+
+interface AddGroupMemberArgs {
+ user: { uuid: string, name: string };
+ group: { uuid: string, name: string };
+ dispatch: Dispatch;
+ permissionService: PermissionService;
+}
+
+/**
+ * Group membership is determined by whether the group has can_read permission on an object.
+ * If a group G can_read an object A, then we say A is a member of G.
+ *
+ * [Permission model docs](https://doc.arvados.org/api/permission-model.html)
+ */
+export const addGroupMember = async ({ user, group, ...args }: AddGroupMemberArgs) => {
+ await createPermission({
+ head: { ...group },
+ tail: { ...user },
+ permissionLevel: PermissionLevel.CAN_READ,
+ ...args,
+ });
+};
+
+interface CreatePermissionLinkArgs {
+ head: { uuid: string, name: string };
+ tail: { uuid: string, name: string };
+ permissionLevel: PermissionLevel;
+ dispatch: Dispatch;
+ permissionService: PermissionService;
+}
+
+const createPermission = async ({ head, tail, permissionLevel, dispatch, permissionService }: CreatePermissionLinkArgs) => {
+ try {
+ await permissionService.create({
+ tailUuid: tail.uuid,
+ headUuid: head.uuid,
+ name: permissionLevel,
+ });
+ } catch (e) {
+ dispatch(snackbarActions.OPEN_SNACKBAR({
+ message: `Could not add ${tail.name} -> ${head.name} relation`,
+ kind: SnackbarKind.ERROR,
+ }));
+ }
+};
+
+interface DeleteGroupMemberArgs {
+ link: { uuid: string };
+ dispatch: Dispatch;
+ permissionService: PermissionService;
+}
+
+export const deleteGroupMember = async ({ link, ...args }: DeleteGroupMemberArgs) => {
+ await deletePermission({
+ uuid: link.uuid,
+ ...args,
+ });
+};
+
+interface DeletePermissionLinkArgs {
+ uuid: string;
+ dispatch: Dispatch;
+ permissionService: PermissionService;
+}
+
+export const deletePermission = async ({ uuid, dispatch, permissionService }: DeletePermissionLinkArgs) => {
+ try {
+ const permissionsResponse = await permissionService.list({
+ filters: new FilterBuilder()
+ .addEqual('uuid', uuid)
+ .getFilters()
+ });
+ const [permission] = permissionsResponse.items;
+ if (permission) {
+ await permissionService.delete(permission.uuid);
+ } else {
+ throw new Error('Permission not found');
+ }
+ } catch (e) {
+ dispatch(snackbarActions.OPEN_SNACKBAR({
+ message: `Could not delete ${uuid} permission`,
+ kind: SnackbarKind.ERROR,
+ }));
+ }
+};