2013-06-24 21:42:46 +02:00
|
|
|
from __future__ import absolute_import
|
2015-11-01 17:11:06 +01:00
|
|
|
from __future__ import print_function
|
2013-06-24 21:42:46 +02:00
|
|
|
|
2016-06-04 16:52:18 +02:00
|
|
|
from typing import Any
|
|
|
|
|
|
|
|
|
|
from argparse import ArgumentParser
|
2013-06-24 21:42:46 +02:00
|
|
|
from django.core.management.base import BaseCommand, CommandError
|
|
|
|
|
from django.core.exceptions import ValidationError
|
|
|
|
|
|
2014-01-22 19:27:00 +01:00
|
|
|
from zerver.lib.actions import do_change_is_admin
|
2013-06-24 21:42:46 +02:00
|
|
|
|
2013-11-04 17:22:58 +01:00
|
|
|
from zerver.models import UserProfile
|
2013-06-24 21:42:46 +02:00
|
|
|
|
|
|
|
|
class Command(BaseCommand):
|
|
|
|
|
help = """Give an existing user administrative permissions over their (own) Realm.
|
|
|
|
|
|
|
|
|
|
ONLY perform this on customer request from an authorized person.
|
|
|
|
|
"""
|
|
|
|
|
|
2015-08-21 02:10:41 +02:00
|
|
|
def add_arguments(self, parser):
|
2016-06-04 16:52:18 +02:00
|
|
|
# type: (ArgumentParser) -> None
|
2015-08-21 02:10:41 +02:00
|
|
|
parser.add_argument('-f', '--for-real',
|
|
|
|
|
dest='ack',
|
|
|
|
|
action="store_true",
|
|
|
|
|
default=False,
|
|
|
|
|
help='Acknowledgement that this is done according to policy.')
|
|
|
|
|
parser.add_argument('--revoke',
|
|
|
|
|
dest='grant',
|
|
|
|
|
action="store_false",
|
|
|
|
|
default=True,
|
|
|
|
|
help='Remove an administrator\'s rights.')
|
2015-09-20 19:32:01 +02:00
|
|
|
parser.add_argument('--permission',
|
|
|
|
|
dest='permission',
|
|
|
|
|
action="store",
|
|
|
|
|
default='administer',
|
|
|
|
|
help='Permission to grant/remove.')
|
2015-08-21 02:10:41 +02:00
|
|
|
parser.add_argument('email', metavar='<email>', type=str,
|
|
|
|
|
help="email of user to knight")
|
2013-06-24 21:42:46 +02:00
|
|
|
|
|
|
|
|
def handle(self, *args, **options):
|
2016-06-04 16:52:18 +02:00
|
|
|
# type: (*Any, **Any) -> None
|
2015-08-21 02:10:41 +02:00
|
|
|
email = options['email']
|
2013-06-24 21:42:46 +02:00
|
|
|
try:
|
|
|
|
|
profile = UserProfile.objects.get(email=email)
|
|
|
|
|
except ValidationError:
|
|
|
|
|
raise CommandError("No such user.")
|
2013-06-24 21:57:40 +02:00
|
|
|
|
|
|
|
|
if options['grant']:
|
2015-09-20 19:32:01 +02:00
|
|
|
if profile.has_perm(options['permission'], profile.realm):
|
2013-06-24 21:57:40 +02:00
|
|
|
raise CommandError("User already has permission for this realm.")
|
|
|
|
|
else:
|
2013-06-27 23:42:41 +02:00
|
|
|
if options['ack']:
|
2015-09-20 19:32:01 +02:00
|
|
|
do_change_is_admin(profile, True, permission=options['permission'])
|
2015-11-01 17:11:06 +01:00
|
|
|
print("Done!")
|
2013-06-27 23:42:41 +02:00
|
|
|
else:
|
2016-07-08 18:57:01 +02:00
|
|
|
print("Would have granted %s %s rights for %s" % (
|
2017-03-13 17:44:32 +01:00
|
|
|
email, options['permission'], profile.realm.string_id))
|
2013-06-24 21:42:46 +02:00
|
|
|
else:
|
2015-09-20 19:32:01 +02:00
|
|
|
if profile.has_perm(options['permission'], profile.realm):
|
2013-06-27 23:42:41 +02:00
|
|
|
if options['ack']:
|
2015-09-20 19:32:01 +02:00
|
|
|
do_change_is_admin(profile, False, permission=options['permission'])
|
2015-11-01 17:11:06 +01:00
|
|
|
print("Done!")
|
2013-06-27 23:42:41 +02:00
|
|
|
else:
|
2015-11-01 17:11:06 +01:00
|
|
|
print("Would have removed %s's %s rights on %s" % (email, options['permission'],
|
2017-03-13 17:44:32 +01:00
|
|
|
profile.realm.string_id))
|
2013-06-24 21:57:40 +02:00
|
|
|
else:
|
|
|
|
|
raise CommandError("User did not have permission for this realm!")
|
