Create separate user endpoints for different purposes (admin, org, project)

[Sujanadh]

What type of PR is this? (check all applicable)

• 🍕 Feature
• 🐛 Bug Fix
• 📝 Documentation
• 🧑‍💻 Refactor
• ✅ Test
• 🤖 Build or CI
• ❓ Other (please specify)

Related Issue

• Previously, the project admin role was used to fetch the users list, thinking that one project admin can add another project admin but during project creation we won't have project id to check if the user is project admin or not since to create project they need to be org admin

Describe this PR

• Update role dependency to org_admin in backend to fetch users list
• Passed org id as a query param from frontend

Screenshots

N/A

Alternative Approaches Considered

Did you attempt any other approaches that are not documented in code?

Review Guide

Notes for the reviewer. How to test this change?

Checklist before requesting a review

• 📖 Read the FMTM Contributing Guide: https://github.com/hotosm/fmtm/blob/main/CONTRIBUTING.md
• 📖 Read the HOT Code of Conduct: https://docs.hotosm.org/code-of-conduct
• 👷‍♀️ Create small PRs. In most cases, this will be possible.
• ✅ Provide tests for your changes.
• 📝 Use descriptive commit messages.
• 📗 Update any related documentation and include any relevant screenshots.

[optional] What gif best describes this PR or how it makes you feel?

[spwoodcock]

We need both the capability to access all users on FMTM (admin only), plus also users per project (project manager) I think?

So either we need a separate endpoint for these cases, or we need another way to handle this with one endpoint.

I don't think this change will work for both 😅

[Sujanadh]

We also need to fetch all the users while assigning during project creation. So that would need org admin access. Like you said to fetch all the users by admin, our role management doesn't work even if I am super admin; I would need an org id or project id if the roles are org admin or project admin. I think we need to work around this if he is super admin; he shouldn't have any dependency on org and projects. That being said, it will check for all the users if they are super admin or not, which is not great. Need to rethink a way to allow that.

[spwoodcock]

I would propose we have three endpoints:

• / the GET for the root of the users router makes sense being admin only. Return all user details.
• /usernames?org_id=1 - org admin permission for project creation. Update the response model to only return user ids and usernames to display.
• /roles?project_id=1 - project management, return user ids, usernames, and role (a different response model again)

We can keep the role management the same this way 👍

[Sujanadh]

Updates:

• changed user role back to super admin in /users endpoint
• created new endpoint users/usernames to fetch user id and username to assign project admin : role -> org_admin
• created new endpoint /users/{project_id}/project-users to fetch users from the project and their roles

Response:

/users/usernames

[
  {
    "id": 1,
    "username": "localadmin"
  },
  {
    "id": 20386219,
    "username": "svcfmtm"
  }
]

/users/{project_id}/project-users/

[
  {
    "user_id": 1,
    "project_id": 143,
    "role": "PROJECT_MANAGER"
  }
]

[spwoodcock]

I like this approach for showing unused vars, similar to other languages