mirror of
https://github.com/zulip/zulip.git
synced 2025-11-10 17:07:07 +00:00
2c01354569
This makes management commands more readable, since one doesn't need to know details of how the library works to read based code.
92 lines
3.4 KiB
Python
92 lines
3.4 KiB
Python
from argparse import ArgumentParser
|
|
from typing import Any
|
|
|
|
from django.core.management.base import CommandError
|
|
|
|
from zerver.lib.actions import (
|
|
do_change_can_create_users,
|
|
do_change_can_forge_sender,
|
|
do_change_user_role,
|
|
)
|
|
from zerver.lib.management import ZulipBaseCommand
|
|
from zerver.models import UserProfile
|
|
|
|
|
|
class Command(ZulipBaseCommand):
|
|
help = """Change role of an existing user in their (own) Realm.
|
|
|
|
ONLY perform this on customer request from an authorized person.
|
|
"""
|
|
|
|
def add_arguments(self, parser: ArgumentParser) -> None:
|
|
parser.add_argument("email", metavar="<email>", help="email of user to change role")
|
|
parser.add_argument(
|
|
"new_role",
|
|
metavar="<new_role>",
|
|
choices=[
|
|
"owner",
|
|
"admin",
|
|
"moderator",
|
|
"member",
|
|
"guest",
|
|
"can_forge_sender",
|
|
"can_create_users",
|
|
],
|
|
help="new role of the user",
|
|
)
|
|
parser.add_argument(
|
|
"--revoke",
|
|
dest="grant",
|
|
action="store_false",
|
|
help="Remove can_forge_sender or can_create_users permission.",
|
|
)
|
|
self.add_realm_args(parser, required=True)
|
|
|
|
def handle(self, *args: Any, **options: Any) -> None:
|
|
email = options["email"]
|
|
realm = self.get_realm(options)
|
|
|
|
user = self.get_user(email, realm)
|
|
|
|
user_role_map = {
|
|
"owner": UserProfile.ROLE_REALM_OWNER,
|
|
"admin": UserProfile.ROLE_REALM_ADMINISTRATOR,
|
|
"moderator": UserProfile.ROLE_MODERATOR,
|
|
"member": UserProfile.ROLE_MEMBER,
|
|
"guest": UserProfile.ROLE_GUEST,
|
|
}
|
|
|
|
if options["new_role"] not in ["can_forge_sender", "can_create_users"]:
|
|
new_role = user_role_map[options["new_role"]]
|
|
if not options["grant"]:
|
|
raise CommandError(
|
|
"Revoke not supported with this permission; please specify new role."
|
|
)
|
|
if new_role == user.role:
|
|
raise CommandError("User already has this role.")
|
|
old_role_name = UserProfile.ROLE_ID_TO_NAME_MAP[user.role]
|
|
do_change_user_role(user, new_role, acting_user=None)
|
|
new_role_name = UserProfile.ROLE_ID_TO_NAME_MAP[user.role]
|
|
print(
|
|
f"Role for {user.delivery_email} changed from {old_role_name} to {new_role_name}."
|
|
)
|
|
return
|
|
|
|
if options["new_role"] == "can_forge_sender":
|
|
if user.can_forge_sender and options["grant"]:
|
|
raise CommandError("User can already forge messages for this realm.")
|
|
elif not user.can_forge_sender and not options["grant"]:
|
|
raise CommandError("User can't forge messages for this realm.")
|
|
do_change_can_forge_sender(user, options["grant"])
|
|
|
|
granted_text = "have" if options["grant"] else "not have"
|
|
print(
|
|
f"{user.delivery_email} changed to {granted_text} {options['new_role']} permission."
|
|
)
|
|
else:
|
|
if user.can_create_users and options["grant"]:
|
|
raise CommandError("User can already create users for this realm.")
|
|
elif not user.can_create_users and not options["grant"]:
|
|
raise CommandError("User can't create users for this realm.")
|
|
do_change_can_create_users(user, options["grant"])
|