2020-10-22 20:30:35 +02:00
|
|
|
from argparse import ArgumentParser
|
|
|
|
from typing import Any
|
|
|
|
|
|
|
|
from django.core.management.base import CommandError
|
|
|
|
|
2020-12-14 22:02:22 +01:00
|
|
|
from zerver.lib.actions import (
|
|
|
|
do_change_can_create_users,
|
|
|
|
do_change_can_forge_sender,
|
|
|
|
do_change_user_role,
|
|
|
|
)
|
2020-10-22 20:30:35 +02:00
|
|
|
from zerver.lib.management import ZulipBaseCommand
|
|
|
|
from zerver.models import UserProfile
|
|
|
|
|
|
|
|
|
|
|
|
class Command(ZulipBaseCommand):
|
|
|
|
help = """Change role of an existing user in their (own) Realm.
|
|
|
|
|
|
|
|
ONLY perform this on customer request from an authorized person.
|
|
|
|
"""
|
|
|
|
|
|
|
|
def add_arguments(self, parser: ArgumentParser) -> None:
|
|
|
|
parser.add_argument('email', metavar='<email>',
|
|
|
|
help="email of user to change role")
|
|
|
|
parser.add_argument('new_role', metavar='<new_role>',
|
2020-12-14 22:02:22 +01:00
|
|
|
choices=['owner', 'admin', 'member', 'guest', 'can_forge_sender',
|
|
|
|
'can_create_users'],
|
2020-10-22 20:30:35 +02:00
|
|
|
help="new role of the user")
|
|
|
|
parser.add_argument('--revoke',
|
|
|
|
dest='grant',
|
|
|
|
action="store_false",
|
2020-12-14 22:02:22 +01:00
|
|
|
help='Remove can_forge_sender or can_create_users permission.')
|
2020-10-22 20:30:35 +02:00
|
|
|
self.add_realm_args(parser, True)
|
|
|
|
|
|
|
|
def handle(self, *args: Any, **options: Any) -> None:
|
|
|
|
email = options['email']
|
|
|
|
realm = self.get_realm(options)
|
|
|
|
|
|
|
|
user = self.get_user(email, realm)
|
|
|
|
|
|
|
|
user_role_map = {'owner': UserProfile.ROLE_REALM_OWNER,
|
|
|
|
'admin': UserProfile.ROLE_REALM_ADMINISTRATOR,
|
|
|
|
'member': UserProfile.ROLE_MEMBER,
|
|
|
|
'guest': UserProfile.ROLE_GUEST}
|
|
|
|
|
2020-12-14 22:02:22 +01:00
|
|
|
if options['new_role'] not in ['can_forge_sender', 'can_create_users']:
|
2020-10-22 20:30:35 +02:00
|
|
|
new_role = user_role_map[options['new_role']]
|
|
|
|
if not options['grant']:
|
|
|
|
raise CommandError("Revoke not supported with this permission; please specify new role.")
|
|
|
|
if new_role == user.role:
|
|
|
|
raise CommandError("User already has this role.")
|
|
|
|
old_role_name = UserProfile.ROLE_ID_TO_NAME_MAP[user.role]
|
|
|
|
do_change_user_role(user, new_role, acting_user=None)
|
|
|
|
new_role_name = UserProfile.ROLE_ID_TO_NAME_MAP[user.role]
|
|
|
|
print(f"Role for {user.delivery_email} changed from {old_role_name} to {new_role_name}.")
|
2020-12-14 22:02:22 +01:00
|
|
|
return
|
|
|
|
|
|
|
|
if options['new_role'] == 'can_forge_sender':
|
2020-12-20 14:21:42 +01:00
|
|
|
if user.can_forge_sender and options['grant']:
|
|
|
|
raise CommandError("User can already forge messages for this realm.")
|
|
|
|
elif not user.can_forge_sender and not options['grant']:
|
|
|
|
raise CommandError("User can't forge messages for this realm.")
|
|
|
|
do_change_can_forge_sender(user, options['grant'])
|
2020-12-14 22:02:22 +01:00
|
|
|
|
2020-10-22 20:30:35 +02:00
|
|
|
granted_text = "have" if options['grant'] else "not have"
|
|
|
|
print(f"{user.delivery_email} changed to {granted_text} {options['new_role']} permission.")
|
2020-12-14 22:02:22 +01:00
|
|
|
else:
|
|
|
|
if user.can_create_users and options['grant']:
|
|
|
|
raise CommandError("User can already create users for this realm.")
|
|
|
|
elif not user.can_create_users and not options['grant']:
|
|
|
|
raise CommandError("User can't create users for this realm.")
|
|
|
|
do_change_can_create_users(user, options['grant'])
|