flushing out little things here and there on Org and OrgPerm endpoints.

src/metabase/api/org.clj

 (ns metabase.api.org
   (:require [compojure.core :refer [defroutes GET PUT POST DELETE]]
+            [korma.core :refer [where subselect fields order limit]]
             [medley.core :refer :all]
             [metabase.api.common :refer :all]
             [metabase.db :refer :all]
             [metabase.models.hydrate :refer :all]
             (metabase.models [org :refer [Org]]
                              [user :refer [User]]
-                             [org-perm :refer [OrgPerm]])
+                             [org-perm :refer [OrgPerm grant-org-perm]])
             [metabase.util :as util]))
 
 
 (defendpoint GET "/" []
-  ;; TODO - permissions check
-  (sel :many Org))
+  (if (:is_superuser *current-user*)
+    ;; superusers get all organizations
+    (sel :many Org)
+    ;; normal users simply see the orgs they are members of
+    (sel :many Org (where {:id [in (subselect OrgPerm (fields :organization_id) (where {:user_id *current-user-id*}))]})))
 
 
-(defendpoint POST "/" [:as {body :body}]
-  ;; TODO - implementation
-  {:status 200
-   :body {}})
+(defendpoint POST "/" [:as {{:keys [name slug] :as body} :body}]
+  (require-params name slug)
+  ;; user must be a superuser to proceed
+  (check-403 (:is_superuser *current-user*))
+  (->> (util/select-non-nil-keys body [:slug :name :description :logo_url])
+    (mapply ins Org)))
+
 
 (defendpoint GET "/:id" [id]
   (->404 (sel :one Org :id id)
          read-check))
 
+
 (defendpoint GET "/slug/:slug" [slug]
   (->404 (sel :one Org :slug slug)
          read-check))
 
+
 (defendpoint PUT "/:id" [id :as {body :body}]
   (write-check Org id)
   (check-500 (->> (util/select-non-nil-keys body :name :description :logo_url)
                   (mapply upd Org id)))
   (sel :one Org :id id))
 
-(defn grant-org-perm
-  "Grants permission for given User on Org.  Creates record if needed, otherwise updates existing record."
-  [org-id user-id is-admin]
-  (let [perm (sel :one OrgPerm :user_id user-id :organization_id org-id)
-        is-admin (boolean is-admin)]
-    (if-not perm
-      (ins OrgPerm
-        :user_id user-id
-        :organization_id org-id
-        :admin is-admin)
-      (upd OrgPerm (:id perm)
-        :admin is-admin))))
 
 (defendpoint GET "/:id/members" [id]
   (read-check Org id)
   (-> (sel :many OrgPerm :organization_id id)
       (hydrate :user :organization)))
 
+
 (defendpoint POST "/:id/members" [id :as {{:keys [first_name last_name email admin]} :body}]
   ; we require 4 attributes in the body
   (check-400 (and first_name last_name email admin (util/is-email? email)))
@@ -67,18 +65,21 @@
     (-> (sel :one OrgPerm :user_id user-id :organization_id id)
         (hydrate :user :organization))))
 
+
 (defendpoint POST "/:id/members/:user-id" [id user-id :as {{:keys [admin]} :body}]
   (write-check Org id)
   (check-404 (exists? User :id user-id))
   (grant-org-perm id user-id (boolean admin))
   {:success true})
 
+
 (defendpoint PUT "/:id/members/:user-id" [id user-id :as {{:keys [admin]} :body}]
   (write-check Org id)
   (check-404 (exists? User :id user-id))
   (grant-org-perm id user-id (boolean admin))
   {:success true})
 
+
 (defendpoint DELETE "/:id/members/:user-id" [id user-id :as {body :body}]
   ; user must have admin perms on org to proceed
   (let-404 [{:keys [can_write] :as org} (sel :one Org :id id)]

src/metabase/api/session.clj

@@ -11,7 +11,7 @@
 ;; login
 (defendpoint POST "/" [:as {{:keys [email password] :as body} :body}]
   (require-params email password)
-  (let-400 [user (sel :one [User :id :password_salt :password] :email email)]
+  (let-400 [user (sel :one :fields [User :id :password_salt :password] :email email)]
     (check (creds/bcrypt-verify (str (:password_salt user) password) (:password user)) [400 "password mismatch"])
     (let [session-id (str (java.util.UUID/randomUUID))]
       (ins Session

src/metabase/api/user.clj

@@ -10,7 +10,7 @@
 
 
 (defendpoint GET "/" []
-  ; user must be a superuser to proceed
+  ;; user must be a superuser to proceed
   (check-403 (:is_superuser @*current-user*))
   (sel :many User))
 
@@ -21,15 +21,15 @@
 
 
 (defendpoint GET "/:id" [id]
-  ; user must be getting their own details OR they must be a superuser to proceed
+  ;; user must be getting their own details OR they must be a superuser to proceed
   (check-403 (or (= id *current-user-id*) (:is_superuser @*current-user*)))
   (sel :one User :id id))
 
 
 (defendpoint PUT "/:id" [id :as {{:keys [email] :as body} :body}]
-  ; user must be getting their own details OR they must be a superuser to proceed
+  ;; user must be getting their own details OR they must be a superuser to proceed
   (check-403 (or (= id *current-user-id*) (:is_superuser @*current-user*)))
-  ; can't change email if it's already taken BY ANOTHER ACCOUNT
+  ;; can't change email if it's already taken BY ANOTHER ACCOUNT
   (when id
     (check-400 (is-email? email))
     (check-400 (not (exists? User :email email :id [not= id]))))
@@ -39,9 +39,9 @@
 
 
 (defendpoint PUT "/:id/password" [id :as {{:keys [password old_password] :as body} :body}]
-  ; caller must supply current and new password attributes
+  ;; caller must supply current and new password attributes
   (check (and password old_password) [400 "You must specify both old_password and password"])
-  ; user must be getting their own details OR they must be a superuser to proceed
+  ;; user must be getting their own details OR they must be a superuser to proceed
   (check-403 (or (= id *current-user-id*) (:is_superuser @*current-user*)))
   (let-404 [user (sel :one [User :password_salt :password] :id id)]
     (check (creds/bcrypt-verify (str (:password_salt user) old_password) (:password user)) [400 "password mismatch"]))

src/metabase/models/org.clj

@@ -26,3 +26,7 @@
   (assoc org
          :can_read (delay (org-can-read id))
          :can_write (delay (org-can-write id))))
+
+(defmethod pre-insert Org [_ org]
+  (let [defaults {:inherits false}]
+    (merge defaults org)))
\ No newline at end of file

src/metabase/models/org_perm.clj

@@ -3,10 +3,26 @@
             [metabase.db :refer :all]
             [metabase.models.org :refer [Org]]))
 
+
 (defentity OrgPerm
   (table :core_userorgperm))
 
+
 (defmethod post-select OrgPerm [_ {:keys [organization_id user_id] :as org-perm}]
   (assoc org-perm
          :organization (sel-fn :one Org :id organization_id)
          :user (sel-fn :one "metabase.models.user/User" :id user_id)))
+
+
+(defn grant-org-perm
+  "Grants permission for given User on Org.  Creates record if needed, otherwise updates existing record."
+  [org-id user-id is-admin]
+  (let [perm (sel :one OrgPerm :user_id user-id :organization_id org-id)
+        is-admin (boolean is-admin)]
+    (if-not perm
+      (ins OrgPerm
+        :user_id user-id
+        :organization_id org-id
+        :admin is-admin)
+      (upd OrgPerm (:id perm)
+        :admin is-admin))))