def post(self, group_id=None, name=None):
group = Group.get(self.session, group_id, name)
if not group:
return self.notfound()
if not self.current_user.can_manage(group):
return self.forbidden()
form = GroupEditForm(self.request.arguments, obj=group)
if not form.validate():
return self.render("group-edit.html", group=group, form=form, alerts=self.get_form_alerts(form.errors))
group.groupname = form.data["groupname"]
group.description = form.data["description"]
group.canjoin = form.data["canjoin"]
Counter.incr(self.session, "updates")
try:
self.session.commit()
except IntegrityError:
self.session.rollback()
form.groupname.errors.append("{} already exists".format(form.data["groupname"]))
return self.render("group-edit.html", group=group, form=form, alerts=self.get_form_alerts(form.errors))
AuditLog.log(self.session, self.current_user.id, "edit_group", "Edited group.", on_group_id=group.id)
return self.redirect("/groups/{}".format(group.name))
def update_request(session, request, user, new_status, comment):
"""Update a request.
Args:
session(sqlalchemy.orm.session.Session): database session
request(models.PermissionRequest): request to update
user(models.User): user making update
new_status(models.REQUEST_STATUS_CHOICES): new status
comment(str): comment to include with status change
Raises:
grouper.audit.UserNotAuditor in case we're trying to add an audited
permission to a group without auditors
"""
if request.status == new_status:
# nothing to do
return
# make sure the grant can happen
if new_status == "actioned":
if request.permission.audited:
# will raise UserNotAuditor if no auditors are owners of the group
assert_controllers_are_auditors(request.group)
# all rows we add have the same timestamp
now = datetime.utcnow()
# new status change row
permission_status_change = PermissionRequestStatusChange(
request=request,
user_id=user.id,
from_status=request.status,
to_status=new_status,
change_at=now,
).add(session)
session.flush()
# new comment
Comment(
obj_type=OBJ_TYPES_IDX.index("PermissionRequestStatusChange"),
obj_pk=permission_status_change.id,
user_id=user.id,
comment=comment,
created_on=now,
).add(session)
# update permissionRequest status
request.status = new_status
session.flush()
if new_status == "actioned":
# actually grant permission
request.group.grant_permission(request.permission, request.argument)
Counter.incr(session, "updates")
# audit log
AuditLog.log(session, user.id, "update_perm_request",
"updated permission request to status: {}".format(new_status),
on_group_id=request.group_id, on_user_id=request.requester_id)
# send notification
if new_status == "actioned":
subject = "Request for Permission Actioned"
email_template = "permission_request_actioned"
else:
subject = "Request for Permission Cancelled"
email_template = "permission_request_cancelled"
email_context = {
'group_name': request.group.name,
'action_taken_by': user.name,
'reason': comment,
'permission_name': request.permission.name,
'argument': request.argument,
}
send_email(session, [request.requester.name], subject, email_template,
settings, email_context)
