zulip/zerver/management/commands/knight.py

from argparse import ArgumentParser
from typing import Any

from django.core.management.base import CommandError

from zerver.lib.actions import do_change_user_role, do_change_is_api_super_user
from zerver.lib.management import ZulipBaseCommand
from zerver.models import UserProfile


class Command(ZulipBaseCommand):
    help = """Give an existing user administrative permissions over their (own) Realm.

ONLY perform this on customer request from an authorized person.
"""

    def add_arguments(self, parser: ArgumentParser) -> None:
        parser.add_argument('-f', '--for-real',
                            dest='ack',
                            action="store_true",
                            default=False,
                            help='Acknowledgement that this is done according to policy.')
        parser.add_argument('--revoke',
                            dest='grant',
                            action="store_false",
                            default=True,
                            help='Remove an administrator\'s rights.')
        parser.add_argument('--permission',
                            dest='permission',
                            action="store",
                            default='administer',
                            choices=['administer', 'api_super_user'],
                            help='Permission to grant/remove.')
        parser.add_argument('email', metavar='<email>', type=str,
                            help="email of user to knight")
        self.add_realm_args(parser, True)

    def handle(self, *args: Any, **options: Any) -> None:
        email = options['email']
        realm = self.get_realm(options)

        user = self.get_user(email, realm)

        if options['grant']:
            if (user.is_realm_admin and options['permission'] == "administer" or
                    user.is_api_super_user and options['permission'] == "api_super_user"):
                raise CommandError("User already has permission for this realm.")
            else:
                if options['ack']:
                    if options['permission'] == "api_super_user":
                        do_change_is_api_super_user(user, True)
                    elif options['permission'] == "administer":
                        do_change_user_role(user, UserProfile.ROLE_REALM_ADMINISTRATOR)
                    print("Done!")
                else:
                    print("Would have granted {} {} rights for {}".format(
                          email, options['permission'], user.realm.string_id))
        else:
            if (user.is_realm_admin and options['permission'] == "administer" or
                    user.is_api_super_user and options['permission'] == "api_super_user"):
                if options['ack']:
                    if options['permission'] == "api_super_user":
                        do_change_is_api_super_user(user, False)
                    elif options['permission'] == "administer":
                        do_change_user_role(user, UserProfile.ROLE_MEMBER)
                    print("Done!")
                else:
                    print("Would have removed {}'s {} rights on {}".format(email, options['permission'],
                                                                           user.realm.string_id))
            else:
                raise CommandError("User did not have permission for this realm!")
python: Sort imports in management commands. 2017-11-16 00:43:27 +01:00			`from argparse import ArgumentParser`
Annotate most Zulip management commands. 2016-06-04 16:52:18 +02:00			`from typing import Any`

management: Use self.get_user in knight command. 2017-08-07 20:32:44 +02:00			`from django.core.management.base import CommandError`
Add a management command to create realm administrators. (imported from commit ab2dd580a206f29086c0d5a4e717c1bfd65a7435) 2013-06-24 21:42:46 +02:00
actions: Merge do_change_is_admin and do_change_is_guest. This commit merges do_change_is_admin and do_change_is_guest to a single function do_change_user_role which will be used for changing role of users. do_change_is_api_super_user is added as a separate function for changing is_api_super_user field of UserProfile. 2020-05-21 00:13:06 +02:00			`from zerver.lib.actions import do_change_user_role, do_change_is_api_super_user`
management: Use self.get_user in knight command. 2017-08-07 20:32:44 +02:00			`from zerver.lib.management import ZulipBaseCommand`
actions: Merge do_change_is_admin and do_change_is_guest. This commit merges do_change_is_admin and do_change_is_guest to a single function do_change_user_role which will be used for changing role of users. do_change_is_api_super_user is added as a separate function for changing is_api_super_user field of UserProfile. 2020-05-21 00:13:06 +02:00			`from zerver.models import UserProfile`
Add a management command to create realm administrators. (imported from commit ab2dd580a206f29086c0d5a4e717c1bfd65a7435) 2013-06-24 21:42:46 +02:00
python: Sort migrations/management command imports with isort. This is a preparatory commit for using isort for sorting all of our imports, merging changes to files where we can easily review the changes as something we're happy with. These are also files with relatively little active development, which means we don't expect much merge conflict risk from these changes. 2020-01-14 21:59:46 +01:00
management: Use self.get_user in knight command. 2017-08-07 20:32:44 +02:00			`class Command(ZulipBaseCommand):`
Add a management command to create realm administrators. (imported from commit ab2dd580a206f29086c0d5a4e717c1bfd65a7435) 2013-06-24 21:42:46 +02:00			`help = """Give an existing user administrative permissions over their (own) Realm.`

			`ONLY perform this on customer request from an authorized person.`
			`"""`

zerver/management: Use python 3 syntax for typing. 2017-10-26 11:35:57 +02:00			`def add_arguments(self, parser: ArgumentParser) -> None:`
Django 1.8: declare positional arguments in management commands (imported from commit d9efca1376de92c8187d25f546c79fece8d2d8c6) 2015-08-21 02:10:41 +02:00			`parser.add_argument('-f', '--for-real',`
			`dest='ack',`
			`action="store_true",`
			`default=False,`
			`help='Acknowledgement that this is done according to policy.')`
			`parser.add_argument('--revoke',`
			`dest='grant',`
			`action="store_false",`
			`default=True,`
			`help='Remove an administrator\'s rights.')`
Move API super users configuration into the database. (imported from commit 3cc702f93e7252b42930dba4bde93a915b6dbf44) 2015-09-20 19:32:01 +02:00			`parser.add_argument('--permission',`
			`dest='permission',`
			`action="store",`
			`default='administer',`
python: Use trailing commas consistently. Automatically generated by the following script, based on the output of lint with flake8-comma: import re import sys last_filename = None last_row = None lines = [] for msg in sys.stdin: m = re.match( r"\x1b\[35mflake8 \\|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg ) if m: filename, row_str, col_str, err = m.groups() row, col = int(row_str), int(col_str) if filename == last_filename: assert last_row != row else: if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) with open(filename) as f: lines = f.readlines() last_filename = filename last_row = row line = lines[row - 1] if err in ["C812", "C815"]: lines[row - 1] = line[: col - 1] + "," + line[col - 1 :] elif err in ["C819"]: assert line[col - 2] == "," lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ") if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2020-04-10 05:23:40 +02:00			`choices=['administer', 'api_super_user'],`
Move API super users configuration into the database. (imported from commit 3cc702f93e7252b42930dba4bde93a915b6dbf44) 2015-09-20 19:32:01 +02:00			`help='Permission to grant/remove.')`
Django 1.8: declare positional arguments in management commands (imported from commit d9efca1376de92c8187d25f546c79fece8d2d8c6) 2015-08-21 02:10:41 +02:00			`parser.add_argument('email', metavar='<email>', type=str,`
			`help="email of user to knight")`
management: Use self.get_user in knight command. 2017-08-07 20:32:44 +02:00			`self.add_realm_args(parser, True)`
Add a management command to create realm administrators. (imported from commit ab2dd580a206f29086c0d5a4e717c1bfd65a7435) 2013-06-24 21:42:46 +02:00
zerver/management: Use python 3 syntax for typing. 2017-10-26 11:35:57 +02:00			`def handle(self, args: Any, *options: Any) -> None:`
Django 1.8: declare positional arguments in management commands (imported from commit d9efca1376de92c8187d25f546c79fece8d2d8c6) 2015-08-21 02:10:41 +02:00			`email = options['email']`
management: Use self.get_user in knight command. 2017-08-07 20:32:44 +02:00			`realm = self.get_realm(options)`

management: Clean up a variable name in knight. 2019-07-08 22:42:05 +02:00			`user = self.get_user(email, realm)`
Add a parameter to knight.py to remove user rights. (imported from commit 4527955f688298ba56296e9f24d42e33f7d04948) 2013-06-24 21:57:40 +02:00
			`if options['grant']:`
management: Fix obsolete check for double-adding a permission. The .has_perm logic in this management command dates from use of django-guardian that ended years ago. 2019-07-08 22:43:54 +02:00			`if (user.is_realm_admin and options['permission'] == "administer" or`
			`user.is_api_super_user and options['permission'] == "api_super_user"):`
Add a parameter to knight.py to remove user rights. (imported from commit 4527955f688298ba56296e9f24d42e33f7d04948) 2013-06-24 21:57:40 +02:00			`raise CommandError("User already has permission for this realm.")`
			`else:`
knight should dry-run unless you specify -f (imported from commit fd0e5af1d941c6fadcbc14ff7f86f71a170a503e) 2013-06-27 23:42:41 +02:00			`if options['ack']:`
actions: Merge do_change_is_admin and do_change_is_guest. This commit merges do_change_is_admin and do_change_is_guest to a single function do_change_user_role which will be used for changing role of users. do_change_is_api_super_user is added as a separate function for changing is_api_super_user field of UserProfile. 2020-05-21 00:13:06 +02:00			`if options['permission'] == "api_super_user":`
			`do_change_is_api_super_user(user, True)`
			`elif options['permission'] == "administer":`
			`do_change_user_role(user, UserProfile.ROLE_REALM_ADMINISTRATOR)`
Apply Python 3 futurize transform libfuturize.fixes.fix_print_with_import. 2015-11-01 17:11:06 +01:00			`print("Done!")`
knight should dry-run unless you specify -f (imported from commit fd0e5af1d941c6fadcbc14ff7f86f71a170a503e) 2013-06-27 23:42:41 +02:00			`else:`
python: Convert percent formatting to Python 3.6 f-strings. Generated by pyupgrade --py36-plus. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-10 06:41:04 +02:00			`print("Would have granted {} {} rights for {}".format(`
management: Clean up a variable name in knight. 2019-07-08 22:42:05 +02:00			`email, options['permission'], user.realm.string_id))`
Add a management command to create realm administrators. (imported from commit ab2dd580a206f29086c0d5a4e717c1bfd65a7435) 2013-06-24 21:42:46 +02:00			`else:`
management: Fix obsolete check for double-adding a permission. The .has_perm logic in this management command dates from use of django-guardian that ended years ago. 2019-07-08 22:43:54 +02:00			`if (user.is_realm_admin and options['permission'] == "administer" or`
			`user.is_api_super_user and options['permission'] == "api_super_user"):`
knight should dry-run unless you specify -f (imported from commit fd0e5af1d941c6fadcbc14ff7f86f71a170a503e) 2013-06-27 23:42:41 +02:00			`if options['ack']:`
actions: Merge do_change_is_admin and do_change_is_guest. This commit merges do_change_is_admin and do_change_is_guest to a single function do_change_user_role which will be used for changing role of users. do_change_is_api_super_user is added as a separate function for changing is_api_super_user field of UserProfile. 2020-05-21 00:13:06 +02:00			`if options['permission'] == "api_super_user":`
			`do_change_is_api_super_user(user, False)`
			`elif options['permission'] == "administer":`
			`do_change_user_role(user, UserProfile.ROLE_MEMBER)`
Apply Python 3 futurize transform libfuturize.fixes.fix_print_with_import. 2015-11-01 17:11:06 +01:00			`print("Done!")`
knight should dry-run unless you specify -f (imported from commit fd0e5af1d941c6fadcbc14ff7f86f71a170a503e) 2013-06-27 23:42:41 +02:00			`else:`
python: Convert percent formatting to Python 3.6 f-strings. Generated by pyupgrade --py36-plus. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-10 06:41:04 +02:00			`print("Would have removed {}'s {} rights on {}".format(email, options['permission'],`
			`user.realm.string_id))`
Add a parameter to knight.py to remove user rights. (imported from commit 4527955f688298ba56296e9f24d42e33f7d04948) 2013-06-24 21:57:40 +02:00			`else:`
			`raise CommandError("User did not have permission for this realm!")`