2017-11-16 00:43:27 +01:00
|
|
|
from argparse import ArgumentParser
|
2016-06-04 16:52:18 +02:00
|
|
|
from typing import Any
|
|
|
|
|
2017-08-07 20:32:44 +02:00
|
|
|
from django.core.management.base import CommandError
|
2013-06-24 21:42:46 +02:00
|
|
|
|
2020-06-11 00:54:34 +02:00
|
|
|
from zerver.lib.actions import do_change_is_api_super_user, do_change_user_role
|
2017-08-07 20:32:44 +02:00
|
|
|
from zerver.lib.management import ZulipBaseCommand
|
2020-05-21 00:13:06 +02:00
|
|
|
from zerver.models import UserProfile
|
2013-06-24 21:42:46 +02:00
|
|
|
|
2020-01-14 21:59:46 +01:00
|
|
|
|
2017-08-07 20:32:44 +02:00
|
|
|
class Command(ZulipBaseCommand):
|
2013-06-24 21:42:46 +02:00
|
|
|
help = """Give an existing user administrative permissions over their (own) Realm.
|
|
|
|
|
|
|
|
ONLY perform this on customer request from an authorized person.
|
|
|
|
"""
|
|
|
|
|
2017-10-26 11:35:57 +02:00
|
|
|
def add_arguments(self, parser: ArgumentParser) -> None:
|
2015-08-21 02:10:41 +02:00
|
|
|
parser.add_argument('-f', '--for-real',
|
|
|
|
dest='ack',
|
|
|
|
action="store_true",
|
|
|
|
help='Acknowledgement that this is done according to policy.')
|
|
|
|
parser.add_argument('--revoke',
|
|
|
|
dest='grant',
|
|
|
|
action="store_false",
|
|
|
|
help='Remove an administrator\'s rights.')
|
2015-09-20 19:32:01 +02:00
|
|
|
parser.add_argument('--permission',
|
|
|
|
default='administer',
|
python: Use trailing commas consistently.
Automatically generated by the following script, based on the output
of lint with flake8-comma:
import re
import sys
last_filename = None
last_row = None
lines = []
for msg in sys.stdin:
m = re.match(
r"\x1b\[35mflake8 \|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg
)
if m:
filename, row_str, col_str, err = m.groups()
row, col = int(row_str), int(col_str)
if filename == last_filename:
assert last_row != row
else:
if last_filename is not None:
with open(last_filename, "w") as f:
f.writelines(lines)
with open(filename) as f:
lines = f.readlines()
last_filename = filename
last_row = row
line = lines[row - 1]
if err in ["C812", "C815"]:
lines[row - 1] = line[: col - 1] + "," + line[col - 1 :]
elif err in ["C819"]:
assert line[col - 2] == ","
lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ")
if last_filename is not None:
with open(last_filename, "w") as f:
f.writelines(lines)
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-10 05:23:40 +02:00
|
|
|
choices=['administer', 'api_super_user'],
|
2015-09-20 19:32:01 +02:00
|
|
|
help='Permission to grant/remove.')
|
2020-09-02 21:24:05 +02:00
|
|
|
parser.add_argument('email', metavar='<email>',
|
2015-08-21 02:10:41 +02:00
|
|
|
help="email of user to knight")
|
2017-08-07 20:32:44 +02:00
|
|
|
self.add_realm_args(parser, True)
|
2013-06-24 21:42:46 +02:00
|
|
|
|
2017-10-26 11:35:57 +02:00
|
|
|
def handle(self, *args: Any, **options: Any) -> None:
|
2015-08-21 02:10:41 +02:00
|
|
|
email = options['email']
|
2017-08-07 20:32:44 +02:00
|
|
|
realm = self.get_realm(options)
|
|
|
|
|
2019-07-08 22:42:05 +02:00
|
|
|
user = self.get_user(email, realm)
|
2013-06-24 21:57:40 +02:00
|
|
|
|
|
|
|
if options['grant']:
|
2019-07-08 22:43:54 +02:00
|
|
|
if (user.is_realm_admin and options['permission'] == "administer" or
|
|
|
|
user.is_api_super_user and options['permission'] == "api_super_user"):
|
2013-06-24 21:57:40 +02:00
|
|
|
raise CommandError("User already has permission for this realm.")
|
|
|
|
else:
|
2013-06-27 23:42:41 +02:00
|
|
|
if options['ack']:
|
2020-05-21 00:13:06 +02:00
|
|
|
if options['permission'] == "api_super_user":
|
|
|
|
do_change_is_api_super_user(user, True)
|
|
|
|
elif options['permission'] == "administer":
|
2020-06-29 15:07:10 +02:00
|
|
|
do_change_user_role(user, UserProfile.ROLE_REALM_ADMINISTRATOR, acting_user=None)
|
2015-11-01 17:11:06 +01:00
|
|
|
print("Done!")
|
2013-06-27 23:42:41 +02:00
|
|
|
else:
|
2020-06-10 06:41:04 +02:00
|
|
|
print("Would have granted {} {} rights for {}".format(
|
2019-07-08 22:42:05 +02:00
|
|
|
email, options['permission'], user.realm.string_id))
|
2013-06-24 21:42:46 +02:00
|
|
|
else:
|
2019-07-08 22:43:54 +02:00
|
|
|
if (user.is_realm_admin and options['permission'] == "administer" or
|
|
|
|
user.is_api_super_user and options['permission'] == "api_super_user"):
|
2013-06-27 23:42:41 +02:00
|
|
|
if options['ack']:
|
2020-05-21 00:13:06 +02:00
|
|
|
if options['permission'] == "api_super_user":
|
|
|
|
do_change_is_api_super_user(user, False)
|
|
|
|
elif options['permission'] == "administer":
|
2020-06-29 15:07:10 +02:00
|
|
|
do_change_user_role(user, UserProfile.ROLE_MEMBER, acting_user=None)
|
2015-11-01 17:11:06 +01:00
|
|
|
print("Done!")
|
2013-06-27 23:42:41 +02:00
|
|
|
else:
|
2020-06-10 06:41:04 +02:00
|
|
|
print("Would have removed {}'s {} rights on {}".format(email, options['permission'],
|
|
|
|
user.realm.string_id))
|
2013-06-24 21:57:40 +02:00
|
|
|
else:
|
|
|
|
raise CommandError("User did not have permission for this realm!")
|