def cancel_user_request(self, user_request, reason, authorization):
# type: (UserGroupRequest, str, Authorization) -> None
now = datetime.utcnow()
request = Request.get(self.session, id=user_request.id)
if not request:
raise UserGroupRequestNotFoundException(request)
actor = User.get(self.session, name=authorization.actor)
if not actor:
raise UserNotFoundException(authorization.actor)
request_status_change = RequestStatusChange(
request=request,
user_id=actor.id,
from_status=request.status,
to_status="cancelled",
change_at=now,
).add(self.session)
request.status = "cancelled"
self.session.flush()
Comment(
obj_type=OBJ_TYPES["RequestStatusChange"],
obj_pk=request_status_change.id,
user_id=actor.id,
comment=reason,
created_on=now,
).add(self.session)
def mark_disabled_user_as_service_account(self,
name,
description="",
mdbset=""):
# type: (str, str, str) -> None
"""Transform a disabled user into a disabled, ownerless service account.
WARNING: This function encodes the fact that the user and service account repos
are in fact the same thing, as it assumes that a service account is just a user
that is marked in a special way. This is a temporary breaking of the abstractions
and will have to be cleaned up once the repositories are properly separate.
"""
user = SQLUser.get(self.session, name=name)
if not user:
raise UserNotFoundException(name)
service_account = SQLServiceAccount(user_id=user.id,
description=description,
machine_set=mdbset)
service_account.add(self.session)
user.is_service_account = True
def _id_for_user(self, user):
# type: (str) -> int
user_obj = User.get(self.session, name=user)
if not user_obj:
raise UserNotFoundException(user)
return user_obj.id
def user_is_enabled(self, name):
# type: (str) -> bool
user = SQLUser.get(self.session, name=name)
if not user:
raise UserNotFoundException(name)
return user.enabled
def disable_user(self, name):
# type: (str) -> None
user = SQLUser.get(self.session, name=name)
if not user:
raise UserNotFoundException(name)
user.enabled = False