mirror of
https://github.com/zulip/zulip.git
synced 2025-11-10 08:56:10 +00:00
365fe0b3d5
Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
72 lines
3.3 KiB
Python
72 lines
3.3 KiB
Python
from argparse import ArgumentParser
|
|
from typing import Any
|
|
|
|
from django.core.management.base import CommandError
|
|
|
|
from zerver.lib.actions import do_change_is_api_super_user, do_change_user_role
|
|
from zerver.lib.management import ZulipBaseCommand
|
|
from zerver.models import UserProfile
|
|
|
|
|
|
class Command(ZulipBaseCommand):
|
|
help = """Give an existing user administrative permissions over their (own) Realm.
|
|
|
|
ONLY perform this on customer request from an authorized person.
|
|
"""
|
|
|
|
def add_arguments(self, parser: ArgumentParser) -> None:
|
|
parser.add_argument('-f', '--for-real',
|
|
dest='ack',
|
|
action="store_true",
|
|
default=False,
|
|
help='Acknowledgement that this is done according to policy.')
|
|
parser.add_argument('--revoke',
|
|
dest='grant',
|
|
action="store_false",
|
|
default=True,
|
|
help='Remove an administrator\'s rights.')
|
|
parser.add_argument('--permission',
|
|
dest='permission',
|
|
action="store",
|
|
default='administer',
|
|
choices=['administer', 'api_super_user'],
|
|
help='Permission to grant/remove.')
|
|
parser.add_argument('email', metavar='<email>', type=str,
|
|
help="email of user to knight")
|
|
self.add_realm_args(parser, True)
|
|
|
|
def handle(self, *args: Any, **options: Any) -> None:
|
|
email = options['email']
|
|
realm = self.get_realm(options)
|
|
|
|
user = self.get_user(email, realm)
|
|
|
|
if options['grant']:
|
|
if (user.is_realm_admin and options['permission'] == "administer" or
|
|
user.is_api_super_user and options['permission'] == "api_super_user"):
|
|
raise CommandError("User already has permission for this realm.")
|
|
else:
|
|
if options['ack']:
|
|
if options['permission'] == "api_super_user":
|
|
do_change_is_api_super_user(user, True)
|
|
elif options['permission'] == "administer":
|
|
do_change_user_role(user, UserProfile.ROLE_REALM_ADMINISTRATOR)
|
|
print("Done!")
|
|
else:
|
|
print("Would have granted {} {} rights for {}".format(
|
|
email, options['permission'], user.realm.string_id))
|
|
else:
|
|
if (user.is_realm_admin and options['permission'] == "administer" or
|
|
user.is_api_super_user and options['permission'] == "api_super_user"):
|
|
if options['ack']:
|
|
if options['permission'] == "api_super_user":
|
|
do_change_is_api_super_user(user, False)
|
|
elif options['permission'] == "administer":
|
|
do_change_user_role(user, UserProfile.ROLE_MEMBER)
|
|
print("Done!")
|
|
else:
|
|
print("Would have removed {}'s {} rights on {}".format(email, options['permission'],
|
|
user.realm.string_id))
|
|
else:
|
|
raise CommandError("User did not have permission for this realm!")
|