Providers
@@ -1034,6 +1154,8 @@ class InvitationSerializer(RLSSerializer):
    Serializer for the Invitation model.
    """
    roles = serializers.ResourceRelatedField(many=True, queryset=Role.objects.all())
    class Meta:
        model = Invitation
        fields = [
@@ -1043,6 +1165,7 @@ class InvitationSerializer(RLSSerializer):
            "email",
            "state",
            "token",
            "roles",
            "expires_at",
            "inviter",
            "url",
@@ -1050,6 +1173,8 @@ class InvitationSerializer(RLSSerializer):
 class InvitationBaseWriteSerializer(BaseWriteSerializer):
    roles = serializers.ResourceRelatedField(many=True, queryset=Role.objects.all())
    def validate_email(self, value):
        user = User.objects.filter(email=value).first()
        tenant_id = self.context["tenant_id"]
@@ -1086,31 +1211,54 @@ class InvitationCreateSerializer(InvitationBaseWriteSerializer, RLSSerializer):
    class Meta:
        model = Invitation
-        fields = ["email", "expires_at", "state", "token", "inviter"]
+        fields = ["email", "expires_at", "state", "token", "inviter", "roles"]
        extra_kwargs = {
            "token": {"read_only": True},
            "state": {"read_only": True},
            "inviter": {"read_only": True},
            "expires_at": {"required": False},
            "roles": {"required": False},
        }
    def create(self, validated_data):
        inviter = self.context.get("request").user
        tenant_id = self.context.get("tenant_id")
        validated_data["inviter"] = inviter
-        return super().create(validated_data)
+        roles = validated_data.pop("roles", [])
        invitation = super().create(validated_data)
        for role in roles:
            InvitationRoleRelationship.objects.create(
                role=role, invitation=invitation, tenant_id=tenant_id
            )
        return invitation
 class InvitationUpdateSerializer(InvitationBaseWriteSerializer):
    class Meta:
        model = Invitation
-        fields = ["id", "email", "expires_at", "state", "token"]
+        fields = ["id", "email", "expires_at", "state", "token", "roles"]
        extra_kwargs = {
            "token": {"read_only": True},
            "state": {"read_only": True},
            "expires_at": {"required": False},
            "email": {"required": False},
            "roles": {"required": False},
        }
    def update(self, instance, validated_data):
        roles = validated_data.pop("roles", [])
        tenant_id = self.context.get("tenant_id")
        invitation = super().update(instance, validated_data)
        if roles:
            instance.roles.clear()
            for role in roles:
                InvitationRoleRelationship.objects.create(
                    role=role, invitation=invitation, tenant_id=tenant_id
                )
        return invitation
 class InvitationAcceptSerializer(RLSSerializer):
    """Serializer for accepting an invitation."""
@@ -1122,6 +1270,196 @@ class InvitationAcceptSerializer(RLSSerializer):
        fields = ["invitation_token"]
 # Roles
 class RoleSerializer(RLSSerializer, BaseWriteSerializer):
    provider_groups = serializers.ResourceRelatedField(
        many=True, queryset=ProviderGroup.objects.all()
    )
    permission_state = serializers.SerializerMethodField()
    def get_permission_state(self, obj):
        permission_fields = [
            "manage_users",
            "manage_account",
            "manage_billing",
            "manage_providers",
            "manage_integrations",
            "manage_scans",
        ]
        values = [getattr(obj, field) for field in permission_fields]
        if all(values):
            return "unlimited"
        elif not any(values):
            return "none"
        else:
            return "limited"
    def validate(self, attrs):
        if Role.objects.filter(name=attrs.get("name")).exists():
            raise serializers.ValidationError(
                {"name": "A role with this name already exists."}
            )
        if attrs.get("manage_providers"):
            attrs["unlimited_visibility"] = True
        # Prevent updates to the admin role
        if getattr(self.instance, "name", None) == "admin":
            raise serializers.ValidationError(
                {"name": "The admin role cannot be updated."}
            )
        return super().validate(attrs)
    class Meta:
        model = Role
        fields = [
            "id",
            "name",
            "manage_users",
            "manage_account",
            "manage_billing",
            "manage_providers",
            "manage_integrations",
            "manage_scans",
            "permission_state",
            "unlimited_visibility",
            "inserted_at",
            "updated_at",
            "provider_groups",
            "users",
            "invitations",
            "url",
        ]
        extra_kwargs = {
            "id": {"read_only": True},
            "inserted_at": {"read_only": True},
            "updated_at": {"read_only": True},
            "users": {"read_only": True},
            "url": {"read_only": True},
        }
 class RoleCreateSerializer(RoleSerializer):
    def create(self, validated_data):
        provider_groups = validated_data.pop("provider_groups", [])
        users = validated_data.pop("users", [])
        tenant_id = self.context.get("tenant_id")
        role = Role.objects.create(tenant_id=tenant_id, **validated_data)
        through_model_instances = [
            RoleProviderGroupRelationship(
                role=role,
                provider_group=provider_group,
                tenant_id=tenant_id,
            )
            for provider_group in provider_groups
        ]
        RoleProviderGroupRelationship.objects.bulk_create(through_model_instances)
        through_model_instances = [
            UserRoleRelationship(
                role=user,
                user=user,
                tenant_id=tenant_id,
            )
            for user in users
        ]
        UserRoleRelationship.objects.bulk_create(through_model_instances)
        return role
 class RoleUpdateSerializer(RoleSerializer):
    class Meta:
        model = Role
        fields = [
            "id",
            "name",
            "manage_users",
            "manage_account",
            "manage_billing",
            "manage_providers",
            "manage_integrations",
            "manage_scans",
            "unlimited_visibility",
        ]
 class ProviderGroupResourceIdentifierSerializer(serializers.Serializer):
    resource_type = serializers.CharField(source="type")
    id = serializers.UUIDField()
    class JSONAPIMeta:
        resource_name = "provider-group-identifier"
    def to_representation(self, instance):
        """
        Ensure 'type' is used in the output instead of 'resource_type'.
        """
        representation = super().to_representation(instance)
        representation["type"] = representation.pop("resource_type", None)
        return representation
    def to_internal_value(self, data):
        """
        Map 'type' back to 'resource_type' during input.
        """
        data["resource_type"] = data.pop("type", None)
        return super().to_internal_value(data)
 class RoleProviderGroupRelationshipSerializer(RLSSerializer, BaseWriteSerializer):
    """
    Serializer for modifying role memberships
    """
    provider_groups = serializers.ListField(
        child=ProviderGroupResourceIdentifierSerializer(),
        help_text="List of resource identifier objects representing provider groups.",
    )
    def create(self, validated_data):
        provider_group_ids = [item["id"] for item in validated_data["provider_groups"]]
        provider_groups = ProviderGroup.objects.filter(id__in=provider_group_ids)
        tenant_id = self.context.get("tenant_id")
        new_relationships = [
            RoleProviderGroupRelationship(
                role=self.context.get("role"), provider_group=pg, tenant_id=tenant_id
            )
            for pg in provider_groups
        ]
        RoleProviderGroupRelationship.objects.bulk_create(new_relationships)
        return self.context.get("role")
    def update(self, instance, validated_data):
        provider_group_ids = [item["id"] for item in validated_data["provider_groups"]]
        provider_groups = ProviderGroup.objects.filter(id__in=provider_group_ids)
        tenant_id = self.context.get("tenant_id")
        instance.provider_groups.clear()
        new_relationships = [
            RoleProviderGroupRelationship(
                role=instance, provider_group=pg, tenant_id=tenant_id
            )
            for pg in provider_groups
        ]
        RoleProviderGroupRelationship.objects.bulk_create(new_relationships)
        return instance
    class Meta:
        model = RoleProviderGroupRelationship
        fields = ["id", "provider_groups"]
 # Compliance overview
@@ -3,16 +3,20 @@ from drf_spectacular.views import SpectacularRedocView
 from rest_framework_nested import routers
 from api.v1.views import (
    ComplianceOverviewViewSet,
    CustomTokenObtainView,
    CustomTokenRefreshView,
    FindingViewSet,
    InvitationAcceptViewSet,
    InvitationViewSet,
    MembershipViewSet,
    OverviewViewSet,
    ProviderGroupViewSet,
    ProviderGroupProvidersRelationshipView,
    ProviderSecretViewSet,
    InvitationViewSet,
    InvitationAcceptViewSet,
    RoleViewSet,
    RoleProviderGroupRelationshipView,
    UserRoleRelationshipView,
    OverviewViewSet,
    ComplianceOverviewViewSet,
    ProviderViewSet,
    ResourceViewSet,
    ScanViewSet,
@@ -29,11 +33,12 @@ router = routers.DefaultRouter(trailing_slash=False)
 router.register(r"users", UserViewSet, basename="user")
 router.register(r"tenants", TenantViewSet, basename="tenant")
 router.register(r"providers", ProviderViewSet, basename="provider")
-router.register(r"provider_groups", ProviderGroupViewSet, basename="providergroup")
+router.register(r"provider-groups", ProviderGroupViewSet, basename="providergroup")
 router.register(r"scans", ScanViewSet, basename="scan")
 router.register(r"tasks", TaskViewSet, basename="task")
 router.register(r"resources", ResourceViewSet, basename="resource")
 router.register(r"findings", FindingViewSet, basename="finding")
 router.register(r"roles", RoleViewSet, basename="role")
 router.register(
    r"compliance-overviews", ComplianceOverviewViewSet, basename="complianceoverview"
 )
@@ -80,6 +85,27 @@ urlpatterns = [
        InvitationAcceptViewSet.as_view({"post": "accept"}),
        name="invitation-accept",
    ),
    path(
        "roles/<uuid:pk>/relationships/provider_groups",
        RoleProviderGroupRelationshipView.as_view(
            {"post": "create", "patch": "partial_update", "delete": "destroy"}
        ),
        name="role-provider-groups-relationship",
    ),
    path(
        "users/<uuid:pk>/relationships/roles",
        UserRoleRelationshipView.as_view(
            {"post": "create", "patch": "partial_update", "delete": "destroy"}
        ),
        name="user-roles-relationship",
    ),
    path(
        "provider-groups/<uuid:pk>/relationships/providers",
        ProviderGroupProvidersRelationshipView.as_view(
            {"post": "create", "patch": "partial_update", "delete": "destroy"}
        ),
        name="provider_group-providers-relationship",
    ),
    path("", include(router.urls)),
    path("", include(tenants_router.urls)),
    path("", include(users_router.urls)),
@@ -8,6 +8,7 @@ from django.urls import reverse
 from django.utils.decorators import method_decorator
 from django.views.decorators.cache import cache_control
 from drf_spectacular.settings import spectacular_settings
 from drf_spectacular_jsonapi.schemas.openapi import JsonApiAutoSchema
 from drf_spectacular.utils import (
    OpenApiParameter,
    OpenApiResponse,
@@ -25,8 +26,10 @@ from rest_framework.exceptions import (
    ValidationError,
 )
 from rest_framework.generics import GenericAPIView, get_object_or_404
-from rest_framework_json_api.views import Response
+from rest_framework_json_api.views import RelationshipView, Response
 from rest_framework_simplejwt.exceptions import InvalidToken, TokenError
 from rest_framework.permissions import SAFE_METHODS
 from tasks.beat import schedule_provider_scan
 from tasks.tasks import (
    check_provider_connection_task,
@@ -52,8 +55,12 @@ from api.filters import (
    TaskFilter,
    TenantFilter,
    UserFilter,
    RoleFilter,
 )
 from api.models import (
    StatusChoices,
    User,
    UserRoleRelationship,
    ComplianceOverview,
    Finding,
    Invitation,
@@ -62,20 +69,27 @@ from api.models import (
    ProviderGroup,
    ProviderGroupMembership,
    ProviderSecret,
    Role,
    RoleProviderGroupRelationship,
    Resource,
    Scan,
    ScanSummary,
    SeverityChoices,
    StateChoices,
    StatusChoices,
    Task,
    User,
 )
 from api.pagination import ComplianceOverviewPagination
 from api.rbac.permissions import DISABLE_RBAC, HasPermissions, Permissions
 from api.rls import Tenant
 from api.utils import validate_invitation
 from api.uuid_utils import datetime_to_uuid7
 from api.v1.serializers import (
    TokenSerializer,
    TokenRefreshSerializer,
    UserSerializer,
    UserCreateSerializer,
    UserUpdateSerializer,
    UserRoleRelationshipSerializer,
    ComplianceOverviewFullSerializer,
    ComplianceOverviewSerializer,
    FindingDynamicFilterSerializer,
@@ -89,34 +103,39 @@ from api.v1.serializers import (
    OverviewProviderSerializer,
    OverviewSeveritySerializer,
    ProviderCreateSerializer,
-    ProviderGroupMembershipUpdateSerializer,
+    ProviderGroupMembershipSerializer,
    ProviderGroupSerializer,
    ProviderGroupUpdateSerializer,
-    ProviderSecretCreateSerializer,
+    RoleProviderGroupRelationshipSerializer,
    ProviderSecretSerializer,
    ProviderSecretUpdateSerializer,
    ProviderSerializer,
    ProviderUpdateSerializer,
    ResourceSerializer,
    ScanCreateSerializer,
    ScanSerializer,
    ScanUpdateSerializer,
    ScheduleDailyCreateSerializer,
    TaskSerializer,
    TenantSerializer,
-    TokenRefreshSerializer,
+    TaskSerializer,
-    TokenSerializer,
+    ScanSerializer,
-    UserCreateSerializer,
+    ScanCreateSerializer,
-    UserSerializer,
+    ScanUpdateSerializer,
-    UserUpdateSerializer,
+    ResourceSerializer,
    ProviderSecretSerializer,
    ProviderSecretUpdateSerializer,
    ProviderSecretCreateSerializer,
    RoleSerializer,
    RoleCreateSerializer,
    RoleUpdateSerializer,
    ScheduleDailyCreateSerializer,
 )
 CACHE_DECORATOR = cache_control(
    max_age=django_settings.CACHE_MAX_AGE,
    stale_while_revalidate=django_settings.CACHE_STALE_WHILE_REVALIDATE,
 )
 class RelationshipViewSchema(JsonApiAutoSchema):
    def _resolve_path_parameters(self, _path_variables):
        return []
@extend_schema(
    tags=["Token"],
    summary="Obtain a token",
@@ -271,6 +290,26 @@ class UserViewSet(BaseUserViewset):
    filterset_class = UserFilter
    ordering = ["-date_joined"]
    ordering_fields = ["name", "email", "company_name", "date_joined", "is_active"]
    required_permissions = [Permissions.MANAGE_USERS]
    permission_classes = BaseRLSViewSet.permission_classes + [HasPermissions]
    def initial(self, request, *args, **kwargs):
        """
        Sets required_permissions before permissions are checked.
        """
        self.required_permissions = self.get_required_permissions()
        super().initial(request, *args, **kwargs)
    def get_required_permissions(self):
        """
        Returns the required permissions based on the request method.
        """
        if self.action == "me":
            # No permissions required for me request
            return []
        else:
            # Require permission for the rest of the requests
            return [Permissions.MANAGE_USERS]
    def get_queryset(self):
        # If called during schema generation, return an empty queryset
@@ -347,11 +386,124 @@ class UserViewSet(BaseUserViewset):
            user=user, tenant=tenant, role=role
        )
        if invitation:
            # TODO: Add roles to output relationships
            user_role = []
            for role in invitation.roles.all():
                user_role.append(
                    UserRoleRelationship.objects.using(MainRouter.admin_db).create(
                        user=user, role=role, tenant=invitation.tenant
                    )
                )
            invitation.state = Invitation.State.ACCEPTED
            invitation.save(using=MainRouter.admin_db)
        else:
            role = Role.objects.using(MainRouter.admin_db).create(
                name="admin",
                tenant_id=tenant.id,
                manage_users=True,
                manage_account=True,
                manage_billing=True,
                manage_providers=True,
                manage_integrations=True,
                manage_scans=True,
                unlimited_visibility=True,
            )
            UserRoleRelationship.objects.using(MainRouter.admin_db).create(
                user=user,
                role=role,
                tenant_id=tenant.id,
            )
        return Response(data=UserSerializer(user).data, status=status.HTTP_201_CREATED)
@extend_schema_view(
    create=extend_schema(
        tags=["User"],
        summary="Create a new user-roles relationship",
        description="Add a new user-roles relationship to the system by providing the required user-roles details.",
        responses={
            204: OpenApiResponse(description="Relationship created successfully"),
            400: OpenApiResponse(
                description="Bad request (e.g., relationship already exists)"
            ),
        },
    ),
    partial_update=extend_schema(
        tags=["User"],
        summary="Partially update a user-roles relationship",
        description="Update the user-roles relationship information without affecting other fields.",
        responses={
            204: OpenApiResponse(
                response=None, description="Relationship updated successfully"
            )
        },
    ),
    destroy=extend_schema(
        tags=["User"],
        summary="Delete a user-roles relationship",
        description="Remove the user-roles relationship from the system by their ID.",
        responses={
            204: OpenApiResponse(
                response=None, description="Relationship deleted successfully"
            )
        },
    ),
 )
 class UserRoleRelationshipView(RelationshipView, BaseRLSViewSet):
    queryset = User.objects.all()
    serializer_class = UserRoleRelationshipSerializer
    resource_name = "roles"
    http_method_names = ["post", "patch", "delete"]
    schema = RelationshipViewSchema()
    def get_queryset(self):
        return User.objects.all()
    def create(self, request, *args, **kwargs):
        user = self.get_object()
        role_ids = [item["id"] for item in request.data]
        existing_relationships = UserRoleRelationship.objects.filter(
            user=user, role_id__in=role_ids
        )
        if existing_relationships.exists():
            return Response(
                {"detail": "One or more roles are already associated with the user."},
                status=status.HTTP_400_BAD_REQUEST,
            )
        serializer = self.get_serializer(
            data={"roles": request.data},
            context={
                "user": user,
                "tenant_id": self.request.tenant_id,
                "request": request,
            },
        )
        serializer.is_valid(raise_exception=True)
        serializer.save()
        return Response(status=status.HTTP_204_NO_CONTENT)
    def partial_update(self, request, *args, **kwargs):
        user = self.get_object()
        serializer = self.get_serializer(
            instance=user,
            data={"roles": request.data},
            context={"tenant_id": self.request.tenant_id, "request": request},
        )
        serializer.is_valid(raise_exception=True)
        serializer.save()
        return Response(status=status.HTTP_204_NO_CONTENT)
    def destroy(self, request, *args, **kwargs):
        user = self.get_object()
        user.roles.clear()
        return Response(status=status.HTTP_204_NO_CONTENT)
@extend_schema_view(
    list=extend_schema(
        tags=["Tenant"],
@@ -389,6 +541,8 @@ class TenantViewSet(BaseTenantViewset):
    search_fields = ["name"]
    ordering = ["-inserted_at"]
    ordering_fields = ["name", "inserted_at", "updated_at"]
    required_permissions = [Permissions.MANAGE_ACCOUNT]
    permission_classes = BaseRLSViewSet.permission_classes + [HasPermissions]
    def get_queryset(self):
        return Tenant.objects.all()
@@ -562,66 +716,141 @@ class ProviderGroupViewSet(BaseRLSViewSet):
    queryset = ProviderGroup.objects.all()
    serializer_class = ProviderGroupSerializer
    filterset_class = ProviderGroupFilter
-    http_method_names = ["get", "post", "patch", "put", "delete"]
+    http_method_names = ["get", "post", "patch", "delete"]
    ordering = ["inserted_at"]
    required_permissions = []
    permission_classes = BaseRLSViewSet.permission_classes + [HasPermissions]
    def initial(self, request, *args, **kwargs):
        """
        Sets required_permissions before permissions are checked.
        """
        self.required_permissions = self.get_required_permissions()
        super().initial(request, *args, **kwargs)
    def get_required_permissions(self):
        """
        Returns the required permissions based on the request method.
        """
        if DISABLE_RBAC or self.request.method in SAFE_METHODS:
            # No permissions required for GET requests
            return []
        else:
            # Require permission for non-GET requests
            return [Permissions.MANAGE_PROVIDERS]
    def get_queryset(self):
-        return ProviderGroup.objects.prefetch_related("providers")
+        user = self.request.user
        user_roles = user.roles.all()
        # Check if any of the user's roles have UNLIMITED_VISIBILITY
        if DISABLE_RBAC or getattr(
            user_roles[0], Permissions.UNLIMITED_VISIBILITY.value, False
        ):
            # User has unlimited visibility, return all provider groups
            return ProviderGroup.objects.prefetch_related("providers")
        # Collect provider groups associated with the user's roles
        provider_groups = (
            ProviderGroup.objects.filter(roles__in=user_roles)
            .distinct()
            .prefetch_related("providers")
        )
        return provider_groups
    def get_serializer_class(self):
        if self.action == "partial_update":
            return ProviderGroupUpdateSerializer
        elif self.action == "providers":
            if hasattr(self, "response_serializer_class"):
                return self.response_serializer_class
            return ProviderGroupMembershipUpdateSerializer
        return super().get_serializer_class()
-    @extend_schema(
+
-        tags=["Provider Group"],
+@extend_schema(tags=["Provider Group"])
-        summary="Add providers to a provider group",
+@extend_schema_view(
-        description="Add one or more providers to an existing provider group.",
+    create=extend_schema(
-        request=ProviderGroupMembershipUpdateSerializer,
+        summary="Create a new provider_group-providers relationship",
-        responses={200: OpenApiResponse(response=ProviderGroupSerializer)},
+        description="Add a new provider_group-providers relationship to the system by providing the required provider_group-providers details.",
-    )
+        responses={
-    @action(detail=True, methods=["put"], url_name="providers")
+            204: OpenApiResponse(description="Relationship created successfully"),
-    def providers(self, request, pk=None):
+            400: OpenApiResponse(
                description="Bad request (e.g., relationship already exists)"
            ),
        },
    ),
    partial_update=extend_schema(
        summary="Partially update a provider_group-providers relationship",
        description="Update the provider_group-providers relationship information without affecting other fields.",
        responses={
            204: OpenApiResponse(
                response=None, description="Relationship updated successfully"
            )
        },
    ),
    destroy=extend_schema(
        summary="Delete a provider_group-providers relationship",
        description="Remove the provider_group-providers relationship from the system by their ID.",
        responses={
            204: OpenApiResponse(
                response=None, description="Relationship deleted successfully"
            )
        },
    ),
 )
 class ProviderGroupProvidersRelationshipView(RelationshipView, BaseRLSViewSet):
    queryset = ProviderGroup.objects.all()
    serializer_class = ProviderGroupMembershipSerializer
    resource_name = "providers"
    http_method_names = ["post", "patch", "delete"]
    schema = RelationshipViewSchema()
    def get_queryset(self):
        return ProviderGroup.objects.all()
    def create(self, request, *args, **kwargs):
        provider_group = self.get_object()
-        # Validate input data
+        provider_ids = [item["id"] for item in request.data]
-        serializer = self.get_serializer_class()(
+        existing_relationships = ProviderGroupMembership.objects.filter(
-            data=request.data,
+            provider_group=provider_group, provider_id__in=provider_ids
-            context=self.get_serializer_context(),
+        )
        if existing_relationships.exists():
            return Response(
                {
                    "detail": "One or more providers are already associated with the provider_group."
                },
                status=status.HTTP_400_BAD_REQUEST,
            )
        serializer = self.get_serializer(
            data={"providers": request.data},
            context={
                "provider_group": provider_group,
                "tenant_id": self.request.tenant_id,
                "request": request,
            },
        )
        serializer.is_valid(raise_exception=True)
        serializer.save()
-        provider_ids = serializer.validated_data["provider_ids"]
+        return Response(status=status.HTTP_204_NO_CONTENT)
-        # Update memberships
+    def partial_update(self, request, *args, **kwargs):
-        ProviderGroupMembership.objects.filter(
+        provider_group = self.get_object()
-            provider_group=provider_group, tenant_id=request.tenant_id
+        serializer = self.get_serializer(
-        ).delete()
+            instance=provider_group,
-
+            data={"providers": request.data},
-        provider_group_memberships = [
+            context={"tenant_id": self.request.tenant_id, "request": request},
            ProviderGroupMembership(
                tenant_id=self.request.tenant_id,
                provider_group=provider_group,
                provider_id=provider_id,
            )
            for provider_id in provider_ids
        ]
        ProviderGroupMembership.objects.bulk_create(
            provider_group_memberships, ignore_conflicts=True
        )
        serializer.is_valid(raise_exception=True)
        serializer.save()
        return Response(status=status.HTTP_204_NO_CONTENT)
-        # Return the updated provider group with providers
+    def destroy(self, request, *args, **kwargs):
-        provider_group.refresh_from_db()
+        provider_group = self.get_object()
-        self.response_serializer_class = ProviderGroupSerializer
+        provider_group.providers.clear()
-        response_serializer = ProviderGroupSerializer(
+
-            provider_group, context=self.get_serializer_context()
+        return Response(status=status.HTTP_204_NO_CONTENT)
        )
        return Response(data=response_serializer.data, status=status.HTTP_200_OK)
@extend_schema_view(
@@ -671,9 +900,43 @@ class ProviderViewSet(BaseRLSViewSet):
        "inserted_at",
        "updated_at",
    ]
    required_permissions = []
    permission_classes = BaseRLSViewSet.permission_classes + [HasPermissions]
    def initial(self, request, *args, **kwargs):
        """
        Sets required_permissions before permissions are checked.
        """
        self.required_permissions = self.get_required_permissions()
        super().initial(request, *args, **kwargs)
    def get_required_permissions(self):
        """
        Returns the required permissions based on the request method.
        """
        if DISABLE_RBAC or self.request.method in SAFE_METHODS:
            # No permissions required for GET requests
            return []
        else:
            # Require permission for non-GET requests
            return [Permissions.MANAGE_PROVIDERS]
    def get_queryset(self):
-        return Provider.objects.all()
+        user = self.request.user
        user_roles = user.roles.all()
        if DISABLE_RBAC or getattr(
            user_roles[0], Permissions.UNLIMITED_VISIBILITY.value, False
        ):
            # User has unlimited visibility, return all providers
            return Provider.objects.all()
        # User lacks permission, filter providers based on provider groups associated with the role
        provider_groups = user_roles[0].provider_groups.all()
        providers = Provider.objects.filter(
            provider_groups__in=provider_groups
        ).distinct()
        return providers
    def get_serializer_class(self):
        if self.action == "create":
@@ -793,9 +1056,42 @@ class ScanViewSet(BaseRLSViewSet):
        "inserted_at",
        "updated_at",
    ]
    required_permissions = [Permissions.MANAGE_SCANS]
    permission_classes = BaseRLSViewSet.permission_classes + [HasPermissions]
    def initial(self, request, *args, **kwargs):
        """
        Sets required_permissions before permissions are checked.
        """
        self.required_permissions = self.get_required_permissions()
        super().initial(request, *args, **kwargs)
    def get_required_permissions(self):
        """
        Returns the required permissions based on the request method.
        """
        if DISABLE_RBAC or self.request.method in SAFE_METHODS:
            # No permissions required for GET requests
            return []
        else:
            # Require permission for non-GET requests
            return [Permissions.MANAGE_SCANS]
    def get_queryset(self):
-        return Scan.objects.all()
+        user = self.request.user
        user_roles = user.roles.all()
        if DISABLE_RBAC or getattr(
            user_roles[0], Permissions.UNLIMITED_VISIBILITY.value, False
        ):
            # User has unlimited visibility, return all scans
            return Scan.objects.all()
        # User lacks permission, filter providers based on provider groups associated with the role
        provider_groups = user_roles[0].provider_groups.all()
        providers = Provider.objects.filter(
            provider_groups__in=provider_groups
        ).distinct()
        return Scan.objects.filter(provider__in=providers).distinct()
    def get_serializer_class(self):
        if self.action == "create":
@@ -885,11 +1181,28 @@ class TaskViewSet(BaseRLSViewSet):
    search_fields = ["name"]
    ordering = ["-inserted_at"]
    ordering_fields = ["inserted_at", "completed_at", "name", "state"]
    required_permissions = []
    permission_classes = BaseRLSViewSet.permission_classes + [HasPermissions]
    def get_queryset(self):
-        return Task.objects.annotate(
+        user = self.request.user
-            name=F("task_runner_task__task_name"), state=F("task_runner_task__status")
+        user_roles = user.roles.all()
-        )
+        if DISABLE_RBAC or getattr(
            user_roles[0], Permissions.UNLIMITED_VISIBILITY.value, False
        ):
            # User has unlimited visibility, return all tasks
            return Task.objects.annotate(
                name=F("task_runner_task__task_name"),
                state=F("task_runner_task__status"),
            )
        # User lacks permission, filter tasks based on provider groups associated with the role
        provider_groups = user_roles[0].provider_groups.all()
        providers = Provider.objects.filter(
            provider_groups__in=provider_groups
        ).distinct()
        scans = Scan.objects.filter(provider__in=providers).distinct()
        return Task.objects.filter(scan__in=scans).distinct()
    def destroy(self, request, *args, pk=None, **kwargs):
        task = get_object_or_404(Task, pk=pk)
@@ -950,11 +1263,33 @@ class ResourceViewSet(BaseRLSViewSet):
        "inserted_at",
        "updated_at",
    ]
    required_permissions = []
    permission_classes = BaseRLSViewSet.permission_classes + [HasPermissions]
    def initial(self, request, *args, **kwargs):
        """
        Sets required_permissions before permissions are checked.
        """
        self.required_permissions = ResourceViewSet.required_permissions
        super().initial(request, *args, **kwargs)
    def get_queryset(self):
-        queryset = Resource.objects.all()
+        user = self.request.user
-        search_value = self.request.query_params.get("filter[search]", None)
+        user_roles = user.roles.all()
        if DISABLE_RBAC or getattr(
            user_roles[0], Permissions.UNLIMITED_VISIBILITY.value, False
        ):
            # User has unlimited visibility, return all scans
            queryset = Resource.objects.all()
        else:
            # User lacks permission, filter providers based on provider groups associated with the role
            provider_groups = user_roles[0].provider_groups.all()
            providers = Provider.objects.filter(
                provider_groups__in=provider_groups
            ).distinct()
            queryset = Resource.objects.filter(provider__in=providers).distinct()
        search_value = self.request.query_params.get("filter[search]", None)
        if search_value:
            # Django's ORM will build a LEFT JOIN and OUTER JOIN on the "through" table, resulting in duplicates
            # The duplicates then require a `distinct` query
@@ -1025,11 +1360,15 @@ class FindingViewSet(BaseRLSViewSet):
        "inserted_at",
        "updated_at",
    ]
    required_permissions = []
    permission_classes = BaseRLSViewSet.permission_classes + [HasPermissions]
-    def inserted_at_to_uuidv7(self, inserted_at):
+    def initial(self, request, *args, **kwargs):
-        if inserted_at is None:
+        """
-            return None
+        Sets required_permissions before permissions are checked.
-        return datetime_to_uuid7(inserted_at)
+        """
        self.required_permissions = ResourceViewSet.required_permissions
        super().initial(request, *args, **kwargs)
    def get_serializer_class(self):
        if self.action == "findings_services_regions":
@@ -1038,9 +1377,23 @@ class FindingViewSet(BaseRLSViewSet):
        return super().get_serializer_class()
    def get_queryset(self):
-        queryset = Finding.objects.all()
+        user = self.request.user
-        search_value = self.request.query_params.get("filter[search]", None)
+        user_roles = user.roles.all()
        if DISABLE_RBAC or getattr(
            user_roles[0], Permissions.UNLIMITED_VISIBILITY.value, False
        ):
            # User has unlimited visibility, return all scans
            queryset = Finding.objects.all()
        else:
            # User lacks permission, filter providers based on provider groups associated with the role
            provider_groups = user_roles[0].provider_groups.all()
            providers = Provider.objects.filter(
                provider_groups__in=provider_groups
            ).distinct()
            scans = Scan.objects.filter(provider__in=providers).distinct()
            queryset = Finding.objects.filter(scan__in=scans).distinct()
        search_value = self.request.query_params.get("filter[search]", None)
        if search_value:
            # Django's ORM will build a LEFT JOIN and OUTER JOIN on any "through" tables, resulting in duplicates
            # The duplicates then require a `distinct` query
@@ -1068,6 +1421,11 @@ class FindingViewSet(BaseRLSViewSet):
        return queryset
    def inserted_at_to_uuidv7(self, inserted_at):
        if inserted_at is None:
            return None
        return datetime_to_uuid7(inserted_at)
    @action(detail=False, methods=["get"], url_name="findings_services_regions")
    def findings_services_regions(self, request):
        queryset = self.get_queryset()
@@ -1188,6 +1546,8 @@ class InvitationViewSet(BaseRLSViewSet):
        "state",
        "inviter",
    ]
    required_permissions = [Permissions.MANAGE_ACCOUNT]
    permission_classes = BaseRLSViewSet.permission_classes + [HasPermissions]
    def get_queryset(self):
        return Invitation.objects.all()
@@ -1275,6 +1635,14 @@ class InvitationAcceptViewSet(BaseRLSViewSet):
            user=user,
            tenant=invitation.tenant,
        )
        # TODO: Add roles to output relationships
        user_role = []
        for role in invitation.roles.all():
            user_role.append(
                UserRoleRelationship.objects.using(MainRouter.admin_db).create(
                    user=user, role=role, tenant=invitation.tenant
                )
            )
        invitation.state = Invitation.State.ACCEPTED
        invitation.save(using=MainRouter.admin_db)
@@ -1283,6 +1651,153 @@ class InvitationAcceptViewSet(BaseRLSViewSet):
        return Response(data=membership_serializer.data, status=status.HTTP_201_CREATED)
@extend_schema(tags=["Role"])
@extend_schema_view(
    list=extend_schema(
        tags=["Role"],
        summary="List all roles",
        description="Retrieve a list of all roles with options for filtering by various criteria.",
    ),
    retrieve=extend_schema(
        tags=["Role"],
        summary="Retrieve data from a role",
        description="Fetch detailed information about a specific role by their ID.",
    ),
    create=extend_schema(
        tags=["Role"],
        summary="Create a new role",
        description="Add a new role to the system by providing the required role details.",
    ),
    partial_update=extend_schema(
        tags=["Role"],
        summary="Partially update a role",
        description="Update certain fields of an existing role's information without affecting other fields.",
        responses={200: RoleSerializer},
    ),
    destroy=extend_schema(
        tags=["Role"],
        summary="Delete a role",
        description="Remove a role from the system by their ID.",
    ),
 )
 class RoleViewSet(BaseRLSViewSet):
    queryset = Role.objects.all()
    serializer_class = RoleSerializer
    filterset_class = RoleFilter
    http_method_names = ["get", "post", "patch", "delete"]
    ordering = ["inserted_at"]
    required_permissions = [Permissions.MANAGE_ACCOUNT]
    permission_classes = BaseRLSViewSet.permission_classes + [HasPermissions]
    def get_queryset(self):
        return Role.objects.all()
    def get_serializer_class(self):
        if self.action == "create":
            return RoleCreateSerializer
        elif self.action == "partial_update":
            return RoleUpdateSerializer
        return super().get_serializer_class()
    def partial_update(self, request, *args, **kwargs):
        user = request.user
        user_role = user.roles.all().first()
        # If the user is the owner of the role, the manage_account field is not editable
        if user_role and kwargs["pk"] == str(user_role.id):
            request.data["manage_account"] = str(user_role.manage_account).lower()
        return super().partial_update(request, *args, **kwargs)
@extend_schema_view(
    create=extend_schema(
        tags=["Role"],
        summary="Create a new role-provider_groups relationship",
        description="Add a new role-provider_groups relationship to the system by providing the required role-provider_groups details.",
        responses={
            204: OpenApiResponse(description="Relationship created successfully"),
            400: OpenApiResponse(
                description="Bad request (e.g., relationship already exists)"
            ),
        },
    ),
    partial_update=extend_schema(
        tags=["Role"],
        summary="Partially update a role-provider_groups relationship",
        description="Update the role-provider_groups relationship information without affecting other fields.",
        responses={
            204: OpenApiResponse(
                response=None, description="Relationship updated successfully"
            )
        },
    ),
    destroy=extend_schema(
        tags=["Role"],
        summary="Delete a role-provider_groups relationship",
        description="Remove the role-provider_groups relationship from the system by their ID.",
        responses={
            204: OpenApiResponse(
                response=None, description="Relationship deleted successfully"
            )
        },
    ),
 )
 class RoleProviderGroupRelationshipView(RelationshipView, BaseRLSViewSet):
    queryset = Role.objects.all()
    serializer_class = RoleProviderGroupRelationshipSerializer
    resource_name = "provider_groups"
    http_method_names = ["post", "patch", "delete"]
    schema = RelationshipViewSchema()
    def get_queryset(self):
        return Role.objects.all()
    def create(self, request, *args, **kwargs):
        role = self.get_object()
        provider_group_ids = [item["id"] for item in request.data]
        existing_relationships = RoleProviderGroupRelationship.objects.filter(
            role=role, provider_group_id__in=provider_group_ids
        )
        if existing_relationships.exists():
            return Response(
                {
                    "detail": "One or more provider groups are already associated with the role."
                },
                status=status.HTTP_400_BAD_REQUEST,
            )
        serializer = self.get_serializer(
            data={"provider_groups": request.data},
            context={
                "role": role,
                "tenant_id": self.request.tenant_id,
                "request": request,
            },
        )
        serializer.is_valid(raise_exception=True)
        serializer.save()
        return Response(status=status.HTTP_204_NO_CONTENT)
    def partial_update(self, request, *args, **kwargs):
        role = self.get_object()
        serializer = self.get_serializer(
            instance=role,
            data={"provider_groups": request.data},
            context={"tenant_id": self.request.tenant_id, "request": request},
        )
        serializer.is_valid(raise_exception=True)
        serializer.save()
        return Response(status=status.HTTP_204_NO_CONTENT)
    def destroy(self, request, *args, **kwargs):
        role = self.get_object()
        role.provider_groups.clear()
        return Response(status=status.HTTP_204_NO_CONTENT)
@extend_schema_view(
    list=extend_schema(
        tags=["Compliance Overview"],
@@ -207,3 +207,6 @@ CACHE_STALE_WHILE_REVALIDATE = env.int("DJANGO_STALE_WHILE_REVALIDATE", 60)
 TESTING = False
 # Disable RBAC during tests/demos
 DISABLE_RBAC = False
@@ -10,6 +10,7 @@ from prowler.lib.check.models import Severity
 from prowler.lib.outputs.finding import Status
 from rest_framework import status
 from rest_framework.test import APIClient
 from unittest.mock import patch
 from api.models import (
    Finding,
@@ -20,6 +21,7 @@ from api.models import (
    ProviderGroup,
    Resource,
    ResourceTag,
    Role,
    Scan,
    StateChoices,
    Task,
@@ -27,6 +29,7 @@ from api.models import (
    ProviderSecret,
    Invitation,
    ComplianceOverview,
    UserRoleRelationship,
 )
 from api.rls import Tenant
 from api.v1.serializers import TokenSerializer
@@ -72,6 +75,16 @@ def disable_logging():
    logging.disable(logging.CRITICAL)
@pytest.fixture(scope="function")
 def patch_testing_flag():
    """
    Fixture to patch the TESTING flag to True during tests.
    """
    with patch("api.rbac.permissions.DISABLE_RBAC", True):
        with patch("api.v1.views.DISABLE_RBAC", True):
            yield
@pytest.fixture(scope="session", autouse=True)
 def create_test_user(django_db_setup, django_db_blocker):
    with django_db_blocker.unblock():
@@ -83,6 +96,106 @@ def create_test_user(django_db_setup, django_db_blocker):
    return user
@pytest.fixture(scope="function")
 def create_test_user_rbac(django_db_setup, django_db_blocker):
    with django_db_blocker.unblock():
        user = User.objects.create_user(
            name="testing",
            email="rbac@rbac.com",
            password=TEST_PASSWORD,
        )
        tenant = Tenant.objects.create(
            name="Tenant Test",
        )
        Membership.objects.create(
            user=user,
            tenant=tenant,
            role=Membership.RoleChoices.OWNER,
        )
        Role.objects.create(
            name="admin",
            tenant_id=tenant.id,
            manage_users=True,
            manage_account=True,
            manage_billing=True,
            manage_providers=True,
            manage_integrations=True,
            manage_scans=True,
            unlimited_visibility=True,
        )
        UserRoleRelationship.objects.create(
            user=user,
            role=Role.objects.get(name="admin"),
            tenant_id=tenant.id,
        )
    return user
@pytest.fixture(scope="function")
 def create_test_user_rbac_limited(django_db_setup, django_db_blocker):
    with django_db_blocker.unblock():
        user = User.objects.create_user(
            name="testing_limited",
            email="rbac_limited@rbac.com",
            password=TEST_PASSWORD,
        )
        tenant = Tenant.objects.create(
            name="Tenant Test",
        )
        Membership.objects.create(
            user=user,
            tenant=tenant,
            role=Membership.RoleChoices.OWNER,
        )
        Role.objects.create(
            name="limited",
            tenant_id=tenant.id,
            manage_users=False,
            manage_account=False,
            manage_billing=False,
            manage_providers=False,
            manage_integrations=False,
            manage_scans=False,
            unlimited_visibility=False,
        )
        UserRoleRelationship.objects.create(
            user=user,
            role=Role.objects.get(name="limited"),
            tenant_id=tenant.id,
        )
    return user
@pytest.fixture
 def authenticated_client_rbac(create_test_user_rbac, tenants_fixture, client):
    client.user = create_test_user_rbac
    serializer = TokenSerializer(
        data={"type": "tokens", "email": "rbac@rbac.com", "password": TEST_PASSWORD}
    )
    serializer.is_valid()
    access_token = serializer.validated_data["access"]
    client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
    return client
@pytest.fixture
 def authenticated_client_no_permissions_rbac(
    create_test_user_rbac_limited, tenants_fixture, client
 ):
    client.user = create_test_user_rbac_limited
    serializer = TokenSerializer(
        data={
            "type": "tokens",
            "email": "rbac_limited@rbac.com",
            "password": TEST_PASSWORD,
        }
    )
    serializer.is_valid()
    access_token = serializer.validated_data["access"]
    client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
    return client
@pytest.fixture
 def authenticated_client(create_test_user, tenants_fixture, client):
    client.user = create_test_user
@@ -104,6 +217,7 @@ def authenticated_api_client(create_test_user, tenants_fixture):
    serializer.is_valid()
    access_token = serializer.validated_data["access"]
    client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
    return client
@@ -128,6 +242,7 @@ def tenants_fixture(create_test_user):
    tenant3 = Tenant.objects.create(
        name="Tenant Three",
    )
    return tenant1, tenant2, tenant3
@@ -210,6 +325,46 @@ def provider_groups_fixture(tenants_fixture):
    return pgroup1, pgroup2, pgroup3
@pytest.fixture
 def roles_fixture(tenants_fixture):
    tenant, *_ = tenants_fixture
    role1 = Role.objects.create(
        name="Role One",
        tenant_id=tenant.id,
        manage_users=True,
        manage_account=True,
        manage_billing=True,
        manage_providers=True,
        manage_integrations=False,
        manage_scans=True,
        unlimited_visibility=False,
    )
    role2 = Role.objects.create(
        name="Role Two",
        tenant_id=tenant.id,
        manage_users=False,
        manage_account=False,
        manage_billing=False,
        manage_providers=True,
        manage_integrations=True,
        manage_scans=True,
        unlimited_visibility=True,
    )
    role3 = Role.objects.create(
        name="Role Three",
        tenant_id=tenant.id,
        manage_users=True,
        manage_account=True,
        manage_billing=True,
        manage_providers=True,
        manage_integrations=True,
        manage_scans=True,
        unlimited_visibility=True,
    )
    return role1, role2, role3
@pytest.fixture
 def provider_secret_fixture(providers_fixture):
    return tuple(
@@ -53,6 +53,7 @@ export const sendInvite = async (formData: FormData) => {
  const keyServer = process.env.API_BASE_URL;
  const email = formData.get("email");
  const role = formData.get("role");
  const url = new URL(`${keyServer}/tenants/invitations`);
  const body = JSON.stringify({
@@ -61,7 +62,18 @@ export const sendInvite = async (formData: FormData) => {
      attributes: {
        email,
      },
-      relationships: {},
+      relationships: {
        roles: {
          data: role
            ? [
                {
                  id: role,
                  type: "role",
                },
              ]
            : [],
        },
      },
    },
  });
@@ -86,14 +98,42 @@ export const sendInvite = async (formData: FormData) => {
 };
 export const updateInvite = async (formData: FormData) => {
  console.log(formData, "formData from updateInvite");
  const session = await auth();
  const keyServer = process.env.API_BASE_URL;
  const invitationId = formData.get("invitationId");
  const invitationEmail = formData.get("invitationEmail");
-  const expiresAt = formData.get("expires_at");
+  const roleId = formData.get("role");
  const expiresAt =
    formData.get("expires_at") ||
    new Date(Date.now() + 7 * 24 * 60 * 60 * 1000).toISOString();
  const url = new URL(`${keyServer}/tenants/invitations/${invitationId}`);
  console.log(url, "url");
  const body = JSON.stringify({
    data: {
      type: "invitations",
      id: invitationId,
      attributes: {
        email: invitationEmail,
        expires_at: expiresAt,
      },
      relationships: {
        roles: {
          data: [
            {
              id: roleId,
              type: "role",
            },
          ],
        },
      },
    },
  });
  console.log("Payload send to server", JSON.stringify(body, null, 2));
  try {
    const response = await fetch(url.toString(), {
@@ -103,22 +143,19 @@ export const updateInvite = async (formData: FormData) => {
        Accept: "application/vnd.api+json",
        Authorization: `Bearer ${session?.accessToken}`,
      },
-      body: JSON.stringify({
+      body,
        data: {
          type: "invitations",
          id: invitationId,
          attributes: {
            email: invitationEmail,
            ...(expiresAt && { expires_at: expiresAt }),
          },
        },
      }),
    });
    if (!response.ok) {
      const error = await response.json();
      console.error("API Error:", error);
      return { error };
    }
    const data = await response.json();
    revalidatePath("/invitations");
    return parseStringify(data);
  } catch (error) {
    // eslint-disable-next-line no-console
    console.error("Error updating invitation:", error);
    return {
      error: getErrorMessage(error),
@@ -0,0 +1 @@
 export * from "./roles";
@@ -0,0 +1,192 @@
 "use server";
 import { revalidatePath } from "next/cache";
 import { redirect } from "next/navigation";
 import { auth } from "@/auth.config";
 import { getErrorMessage, parseStringify } from "@/lib";
 export const getRoles = async ({
  page = 1,
  query = "",
  sort = "",
  filters = {},
 }) => {
  const session = await auth();
  if (isNaN(Number(page)) || page < 1) redirect("/roles");
  const keyServer = process.env.API_BASE_URL;
  const url = new URL(`${keyServer}/roles`);
  if (page) url.searchParams.append("page[number]", page.toString());
  if (query) url.searchParams.append("filter[search]", query);
  if (sort) url.searchParams.append("sort", sort);
  // Handle multiple filters
  Object.entries(filters).forEach(([key, value]) => {
    if (key !== "filter[search]") {
      url.searchParams.append(key, String(value));
    }
  });
  try {
    const invitations = await fetch(url.toString(), {
      headers: {
        Accept: "application/vnd.api+json",
        Authorization: `Bearer ${session?.accessToken}`,
      },
    });
    const data = await invitations.json();
    const parsedData = parseStringify(data);
    revalidatePath("/roles");
    return parsedData;
  } catch (error) {
    // eslint-disable-next-line no-console
    console.error("Error fetching roles:", error);
    return undefined;
  }
 };
 export const getRoleInfoById = async (roleId: string) => {
  const session = await auth();
  const keyServer = process.env.API_BASE_URL;
  const url = new URL(`${keyServer}/roles/${roleId}`);
  try {
    const response = await fetch(url.toString(), {
      method: "GET",
      headers: {
        Accept: "application/vnd.api+json",
        Authorization: `Bearer ${session?.accessToken}`,
      },
    });
    if (!response.ok) {
      throw new Error(`Failed to fetch role info: ${response.statusText}`);
    }
    const data = await response.json();
    return parseStringify(data);
  } catch (error) {
    return {
      error: getErrorMessage(error),
    };
  }
 };
 export const addRole = async (formData: FormData) => {
  const session = await auth();
  const keyServer = process.env.API_BASE_URL;
  const url = new URL(`${keyServer}/roles`);
  const body = JSON.stringify({
    data: {
      type: "role",
      attributes: {
        name: formData.get("name"),
        manage_users: formData.get("manage_users") === "true",
        manage_account: formData.get("manage_account") === "true",
        manage_billing: formData.get("manage_billing") === "true",
        manage_providers: formData.get("manage_providers") === "true",
        manage_integrations: formData.get("manage_integrations") === "true",
        manage_scans: formData.get("manage_scans") === "true",
        unlimited_visibility: formData.get("unlimited_visibility") === "true",
      },
      relationships: {
        provider_groups: {
          data: [],
        },
      },
    },
  });
  try {
    const response = await fetch(url.toString(), {
      method: "POST",
      headers: {
        "Content-Type": "application/vnd.api+json",
        Accept: "application/vnd.api+json",
        Authorization: `Bearer ${session?.accessToken}`,
      },
      body,
    });
    const data = await response.json();
    revalidatePath("/roles");
    return data;
  } catch (error) {
    return {
      error: getErrorMessage(error),
    };
  }
 };
 export const updateRole = async (formData: FormData, roleId: string) => {
  const session = await auth();
  const keyServer = process.env.API_BASE_URL;
  const url = new URL(`${keyServer}/roles/${roleId}`);
  const body = JSON.stringify({
    data: {
      type: "role",
      id: roleId,
      attributes: {
        name: formData.get("name"),
        manage_users: formData.get("manage_users") === "true",
        manage_account: formData.get("manage_account") === "true",
        manage_billing: formData.get("manage_billing") === "true",
        manage_providers: formData.get("manage_providers") === "true",
        manage_integrations: formData.get("manage_integrations") === "true",
        manage_scans: formData.get("manage_scans") === "true",
        unlimited_visibility: formData.get("unlimited_visibility") === "true",
      },
    },
  });
  try {
    const response = await fetch(url.toString(), {
      method: "PATCH",
      headers: {
        "Content-Type": "application/vnd.api+json",
        Accept: "application/vnd.api+json",
        Authorization: `Bearer ${session?.accessToken}`,
      },
      body,
    });
    const data = await response.json();
    revalidatePath("/roles");
    return data;
  } catch (error) {
    return {
      error: getErrorMessage(error),
    };
  }
 };
 export const deleteRole = async (roleId: string) => {
  const session = await auth();
  const keyServer = process.env.API_BASE_URL;
  const url = new URL(`${keyServer}/roles/${roleId}`);
  try {
    const response = await fetch(url.toString(), {
      method: "DELETE",
      headers: {
        Authorization: `Bearer ${session?.accessToken}`,
      },
    });
    if (!response.ok) {
      const errorData = await response.json();
      throw new Error(errorData?.message || "Failed to delete the role");
    }
    const data = await response.json();
    revalidatePath("/roles");
    return data;
  } catch (error) {
    return {
      error: getErrorMessage(error),
    };
  }
 };
@@ -1,7 +1,31 @@
 import React from "react";
 import { Suspense } from "react";
 import { getRoles } from "@/actions/roles";
 import { SkeletonInvitationInfo } from "@/components/invitations/workflow";
 import { SendInvitationForm } from "@/components/invitations/workflow/forms/send-invitation-form";
-export default function SendInvitationPage() {
+export default async function SendInvitationPage() {
-  return <SendInvitationForm />;
+  const rolesData = await getRoles({});
  return (
    <Suspense fallback={<SkeletonInvitationInfo />}>
      <SSRSendInvitation rolesData={rolesData?.data || []} />
    </Suspense>
  );
 }
 const SSRSendInvitation = ({ rolesData }: { rolesData: Array<any> }) => {
  const hasRoles = rolesData && rolesData.length > 0;
  return (
    <SendInvitationForm
      roles={rolesData.map((role) => ({
        id: role.id,
        name: role.attributes.name,
      }))}
      defaultRole={!hasRoles ? "admin" : undefined}
      isSelectorDisabled={!hasRoles}
    />
  );
 };
@@ -1,7 +1,8 @@
 import { Spacer } from "@nextui-org/react";
-import { Suspense } from "react";
+import React, { Suspense } from "react";
 import { getInvitations } from "@/actions/invitations/invitation";
 import { getRoles } from "@/actions/roles";
 import { FilterControls } from "@/components/filters";
 import { filterInvitations } from "@/components/filters/data-filters";
 import { SendInvitationButton } from "@/components/invitations";
@@ -11,7 +12,7 @@ import {
 } from "@/components/invitations/table";
 import { Header } from "@/components/ui";
 import { DataTable, DataTableFilterCustom } from "@/components/ui/table";
-import { SearchParamsProps } from "@/types";
+import { InvitationProps, Role, SearchParamsProps } from "@/types";
 export default async function Invitations({
  searchParams,
@@ -54,12 +55,58 @@ const SSRDataTable = async ({
  // Extract query from filters
  const query = (filters["filter[search]"] as string) || "";
  // Fetch invitations and roles
  const invitationsData = await getInvitations({ query, page, sort, filters });
  const rolesData = await getRoles({});
  // Create a dictionary for roles by invitation ID
  const roleDict = rolesData?.data?.reduce(
    (acc: Record<string, Role>, role: Role) => {
      role.relationships.invitations.data.forEach((invitation: any) => {
        acc[invitation.id] = role;
      });
      return acc;
    },
    {},
  );
  // Generate the array of roles with all the roles available
  const roles = Array.from(
    new Map(
      rolesData.data.map((role: any) => [
        role.id,
        { id: role.id, name: role.attributes?.name || "Unnamed Role" },
      ]),
    ).values(),
  );
  // Expand the invitations
  const expandedInvitations = invitationsData?.data?.map(
    (invitation: InvitationProps) => {
      const role = roleDict[invitation.id];
      return {
        ...invitation,
        relationships: {
          ...invitation.relationships,
          role,
        },
        roles, // Include all roles here for each invitation
      };
    },
  );
  // Create the expanded response
  const expandedResponse = {
    ...invitationsData,
    data: expandedInvitations,
    roles,
  };
  return (
    <DataTable
      columns={ColumnsInvitation}
-      data={invitationsData?.data || []}
+      data={expandedResponse?.data || []}
      metadata={invitationsData?.meta}
    />
  );
@@ -0,0 +1,43 @@
 import { redirect } from "next/navigation";
 import { Suspense } from "react";
 import { getRoleInfoById } from "@/actions/roles/roles";
 import { SkeletonRoleForm } from "@/components/roles/workflow";
 import { EditRoleForm } from "@/components/roles/workflow/forms/edit-role-form";
 import { SearchParamsProps } from "@/types";
 export default async function EditRolePage({
  searchParams,
 }: {
  searchParams: SearchParamsProps;
 }) {
  const searchParamsKey = JSON.stringify(searchParams || {});
  return (
    <Suspense key={searchParamsKey} fallback={<SkeletonRoleForm />}>
      <SSRDataRole searchParams={searchParams} />
    </Suspense>
  );
 }
 const SSRDataRole = async ({
  searchParams,
 }: {
  searchParams: SearchParamsProps;
 }) => {
  const roleId = searchParams.roleId;
  if (!roleId || Array.isArray(roleId)) {
    redirect("/roles");
  }
  const roleData = await getRoleInfoById(roleId as string);
  if (!roleData || roleData.error) {
    return <div>Role not found</div>;
  }
  const { attributes } = roleData.data;
  return <EditRoleForm roleId={roleId} roleData={attributes} />;
 };
@@ -0,0 +1,32 @@
 import "@/styles/globals.css";
 import { Spacer } from "@nextui-org/react";
 import React from "react";
 import { WorkflowAddEditRole } from "@/components/roles/workflow";
 import { NavigationHeader } from "@/components/ui";
 interface RoleLayoutProps {
  children: React.ReactNode;
 }
 export default function RoleLayout({ children }: RoleLayoutProps) {
  return (
    <>
      <NavigationHeader
        title="Role Management"
        icon="icon-park-outline:close-small"
        href="/roles"
      />
      <Spacer y={16} />
      <div className="grid grid-cols-1 gap-8 lg:grid-cols-12">
        <div className="order-1 my-auto hidden h-full lg:col-span-4 lg:col-start-2 lg:block">
          <WorkflowAddEditRole />
        </div>
        <div className="order-2 my-auto lg:col-span-5 lg:col-start-6">
          {children}
        </div>
      </div>
    </>
  );
 }
@@ -0,0 +1,7 @@
 import React from "react";
 import { AddRoleForm } from "@/components/roles/workflow/forms/add-role-form";
 export default function AddRolePage() {
  return <AddRoleForm />;
 }
@@ -0,0 +1,64 @@
 import { Spacer } from "@nextui-org/react";
 import { Suspense } from "react";
 import { getRoles } from "@/actions/roles";
 import { FilterControls } from "@/components/filters";
 import { filterRoles } from "@/components/filters/data-filters";
 import { AddRoleButton } from "@/components/roles";
 import { ColumnsRoles } from "@/components/roles/table";
 import { SkeletonTableRoles } from "@/components/roles/table";
 import { Header } from "@/components/ui";
 import { DataTable, DataTableFilterCustom } from "@/components/ui/table";
 import { SearchParamsProps } from "@/types";
 export default async function Roles({
  searchParams,
 }: {
  searchParams: SearchParamsProps;
 }) {
  const searchParamsKey = JSON.stringify(searchParams || {});
  return (
    <>
      <Header title="Roles" icon="mdi:account-key-outline" />
      <Spacer y={4} />
      <FilterControls search />
      <Spacer y={8} />
      <AddRoleButton />
      <Spacer y={4} />
      <DataTableFilterCustom filters={filterRoles || []} />
      <Spacer y={8} />
      <Suspense key={searchParamsKey} fallback={<SkeletonTableRoles />}>
        <SSRDataTable searchParams={searchParams} />
      </Suspense>
    </>
  );
 }
 const SSRDataTable = async ({
  searchParams,
 }: {
  searchParams: SearchParamsProps;
 }) => {
  const page = parseInt(searchParams.page?.toString() || "1", 10);
  const sort = searchParams.sort?.toString();
  // Extract all filter parameters
  const filters = Object.fromEntries(
    Object.entries(searchParams).filter(([key]) => key.startsWith("filter[")),
  );
  // Extract query from filters
  const query = (filters["filter[search]"] as string) || "";
  const rolesData = await getRoles({ query, page, sort, filters });
  return (
    <DataTable
      columns={ColumnsRoles}
      data={rolesData?.data || []}
      metadata={rolesData?.meta}
    />
  );
 };
@@ -72,3 +72,11 @@ export const filterInvitations = [
    values: ["pending", "accepted", "expired", "revoked"],
  },
 ];
 export const filterRoles = [
  {
    key: "permission_state",
    labelCheckboxGroup: "Permissions",
    values: ["unlimited", "limited", "none"],
  },
 ];
@@ -1,8 +1,7 @@
 "use client";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { Select, SelectItem } from "@nextui-org/react";
 import { Dispatch, SetStateAction } from "react";
-import { useForm } from "react-hook-form";
+import { Controller, useForm } from "react-hook-form";
 import * as z from "zod";
 import { updateInvite } from "@/actions/invitations/invitation";
@@ -15,10 +14,14 @@ import { editInviteFormSchema } from "@/types";
 export const EditForm = ({
  invitationId,
  invitationEmail,
  roles = [],
  currentRole = "",
  setIsOpen,
 }: {
  invitationId: string;
  invitationEmail?: string;
  roles: Array<{ id: string; name: string }>;
  currentRole?: string;
  setIsOpen: Dispatch<SetStateAction<boolean>>;
 }) => {
  const formSchema = editInviteFormSchema;
@@ -27,7 +30,8 @@ export const EditForm = ({
    resolver: zodResolver(formSchema),
    defaultValues: {
      invitationId,
-      invitationEmail: invitationEmail,
+      invitationEmail: invitationEmail || "",
      role: roles.find((role) => role.name === currentRole)?.id || "",
    },
  });
@@ -36,8 +40,8 @@ export const EditForm = ({
  const isLoading = form.formState.isSubmitting;
  const onSubmitClient = async (values: z.infer<typeof formSchema>) => {
    console.log(values, " from edit form");
    const formData = new FormData();
    console.log(values);
    Object.entries(values).forEach(
      ([key, value]) => value !== undefined && formData.append(key, value),
@@ -46,11 +50,10 @@ export const EditForm = ({
    const data = await updateInvite(formData);
    if (data?.error) {
      const errorMessage = `${data.error}`;
      toast({
        variant: "destructive",
        title: "Oops! Something went wrong",
-        description: errorMessage,
+        description: `${data.error}`,
      });
    } else {
      toast({
@@ -67,9 +70,12 @@ export const EditForm = ({
        onSubmit={form.handleSubmit(onSubmitClient)}
        className="flex flex-col space-y-4"
      >
-        <div className="text-md">
+        <div className="text-small">
          Current email: <span className="font-bold">{invitationEmail}</span>
        </div>
        <div className="text-small">
          Current role: <span className="font-bold">{currentRole}</span>
        </div>
        <div>
          <CustomInput
            control={form.control}
@@ -83,6 +89,34 @@ export const EditForm = ({
            isInvalid={!!form.formState.errors.invitationEmail}
          />
        </div>
        <div>
          <Controller
            name="role"
            control={form.control}
            render={({ field }) => (
              <Select
                {...field}
                label="Role"
                placeholder="Select a role"
                variant="bordered"
                selectedKeys={[field.value || ""]}
                onSelectionChange={(selected) =>
                  field.onChange(selected?.currentKey || "")
                }
              >
                {roles.map((role) => (
                  <SelectItem key={role.id}>{role.name}</SelectItem>
                ))}
              </Select>
            )}
          />
          {form.formState.errors.role && (
            <p className="mt-2 text-sm text-red-600">
              {form.formState.errors.role.message}
            </p>
          )}
        </div>
        <input type="hidden" name="invitationId" value={invitationId} />
        <div className="flex w-full justify-center sm:space-x-6">
@@ -31,6 +31,15 @@ export const ColumnsInvitation: ColumnDef<InvitationProps>[] = [
      return <p className="font-semibold">{state}</p>;
    },
  },
  {
    accessorKey: "role",
    header: () => <div className="text-left">Role</div>,
    cell: ({ row }) => {
      const roleName =
        row.original.relationships?.role?.attributes?.name || "No Role";
      return <p className="font-semibold">{roleName}</p>;
    },
  },
  {
    accessorKey: "inserted_at",
    header: ({ column }) => (
@@ -60,13 +69,13 @@ export const ColumnsInvitation: ColumnDef<InvitationProps>[] = [
      return <DateWithTime dateTime={expires_at} showTime={false} />;
    },
  },
  {
    accessorKey: "actions",
    header: () => <div className="text-right">Actions</div>,
    id: "actions",
    cell: ({ row }) => {
-      return <DataTableRowActions row={row} />;
+      const roles = row.original.roles;
      return <DataTableRowActions row={row} roles={roles} />;
    },
  },
 ];
@@ -24,28 +24,34 @@ import { DeleteForm, EditForm } from "../forms";
 interface DataTableRowActionsProps<InvitationProps> {
  row: Row<InvitationProps>;
  roles?: { id: string; name: string }[];
 }
 const iconClasses =
  "text-2xl text-default-500 pointer-events-none flex-shrink-0";
 export function DataTableRowActions<InvitationProps>({
  row,
  roles,
 }: DataTableRowActionsProps<InvitationProps>) {
  const [isEditOpen, setIsEditOpen] = useState(false);
  const [isDeleteOpen, setIsDeleteOpen] = useState(false);
  const invitationId = (row.original as { id: string }).id;
  const invitationEmail = (row.original as any).attributes?.email;
  const invitationRole = (row.original as any).relationships?.role?.attributes
    ?.name;
  return (
    <>
      <CustomAlertModal
        isOpen={isEditOpen}
        onOpenChange={setIsEditOpen}
        title="Edit Invitation"
        description={"Edit the invitation details"}
      >
        <EditForm
          invitationId={invitationId}
          invitationEmail={invitationEmail}
          currentRole={invitationRole}
          roles={roles || []}
          setIsOpen={setIsEditOpen}
        />
      </CustomAlertModal>
@@ -1,9 +1,10 @@
 "use client";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { Select, SelectItem } from "@nextui-org/react";
 import { SaveIcon } from "lucide-react";
 import { useRouter } from "next/navigation";
-import { useForm } from "react-hook-form";
+import { Controller, useForm } from "react-hook-form";
 import * as z from "zod";
 import { sendInvite } from "@/actions/invitations/invitation";
@@ -14,11 +15,20 @@ import { ApiError } from "@/types";
 const sendInvitationFormSchema = z.object({
  email: z.string().email("Please enter a valid email"),
  roleId: z.string().nonempty("Role is required"),
 });
 export type FormValues = z.infer<typeof sendInvitationFormSchema>;
-export const SendInvitationForm = () => {
+export const SendInvitationForm = ({
  roles = [],
  defaultRole = "admin",
  isSelectorDisabled = false,
 }: {
  roles: Array<{ id: string; name: string }>;
  defaultRole?: string;
  isSelectorDisabled: boolean;
 }) => {
  const { toast } = useToast();
  const router = useRouter();
@@ -26,6 +36,7 @@ export const SendInvitationForm = () => {
    resolver: zodResolver(sendInvitationFormSchema),
    defaultValues: {
      email: "",
      roleId: isSelectorDisabled ? defaultRole : "",
    },
  });
@@ -34,6 +45,7 @@ export const SendInvitationForm = () => {
  const onSubmitClient = async (values: FormValues) => {
    const formData = new FormData();
    formData.append("email", values.email);
    formData.append("role", values.roleId);
    try {
      const data = await sendInvite(formData);
@@ -48,6 +60,12 @@ export const SendInvitationForm = () => {
                message: errorMessage,
              });
              break;
            case "/data/relationships/roles":
              form.setError("roleId", {
                type: "server",
                message: errorMessage,
              });
              break;
            default:
              toast({
                variant: "destructive",
@@ -75,6 +93,7 @@ export const SendInvitationForm = () => {
        onSubmit={form.handleSubmit(onSubmitClient)}
        className="flex flex-col space-y-4"
      >
        {/* Email Field */}
        <CustomInput
          control={form.control}
          name="email"
@@ -87,6 +106,40 @@ export const SendInvitationForm = () => {
          isInvalid={!!form.formState.errors.email}
        />
        <Controller
          name="roleId"
          control={form.control}
          render={({ field }) => (
            <>
              <Select
                {...field}
                label="Role"
                placeholder="Select a role"
                variant="bordered"
                isDisabled={isSelectorDisabled}
                selectedKeys={[field.value]}
                onSelectionChange={(selected) =>
                  field.onChange(selected?.currentKey || "")
                }
              >
                {isSelectorDisabled ? (
                  <SelectItem key={defaultRole}>{defaultRole}</SelectItem>
                ) : (
                  roles.map((role) => (
                    <SelectItem key={role.id}>{role.name}</SelectItem>
                  ))
                )}
              </Select>
              {form.formState.errors.roleId && (
                <p className="mt-2 text-sm text-red-600">
                  {form.formState.errors.roleId.message}
                </p>
              )}
            </>
          )}
        />
        {/* Submit Button */}
        <div className="flex w-full justify-end sm:space-x-6">
          <CustomButton
            type="submit"
@@ -0,0 +1,21 @@
 "use client";
 import { AddIcon } from "../icons";
 import { CustomButton } from "../ui/custom";
 export const AddRoleButton = () => {
  return (
    <div className="flex w-full items-center justify-end">
      <CustomButton
        asLink="/roles/new"
        ariaLabel="Add Role"
        variant="solid"
        color="action"
        size="md"
        endContent={<AddIcon size={20} />}
      >
        Add Role
      </CustomButton>
    </div>
  );
 };
@@ -0,0 +1 @@
 export * from "./add-role-button";
@@ -0,0 +1,118 @@
 "use client";
 import { ColumnDef } from "@tanstack/react-table";
 import { DateWithTime } from "@/components/ui/entities";
 import { DataTableColumnHeader } from "@/components/ui/table";
 import { RolesProps } from "@/types";
 import { DataTableRowActions } from "./data-table-row-actions";
 const getRoleAttributes = (row: { original: RolesProps["data"][number] }) => {
  return row.original.attributes;
 };
 const getRoleRelationships = (row: {
  original: RolesProps["data"][number];
 }) => {
  return row.original.relationships;
 };
 export const ColumnsRoles: ColumnDef<RolesProps["data"][number]>[] = [
  {
    accessorKey: "role",
    header: ({ column }) => (
      <DataTableColumnHeader column={column} title={"Role"} param="name" />
    ),
    cell: ({ row }) => {
      const data = getRoleAttributes(row);
      return (
        <p className="font-semibold">
          {data.name[0].toUpperCase() + data.name.slice(1).toLowerCase()}
        </p>
      );
    },
  },
  {
    accessorKey: "users",
    header: ({ column }) => (
      <DataTableColumnHeader column={column} title={"Users"} param="users" />
    ),
    cell: ({ row }) => {
      const relationships = getRoleRelationships(row);
      const count = relationships.users.meta.count;
      return (
        <p className="text-xs font-semibold">
          {count === 0
            ? "No Users"
            : `${count} ${count === 1 ? "User" : "Users"}`}
        </p>
      );
    },
  },
  {
    accessorKey: "invitations",
    header: ({ column }) => (
      <DataTableColumnHeader
        column={column}
        title={"Invitations"}
        param="invitations"
      />
    ),
    cell: ({ row }) => {
      const relationships = getRoleRelationships(row);
      return (
        <p className="text-xs font-semibold">
          {relationships.invitations.meta.count === 0
            ? "No Invitations"
            : `${relationships.invitations.meta.count} ${
                relationships.invitations.meta.count === 1
                  ? "Invitation"
                  : "Invitations"
              }`}
        </p>
      );
    },
  },
  {
    accessorKey: "permission_state",
    header: ({ column }) => (
      <DataTableColumnHeader
        column={column}
        title={"Permissions"}
        param="permission_state"
      />
    ),
    cell: ({ row }) => {
      const { permission_state } = getRoleAttributes(row);
      return (
        <p className="text-xs font-semibold">
          {permission_state[0].toUpperCase() +
            permission_state.slice(1).toLowerCase()}
        </p>
      );
    },
  },
  {
    accessorKey: "inserted_at",
    header: ({ column }) => (
      <DataTableColumnHeader
        column={column}
        title={"Added"}
        param="inserted_at"
      />
    ),
    cell: ({ row }) => {
      const { inserted_at } = getRoleAttributes(row);
      return <DateWithTime dateTime={inserted_at} showTime={false} />;
    },
  },
  {
    accessorKey: "actions",
    header: () => <div className="text-right">Actions</div>,
    id: "actions",
    cell: ({ row }) => {
      return <DataTableRowActions row={row} />;
    },
  },
 ];
@@ -0,0 +1,93 @@
 "use client";
 import {
  Button,
  Dropdown,
  DropdownItem,
  DropdownMenu,
  DropdownSection,
  DropdownTrigger,
 } from "@nextui-org/react";
 import {
  DeleteDocumentBulkIcon,
  EditDocumentBulkIcon,
 } from "@nextui-org/shared-icons";
 import { Row } from "@tanstack/react-table";
 import clsx from "clsx";
 import { useState } from "react";
 import { VerticalDotsIcon } from "@/components/icons";
 import { CustomAlertModal } from "@/components/ui/custom/custom-alert-modal";
 import { DeleteRoleForm } from "../workflow/forms";
 interface DataTableRowActionsProps<RoleProps> {
  row: Row<RoleProps>;
 }
 const iconClasses =
  "text-2xl text-default-500 pointer-events-none flex-shrink-0";
 export function DataTableRowActions<RoleProps>({
  row,
 }: DataTableRowActionsProps<RoleProps>) {
  const [isDeleteOpen, setIsDeleteOpen] = useState(false);
  const roleId = (row.original as { id: string }).id;
  return (
    <>
      <CustomAlertModal
        isOpen={isDeleteOpen}
        onOpenChange={setIsDeleteOpen}
        title="Are you absolutely sure?"
        description="This action cannot be undone. This will permanently delete your role and remove your data from the server."
      >
        <DeleteRoleForm roleId={roleId} setIsOpen={setIsDeleteOpen} />
      </CustomAlertModal>
      <div className="relative flex items-center justify-end gap-2">
        <Dropdown
          className="shadow-xl dark:bg-prowler-blue-800"
          placement="bottom"
        >
          <DropdownTrigger>
            <Button isIconOnly radius="full" size="sm" variant="light">
              <VerticalDotsIcon className="text-default-400" />
            </Button>
          </DropdownTrigger>
          <DropdownMenu
            closeOnSelect
            aria-label="Actions"
            color="default"
            variant="flat"
          >
            <DropdownSection title="Actions">
              <DropdownItem
                href={`/roles/edit?roleId=${roleId}`}
                key="check-details"
                description="Edit the role details"
                textValue="Edit Role"
                startContent={<EditDocumentBulkIcon className={iconClasses} />}
              >
                Edit Role
              </DropdownItem>
            </DropdownSection>
            <DropdownSection title="Danger zone">
              <DropdownItem
                key="delete"
                className="text-danger"
                color="danger"
                description="Delete the role permanently"
                textValue="Delete Role"
                startContent={
                  <DeleteDocumentBulkIcon
                    className={clsx(iconClasses, "!text-danger")}
                  />
                }
                onClick={() => setIsDeleteOpen(true)}
              >
                Delete Role
              </DropdownItem>
            </DropdownSection>
          </DropdownMenu>
        </Dropdown>
      </div>
    </>
  );
 }
@@ -0,0 +1,3 @@
 export * from "./column-roles";
 export * from "./data-table-row-actions";
 export * from "./skeleton-table-roles";
@@ -0,0 +1,59 @@
 import { Card, Skeleton } from "@nextui-org/react";
 import React from "react";
 export const SkeletonTableRoles = () => {
  return (
    <Card className="h-full w-full space-y-5 p-4" radius="sm">
      {/* Table headers */}
      <div className="hidden justify-between md:flex">
        <Skeleton className="w-2/12 rounded-lg">
          <div className="h-8 bg-default-200"></div>
        </Skeleton>
        <Skeleton className="w-2/12 rounded-lg">
          <div className="h-8 bg-default-200"></div>
        </Skeleton>
        <Skeleton className="w-2/12 rounded-lg">
          <div className="h-8 bg-default-200"></div>
        </Skeleton>
        <Skeleton className="w-2/12 rounded-lg">
          <div className="h-8 bg-default-200"></div>
        </Skeleton>
        <Skeleton className="w-2/12 rounded-lg">
          <div className="h-8 bg-default-200"></div>
        </Skeleton>
        <Skeleton className="w-1/12 rounded-lg">
          <div className="h-8 bg-default-200"></div>
        </Skeleton>
      </div>
      {/* Table body */}
      <div className="space-y-3">
        {[...Array(10)].map((_, index) => (
          <div
            key={index}
            className="flex flex-col items-center justify-between space-x-0 md:flex-row md:space-x-4"
          >
            <Skeleton className="mb-2 w-full rounded-lg md:mb-0 md:w-2/12">
              <div className="h-12 bg-default-300"></div>
            </Skeleton>
            <Skeleton className="mb-2 w-full rounded-lg md:mb-0 md:w-2/12">
              <div className="h-12 bg-default-300"></div>
            </Skeleton>
            <Skeleton className="mb-2 hidden rounded-lg sm:flex md:mb-0 md:w-2/12">
              <div className="h-12 bg-default-300"></div>
            </Skeleton>
            <Skeleton className="mb-2 hidden rounded-lg sm:flex md:mb-0 md:w-2/12">
              <div className="h-12 bg-default-300"></div>
            </Skeleton>
            <Skeleton className="mb-2 hidden rounded-lg sm:flex md:mb-0 md:w-2/12">
              <div className="h-12 bg-default-300"></div>
            </Skeleton>
            <Skeleton className="mb-2 hidden rounded-lg sm:flex md:mb-0 md:w-1/12">
              <div className="h-12 bg-default-300"></div>
            </Skeleton>
          </div>
        ))}
      </div>
    </Card>
  );
 };
@@ -0,0 +1,199 @@
 "use client";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { Checkbox } from "@nextui-org/react";
 import { SaveIcon } from "lucide-react";
 import { useRouter } from "next/navigation";
 import { useEffect } from "react";
 import { useForm } from "react-hook-form";
 import { z } from "zod";
 import { addRole } from "@/actions/roles/roles";
 import { useToast } from "@/components/ui";
 import { CustomButton, CustomInput } from "@/components/ui/custom";
 import { Form } from "@/components/ui/form";
 import { addRoleFormSchema, ApiError } from "@/types";
 type FormValues = z.infer<typeof addRoleFormSchema>;
 export const AddRoleForm = () => {
  const { toast } = useToast();
  const router = useRouter();
  const form = useForm<FormValues>({
    resolver: zodResolver(addRoleFormSchema),
    defaultValues: {
      name: "",
      manage_users: false,
      manage_account: false,
      manage_billing: false,
      manage_providers: false,
      manage_integrations: false,
      manage_scans: false,
      unlimited_visibility: false,
    },
  });
  const manageProviders = form.watch("manage_providers");
  useEffect(() => {
    if (manageProviders) {
      form.setValue("unlimited_visibility", true, {
        shouldValidate: true,
        shouldDirty: true,
        shouldTouch: true,
      });
    }
  }, [manageProviders, form]);
  const isLoading = form.formState.isSubmitting;
  const onSelectAllChange = (checked: boolean) => {
    const permissions = [
      "manage_users",
      "manage_account",
      "manage_billing",
      "manage_providers",
      "manage_integrations",
      "manage_scans",
      "unlimited_visibility",
    ];
    permissions.forEach((permission) => {
      form.setValue(permission as keyof FormValues, checked, {
        shouldValidate: true,
        shouldDirty: true,
        shouldTouch: true,
      });
    });
  };
  const onSubmitClient = async (values: FormValues) => {
    const formData = new FormData();
    formData.append("name", values.name);
    formData.append("manage_users", String(values.manage_users));
    formData.append("manage_account", String(values.manage_account));
    formData.append("manage_billing", String(values.manage_billing));
    formData.append("manage_providers", String(values.manage_providers));
    formData.append("manage_integrations", String(values.manage_integrations));
    formData.append("manage_scans", String(values.manage_scans));
    formData.append(
      "unlimited_visibility",
      String(values.unlimited_visibility),
    );
    try {
      const data = await addRole(formData);
      if (data?.errors && data.errors.length > 0) {
        data.errors.forEach((error: ApiError) => {
          const errorMessage = error.detail;
          switch (error.source.pointer) {
            case "/data/attributes/name":
              form.setError("name", {
                type: "server",
                message: errorMessage,
              });
              break;
            default:
              toast({
                variant: "destructive",
                title: "Error",
                description: errorMessage,
              });
          }
        });
      } else {
        toast({
          title: "Role Added",
          description: "The role was added successfully.",
        });
        router.push("/roles");
      }
    } catch (error) {
      toast({
        variant: "destructive",
        title: "Error",
        description: "An unexpected error occurred. Please try again.",
      });
    }
  };
  const permissions = [
    { field: "manage_users", label: "Invite and Manage Users" },
    { field: "manage_account", label: "Manage SaaS Account" },
    { field: "manage_billing", label: "Manage Billing" },
    { field: "manage_providers", label: "Manage Cloud Accounts" },
    { field: "manage_integrations", label: "Manage Integrations" },
    { field: "manage_scans", label: "Manage Scans" },
    { field: "unlimited_visibility", label: "Unlimited Visibility" },
  ];
  return (
    <Form {...form}>
      <form
        onSubmit={form.handleSubmit(onSubmitClient)}
        className="flex flex-col space-y-6"
      >
        <CustomInput
          control={form.control}
          name="name"
          type="text"
          label="Role Name"
          labelPlacement="inside"
          placeholder="Enter role name"
          variant="bordered"
          isRequired
          isInvalid={!!form.formState.errors.name}
        />
        <div className="flex flex-col space-y-4">
          <span className="text-lg font-semibold">Admin Permissions</span>
          {/* Select All Checkbox */}
          <Checkbox
            isSelected={permissions.every((perm) =>
              form.watch(perm.field as keyof FormValues),
            )}
            onChange={(e) => onSelectAllChange(e.target.checked)}
            classNames={{
              label: "text-small",
            }}
          >
            Grant all admin permissions
          </Checkbox>
          {/* Permissions Grid */}
          <div className="grid grid-cols-2 gap-4">
            {permissions.map(({ field, label }) => (
              <Checkbox
                key={field}
                {...form.register(field as keyof FormValues)}
                isSelected={!!form.watch(field as keyof FormValues)}
                classNames={{
                  label: "text-small",
                }}
              >
                {label}
              </Checkbox>
            ))}
          </div>
        </div>
        <div className="flex w-full justify-end sm:space-x-6">
          <CustomButton
            type="submit"
            ariaLabel="Add Role"
            className="w-1/2"
            variant="solid"
            color="action"
            size="lg"
            isLoading={isLoading}
            startContent={!isLoading && <SaveIcon size={24} />}
          >
            {isLoading ? <>Loading</> : <span>Add Role</span>}
          </CustomButton>
        </div>
      </form>
    </Form>
  );
 };
@@ -0,0 +1,87 @@
 "use client";
 import { zodResolver } from "@hookform/resolvers/zod";
 import React, { Dispatch, SetStateAction } from "react";
 import { useForm } from "react-hook-form";
 import * as z from "zod";
 import { deleteRole } from "@/actions/roles";
 import { DeleteIcon } from "@/components/icons";
 import { useToast } from "@/components/ui";
 import { CustomButton } from "@/components/ui/custom";
 import { Form } from "@/components/ui/form";
 const formSchema = z.object({
  roleId: z.string(),
 });
 export const DeleteRoleForm = ({
  roleId,
  setIsOpen,
 }: {
  roleId: string;
  setIsOpen: Dispatch<SetStateAction<boolean>>;
 }) => {
  const form = useForm<z.infer<typeof formSchema>>({
    resolver: zodResolver(formSchema),
  });
  const { toast } = useToast();
  const isLoading = form.formState.isSubmitting;
  async function onSubmitClient(formData: FormData) {
    const roleId = formData.get("id") as string;
    const data = await deleteRole(roleId);
    if (data?.errors && data.errors.length > 0) {
      const error = data.errors[0];
      const errorMessage = `${error.detail}`;
      // show error
      toast({
        variant: "destructive",
        title: "Oops! Something went wrong",
        description: errorMessage,
      });
    } else {
      toast({
        title: "Success!",
        description: "The role was removed successfully.",
      });
    }
    setIsOpen(false); // Close the modal on success
  }
  return (
    <Form {...form}>
      <form action={onSubmitClient}>
        <input type="hidden" name="id" value={roleId} />
        <div className="flex w-full justify-center sm:space-x-6">
          <CustomButton
            type="button"
            ariaLabel="Cancel"
            className="w-full bg-transparent"
            variant="faded"
            size="lg"
            radius="lg"
            onPress={() => setIsOpen(false)}
            isDisabled={isLoading}
          >
            <span>Cancel</span>
          </CustomButton>
          <CustomButton
            type="submit"
            ariaLabel="Delete"
            className="w-full"
            variant="solid"
            color="danger"
            size="lg"
            isLoading={isLoading}
            startContent={!isLoading && <DeleteIcon size={24} />}
          >
            {isLoading ? <>Loading</> : <span>Delete</span>}
          </CustomButton>
        </div>
      </form>
    </Form>
  );
 };
@@ -0,0 +1,208 @@
 "use client";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { Checkbox } from "@nextui-org/react";
 import { SaveIcon } from "lucide-react";
 import { useRouter } from "next/navigation";
 import { useEffect } from "react";
 import { useForm } from "react-hook-form";
 import { z } from "zod";
 import { updateRole } from "@/actions/roles/roles";
 import { useToast } from "@/components/ui";
 import { CustomButton, CustomInput } from "@/components/ui/custom";
 import { Form } from "@/components/ui/form";
 import { ApiError, editRoleFormSchema } from "@/types";
 type FormValues = z.infer<typeof editRoleFormSchema>;
 export const EditRoleForm = ({
  roleId,
  roleData,
 }: {
  roleId: string;
  roleData: FormValues;
 }) => {
  const { toast } = useToast();
  const router = useRouter();
  const form = useForm<FormValues>({
    resolver: zodResolver(editRoleFormSchema),
    defaultValues: roleData,
  });
  const { watch, setValue } = form;
  const manageProviders = watch("manage_providers");
  const unlimitedVisibility = watch("unlimited_visibility");
  useEffect(() => {
    if (manageProviders && !unlimitedVisibility) {
      setValue("unlimited_visibility", true, {
        shouldValidate: true,
        shouldDirty: true,
        shouldTouch: true,
      });
    }
  }, [manageProviders, unlimitedVisibility, setValue]);
  const isLoading = form.formState.isSubmitting;
  const onSelectAllChange = (checked: boolean) => {
    const permissions = [
      "manage_users",
      "manage_account",
      "manage_billing",
      "manage_providers",
      "manage_integrations",
      "manage_scans",
      "unlimited_visibility",
    ];
    permissions.forEach((permission) => {
      form.setValue(permission as keyof FormValues, checked, {
        shouldValidate: true,
        shouldDirty: true,
        shouldTouch: true,
      });
    });
  };
  const onSubmitClient = async (values: FormValues) => {
    if (!roleId) {
      toast({
        variant: "destructive",
        title: "Error",
        description: "Role ID is missing.",
      });
      return;
    }
    const formData = new FormData();
    formData.append("name", values.name);
    formData.append("manage_users", String(values.manage_users));
    formData.append("manage_account", String(values.manage_account));
    formData.append("manage_billing", String(values.manage_billing));
    formData.append("manage_providers", String(values.manage_providers));
    formData.append("manage_integrations", String(values.manage_integrations));
    formData.append("manage_scans", String(values.manage_scans));
    formData.append(
      "unlimited_visibility",
      String(values.unlimited_visibility),
    );
    try {
      const data = await updateRole(formData, roleId);
      if (data?.errors && data.errors.length > 0) {
        data.errors.forEach((error: ApiError) => {
          const errorMessage = error.detail;
          switch (error.source.pointer) {
            case "/data/attributes/name":
              form.setError("name", {
                type: "server",
                message: errorMessage,
              });
              break;
            default:
              toast({
                variant: "destructive",
                title: "Error",
                description: errorMessage,
              });
          }
        });
      } else {
        toast({
          title: "Role Updated",
          description: "The role was updated successfully.",
        });
        router.push("/roles");
      }
    } catch (error) {
      toast({
        variant: "destructive",
        title: "Error",
        description: "An unexpected error occurred. Please try again.",
      });
    }
  };
  const permissions = [
    { field: "manage_users", label: "Invite and Manage Users" },
    { field: "manage_account", label: "Manage SaaS Account" },
    { field: "manage_billing", label: "Manage Billing" },
    { field: "manage_providers", label: "Manage Cloud Accounts" },
    { field: "manage_integrations", label: "Manage Integrations" },
    { field: "manage_scans", label: "Manage Scans" },
    { field: "unlimited_visibility", label: "Unlimited Visibility" },
  ];
  return (
    <Form {...form}>
      <form
        onSubmit={form.handleSubmit(onSubmitClient)}
        className="flex flex-col space-y-6"
      >
        <CustomInput
          control={form.control}
          name="name"
          type="text"
          label="Role Name"
          labelPlacement="inside"
          placeholder="Enter role name"
          variant="bordered"
          isRequired
          isInvalid={!!form.formState.errors.name}
        />
        <div className="flex flex-col space-y-4">
          <span className="text-lg font-semibold">Admin Permissions</span>
          {/* Select All Checkbox */}
          <Checkbox
            isSelected={permissions.every((perm) =>
              form.watch(perm.field as keyof FormValues),
            )}
            onChange={(e) => onSelectAllChange(e.target.checked)}
            classNames={{
              label: "text-small",
            }}
          >
            Grant all admin permissions
          </Checkbox>
          {/* Permissions Grid */}
          <div className="grid grid-cols-2 gap-4">
            {permissions.map(({ field, label }) => (
              <Checkbox
                key={field}
                {...form.register(field as keyof FormValues)}
                isSelected={!!form.watch(field as keyof FormValues)}
                classNames={{
                  label: "text-small",
                }}
              >
                {label}
              </Checkbox>
            ))}
          </div>
        </div>
        <div className="flex w-full justify-end sm:space-x-6">
          <CustomButton
            type="submit"
            ariaLabel="Update Role"
            className="w-1/2"
            variant="solid"
            color="action"
            size="lg"
            isLoading={isLoading}
            startContent={!isLoading && <SaveIcon size={24} />}
          >
            {isLoading ? <>Loading</> : <span>Update Role</span>}
          </CustomButton>
        </div>
      </form>
    </Form>
  );
 };
@@ -0,0 +1,3 @@
 export * from "./add-role-form";
 export * from "./delete-role-form";
 export * from "./edit-role-form";
@@ -0,0 +1,3 @@
 export * from "./skeleton-role-form";
 export * from "./vertical-steps";
 export * from "./workflow-add-edit-role";
@@ -0,0 +1,65 @@
 import { Card, Skeleton } from "@nextui-org/react";
 import React from "react";
 export const SkeletonRoleForm = () => {
  return (
    <Card className="h-full w-full space-y-5 p-4" radius="sm">
      {/* Table headers */}
      <div className="hidden justify-between md:flex">
        <Skeleton className="w-1/12 rounded-lg">
          <div className="h-8 bg-default-200"></div>
        </Skeleton>
        <Skeleton className="w-2/12 rounded-lg">
          <div className="h-8 bg-default-200"></div>
        </Skeleton>
        <Skeleton className="w-2/12 rounded-lg">
          <div className="h-8 bg-default-200"></div>
        </Skeleton>
        <Skeleton className="w-2/12 rounded-lg">
          <div className="h-8 bg-default-200"></div>
        </Skeleton>
        <Skeleton className="w-2/12 rounded-lg">
          <div className="h-8 bg-default-200"></div>
        </Skeleton>
        <Skeleton className="w-1/12 rounded-lg">
          <div className="h-8 bg-default-200"></div>
        </Skeleton>
        <Skeleton className="w-1/12 rounded-lg">
          <div className="h-8 bg-default-200"></div>
        </Skeleton>
      </div>
      {/* Table body */}
      <div className="space-y-3">
        {[...Array(3)].map((_, index) => (
          <div
            key={index}
            className="flex flex-col items-center justify-between space-x-0 md:flex-row md:space-x-4"
          >
            <Skeleton className="mb-2 w-full rounded-lg md:mb-0 md:w-1/12">
              <div className="h-12 bg-default-300"></div>
            </Skeleton>
            <Skeleton className="mb-2 w-full rounded-lg md:mb-0 md:w-2/12">
              <div className="h-12 bg-default-300"></div>
            </Skeleton>
            <Skeleton className="mb-2 hidden rounded-lg sm:flex md:mb-0 md:w-2/12">
              <div className="h-12 bg-default-300"></div>
            </Skeleton>
            <Skeleton className="mb-2 hidden rounded-lg sm:flex md:mb-0 md:w-2/12">
              <div className="h-12 bg-default-300"></div>
            </Skeleton>
            <Skeleton className="mb-2 hidden rounded-lg sm:flex md:mb-0 md:w-2/12">
              <div className="h-12 bg-default-300"></div>
            </Skeleton>
            <Skeleton className="mb-2 hidden rounded-lg sm:flex md:mb-0 md:w-1/12">
              <div className="h-12 bg-default-300"></div>
            </Skeleton>
            <Skeleton className="mb-2 hidden rounded-lg sm:flex md:mb-0 md:w-1/12">
              <div className="h-12 bg-default-300"></div>
            </Skeleton>
          </div>
        ))}
      </div>
    </Card>
  );
 };
@@ -0,0 +1,291 @@
 "use client";
 import type { ButtonProps } from "@nextui-org/react";
 import { cn } from "@nextui-org/react";
 import { useControlledState } from "@react-stately/utils";
 import { domAnimation, LazyMotion, m } from "framer-motion";
 import type { ComponentProps } from "react";
 import React from "react";
 export type VerticalStepProps = {
  className?: string;
  description?: React.ReactNode;
  title?: React.ReactNode;
 };
 export interface VerticalStepsProps
  extends React.HTMLAttributes<HTMLButtonElement> {
  /**
   * An array of steps.
   *
   * @default []
   */
  steps?: VerticalStepProps[];
  /**
   * The color of the steps.
   *
   * @default "primary"
   */
  color?: ButtonProps["color"];
  /**
   * The current step index.
   */
  currentStep?: number;
  /**
   * The default step index.
   *
   * @default 0
   */
  defaultStep?: number;
  /**
   * Whether to hide the progress bars.
   *
   * @default false
   */
  hideProgressBars?: boolean;
  /**
   * The custom class for the steps wrapper.
   */
  className?: string;
  /**
   * The custom class for the step.
   */
  stepClassName?: string;
  /**
   * Callback function when the step index changes.
   */
  onStepChange?: (stepIndex: number) => void;
 }
 function CheckIcon(props: ComponentProps<"svg">) {
  return (
    <svg
      {...props}
      fill="none"
      stroke="currentColor"
      strokeWidth={2}
      viewBox="0 0 24 24"
    >
      <m.path
        animate={{ pathLength: 1 }}
        d="M5 13l4 4L19 7"
        initial={{ pathLength: 0 }}
        strokeLinecap="round"
        strokeLinejoin="round"
        transition={{
          delay: 0.2,
          type: "tween",
          ease: "easeOut",
          duration: 0.3,
        }}
      />
    </svg>
  );
 }
 export const VerticalSteps = React.forwardRef<
  HTMLButtonElement,
  VerticalStepsProps
 >(
  (
    {
      color = "primary",
      steps = [],
      defaultStep = 0,
      onStepChange,
      currentStep: currentStepProp,
      hideProgressBars = false,
      stepClassName,
      className,
      ...props
    },
    ref,
  ) => {
    const [currentStep, setCurrentStep] = useControlledState(
      currentStepProp,
      defaultStep,
      onStepChange,
    );
    const colors = React.useMemo(() => {
      let userColor;
      let fgColor;
      const colorsVars = [
        "[--active-fg-color:var(--step-fg-color)]",
        "[--active-border-color:var(--step-color)]",
        "[--active-color:var(--step-color)]",
        "[--complete-background-color:var(--step-color)]",
        "[--complete-border-color:var(--step-color)]",
        "[--inactive-border-color:hsl(var(--nextui-default-300))]",
        "[--inactive-color:hsl(var(--nextui-default-300))]",
      ];
      switch (color) {
        case "primary":
          userColor = "[--step-color:hsl(var(--nextui-primary))]";
          fgColor = "[--step-fg-color:hsl(var(--nextui-primary-foreground))]";
          break;
        case "secondary":
          userColor = "[--step-color:hsl(var(--nextui-secondary))]";
          fgColor = "[--step-fg-color:hsl(var(--nextui-secondary-foreground))]";
          break;
        case "success":
          userColor = "[--step-color:hsl(var(--nextui-success))]";
          fgColor = "[--step-fg-color:hsl(var(--nextui-success-foreground))]";
          break;
        case "warning":
          userColor = "[--step-color:hsl(var(--nextui-warning))]";
          fgColor = "[--step-fg-color:hsl(var(--nextui-warning-foreground))]";
          break;
        case "danger":
          userColor = "[--step-color:hsl(var(--nextui-error))]";
          fgColor = "[--step-fg-color:hsl(var(--nextui-error-foreground))]";
          break;
        case "default":
          userColor = "[--step-color:hsl(var(--nextui-default))]";
          fgColor = "[--step-fg-color:hsl(var(--nextui-default-foreground))]";
          break;
        default:
          userColor = "[--step-color:hsl(var(--nextui-primary))]";
          fgColor = "[--step-fg-color:hsl(var(--nextui-primary-foreground))]";
          break;
      }
      if (!className?.includes("--step-fg-color")) colorsVars.unshift(fgColor);
      if (!className?.includes("--step-color")) colorsVars.unshift(userColor);
      if (!className?.includes("--inactive-bar-color"))
        colorsVars.push(
          "[--inactive-bar-color:hsl(var(--nextui-default-300))]",
        );
      return colorsVars;
    }, [color, className]);
    return (
      <nav aria-label="Progress" className="max-w-fit">
        <ol className={cn("flex flex-col gap-y-3", colors, className)}>
          {steps?.map((step, stepIdx) => {
            const status =
              currentStep === stepIdx
                ? "active"
                : currentStep < stepIdx
                  ? "inactive"
                  : "complete";
            return (
              <li key={stepIdx} className="relative">
                <div className="flex w-full max-w-full items-center">
                  <button
                    key={stepIdx}
                    ref={ref}
                    aria-current={status === "active" ? "step" : undefined}
                    className={cn(
                      "group flex w-full cursor-pointer items-center justify-center gap-4 rounded-large px-3 py-2.5",
                      stepClassName,
                    )}
                    onClick={() => setCurrentStep(stepIdx)}
                    {...props}
                  >
                    <div className="flex h-full items-center">
                      <LazyMotion features={domAnimation}>
                        <div className="relative">
                          <m.div
                            animate={status}
                            className={cn(
                              "relative flex h-[34px] w-[34px] items-center justify-center rounded-full border-medium text-large font-semibold text-default-foreground",
                              {
                                "shadow-lg": status === "complete",
                              },
                            )}
                            data-status={status}
                            initial={false}
                            transition={{ duration: 0.25 }}
                            variants={{
                              inactive: {
                                backgroundColor: "transparent",
                                borderColor: "var(--inactive-border-color)",
                                color: "var(--inactive-color)",
                              },
                              active: {
                                backgroundColor: "transparent",
                                borderColor: "var(--active-border-color)",
                                color: "var(--active-color)",
                              },
                              complete: {
                                backgroundColor:
                                  "var(--complete-background-color)",
                                borderColor: "var(--complete-border-color)",
                              },
                            }}
                          >
                            <div className="flex items-center justify-center">
                              {status === "complete" ? (
                                <CheckIcon className="h-6 w-6 text-[var(--active-fg-color)]" />
                              ) : (
                                <span>{stepIdx + 1}</span>
                              )}
                            </div>
                          </m.div>
                        </div>
                      </LazyMotion>
                    </div>
                    <div className="flex-1 text-left">
                      <div>
                        <div
                          className={cn(
                            "text-medium font-medium text-default-foreground transition-[color,opacity] duration-300 group-active:opacity-70",
                            {
                              "text-default-500": status === "inactive",
                            },
                          )}
                        >
                          {step.title}
                        </div>
                        <div
                          className={cn(
                            "text-tiny text-default-600 transition-[color,opacity] duration-300 group-active:opacity-70 lg:text-small",
                            {
                              "text-default-500": status === "inactive",
                            },
                          )}
                        >
                          {step.description}
                        </div>
                      </div>
                    </div>
                  </button>
                </div>
                {stepIdx < steps.length - 1 && !hideProgressBars && (
                  <div
                    aria-hidden="true"
                    className={cn(
                      "pointer-events-none absolute left-3 top-[calc(64px_*_var(--idx)_+_1)] flex h-1/2 -translate-y-1/3 items-center px-4",
                    )}
                    style={{
                      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
                      // @ts-expect-error
                      "--idx": stepIdx,
                    }}
                  >
                    <div
                      className={cn(
                        "relative h-full w-0.5 bg-[var(--inactive-bar-color)] transition-colors duration-300",
                        "after:absolute after:block after:h-0 after:w-full after:bg-[var(--active-border-color)] after:transition-[height] after:duration-300 after:content-['']",
                        {
                          "after:h-full": stepIdx < currentStep,
                        },
                      )}
                    />
                  </div>
                )}
              </li>
            );
          })}
        </ol>
      </nav>
    );
  },
 );
 VerticalSteps.displayName = "VerticalSteps";
@@ -0,0 +1,64 @@
 "use client";
 import { Progress, Spacer } from "@nextui-org/react";
 import { usePathname } from "next/navigation";
 import React from "react";
 import { VerticalSteps } from "./vertical-steps";
 const steps = [
  {
    title: "Create a new role",
    description: "Enter the name of the role you want to add.",
    href: "/roles/new",
  },
  {
    title: "Edit a existing role",
    description:
      "Update the role's details, including its name and permissions.",
    href: "/roles/edit",
  },
 ];
 export const WorkflowAddEditRole = () => {
  const pathname = usePathname();
  // Calculate current step based on pathname
  const currentStepIndex = steps.findIndex((step) =>
    pathname.endsWith(step.href),
  );
  const currentStep = currentStepIndex === -1 ? 0 : currentStepIndex;
  return (
    <section className="max-w-sm">
      <h1 className="mb-2 text-xl font-medium" id="getting-started">
        Manage Role Permissions
      </h1>
      <p className="mb-5 text-small text-default-500">
        Define a new role with customized permissions or modify an existing one
        to meet your needs.
      </p>
      <Progress
        classNames={{
          base: "px-0.5 mb-5",
          label: "text-small",
          value: "text-small text-default-400",
        }}
        label="Steps"
        maxValue={steps.length - 1}
        minValue={0}
        showValueLabel={true}
        size="md"
        value={currentStep}
        valueLabel={`${currentStep + 1} of ${steps.length}`}
      />
      <VerticalSteps
        hideProgressBars
        currentStep={currentStep}
        stepClassName="border border-default-200 dark:border-default-50 aria-[current]:bg-default-100 dark:aria-[current]:bg-prowler-blue-800 cursor-default"
        steps={steps}
      />
      <Spacer y={4} />
    </section>
  );
 };
@@ -211,6 +211,12 @@ export const sectionItems: SidebarItem[] = [
        icon: "lucide:scan-search",
        title: "Scan Jobs",
      },
      {
        key: "roles",
        href: "/roles",
        icon: "mdi:account-key-outline",
        title: "Roles",
      },
      // {
      //   key: "integrations",
      //   href: "/integrations",
@@ -222,11 +222,100 @@ export interface InvitationProps {
        id: string;
      };
    };
    role?: {
      data: {
        type: "roles";
        id: string;
      };
      attributes?: {
        name: string;
        manage_users?: boolean;
        manage_account?: boolean;
        manage_billing?: boolean;
        manage_providers?: boolean;
        manage_integrations?: boolean;
        manage_scans?: boolean;
        permission_state?: "unlimited" | "limited" | "none";
      };
    };
  };
  links: {
    self: string;
  };
  roles?: {
    id: string;
    name: string;
  }[];
 }
 export interface Role {
  type: "role";
  id: string;
  attributes: {
    name: string;
    manage_users: boolean;
    manage_account: boolean;
    manage_billing: boolean;
    manage_providers: boolean;
    manage_integrations: boolean;
    manage_scans: boolean;
    unlimited_visibility: boolean;
    permission_state: "unlimited" | "limited" | "none";
    inserted_at: string;
    updated_at: string;
  };
  relationships: {
    provider_groups: {
      meta: {
        count: number;
      };
      data: {
        type: string;
        id: string;
      }[];
    };
    users: {
      meta: {
        count: number;
      };
      data: {
        type: string;
        id: string;
      }[];
    };
    invitations: {
      meta: {
        count: number;
      };
      data: {
        type: string;
        id: string;
      }[];
    };
  };
  links: {
    self: string;
  };
 }
 export interface RolesProps {
  links: {
    first: string;
    last: string;
    next: string | null;
    prev: string | null;
  };
  data: Role[];
  meta: {
    pagination: {
      page: number;
      pages: number;
      count: number;
    };
    version: string;
  };
 }
 export interface UserProfileProps {
  data: {
    type: "users";
@@ -1,5 +1,27 @@
 import { z } from "zod";
 export const addRoleFormSchema = z.object({
  name: z.string().min(1, "Name is required"),
  manage_users: z.boolean().default(false),
  manage_account: z.boolean().default(false),
  manage_billing: z.boolean().default(false),
  manage_providers: z.boolean().default(false),
  manage_integrations: z.boolean().default(false),
  manage_scans: z.boolean().default(false),
  unlimited_visibility: z.boolean().default(false),
 });
 export const editRoleFormSchema = z.object({
  name: z.string().min(1, "Name is required"),
  manage_users: z.boolean().default(false),
  manage_account: z.boolean().default(false),
  manage_billing: z.boolean().default(false),
  manage_providers: z.boolean().default(false),
  manage_integrations: z.boolean().default(false),
  manage_scans: z.boolean().default(false),
  unlimited_visibility: z.boolean().default(false),
 });
 export const editScanFormSchema = (currentName: string) =>
  z.object({
    scanName: z
@@ -158,6 +180,7 @@ export const editInviteFormSchema = z.object({
  invitationId: z.string().uuid(),
  invitationEmail: z.string().email(),
  expires_at: z.string().optional(),
  role: z.string().optional(),
 });
 export const editUserFormSchema = () =>
Author	SHA1	Message	Date
Pablo Lara	a75755c8c5	WIP: add change role to the user's invitations	2024-12-15 10:37:51 +01:00
Pablo Lara	3e0568f381	chore: add change role to the user's invitations	2024-12-13 12:38:08 +01:00
Pablo Lara	fec66a3685	Merge branch 'master' into PRWLR-4669-Roles-Page-API-UI	2024-12-13 06:02:29 +01:00
Pablo Lara	ba335de6b3	chore: fix error with exports	2024-12-11 08:30:12 +01:00
Pablo Lara	93051d55d5	feat: add role when invite an user	2024-12-10 18:14:57 +01:00
Pablo Lara	161c56ffe4	feat: add permission column to roles table	2024-12-10 11:28:10 +01:00
Pablo Lara	e306322630	Merge branch 'PRWLR-5688-Implement-permission-status-filter' into PRWLR-4669-Roles-Page-API-UI	2024-12-10 10:47:14 +01:00
Adrián Jesús Peña Rodríguez	b4eb6e8076	feat(rbac): add permission_state field to role serializer	2024-12-10 10:45:09 +01:00
Pablo Lara	b54e9334b9	chore: add and edit roles is working now	2024-12-10 10:44:34 +01:00
Adrián Jesús Peña Rodríguez	5fd1af7559	feat(rbac): add permission_state filter	2024-12-10 10:33:26 +01:00
Pablo Lara	83c7ced6ff	Merge branch 'feat-rbac' into PRWLR-4669-Roles-Page-API-UI	2024-12-10 09:29:24 +01:00
Adrián Jesús Peña Rodríguez	67d9ff2419	ref(provider_groups): ref the provider_groups relationships endpoint (#6033 )	2024-12-10 09:28:22 +01:00
Pablo Lara	130fddae1e	feat: edit role feature	2024-12-10 09:08:25 +01:00
Pablo Lara	04b9f81e26	feat: add new role feature	2024-12-10 07:24:01 +01:00
Pablo Lara	29bc697487	feat: add roles page	2024-12-05 15:25:07 +01:00
Pablo Lara	381aa93f55	chore: add roles item to the sidebar	2024-12-05 09:12:31 +01:00
Adrián Jesús Peña Rodríguez	2bee4b986f	Merge branch 'master' into feat-rbac	2024-12-04 15:42:47 +01:00
Adrián Jesús Peña Rodríguez	9723b8fac1	Merge branch 'master' into feat-rbac	2024-12-04 12:51:39 +01:00
Adrián Jesús Peña Rodríguez	67ef67add9	feat(api-rbac): RBAC system (#5903 )	2024-11-26 12:32:55 +01:00