def post(self, group): if not group and Group.valid_id(group): raise HttpErrorException.bad_request('invalid group id') group = Group.get_by_id(group) if group is None: raise HttpErrorException.bad_request('invalid group id') if not self.json_request.get('username', None): raise HttpErrorException.bad_request('invalid username') user = user_user.User.get_by_id(self.json_request.get('username')) if user is None: raise HttpErrorException.bad_request('invalid username') if not self.user.is_admin and not group.is_admin(self.user): lr = tt_logging.construct_log( msg_short='Non-Admin User Tried To Give Group Admin', msg='User (%s) tried to give User (%s) group admin for group (%s)Request:' '%s' % (self.user.key.id(), user.key.id(), group.key.id(), str(self.request)), log_type=tt_logging.SECURITY, request_user=self.user, affected_user=user, artifact=group, request=self.request ) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() is_group_admin = self.json_request.get('is_group_admin') if is_group_admin is None: raise HttpErrorException.bad_request('no group settings') if is_group_admin: if user.key not in group.admins: group.admins.append(user.key) group.put() lr = tt_logging.construct_log( msg_short='User was set a group admin', log_type=tt_logging.USER, request_user=self.user, affected_user=user, artifact=group, request=self.request ) log.info(lr['dict_msg']['msg'], extra=lr) else: if user.key in group.admins: group.admins.remove(user.key) group.put() lr = tt_logging.construct_log( msg_short='User was removed as group admin', log_type=tt_logging.USER, request_user=self.user, affected_user=user, artifact=group, request=self.request ) log.info(lr['dict_msg']['msg'], extra=lr)
def delete(self, group): if not group and not Group.valid_id(group): raise HttpErrorException.bad_request('invalid group id') group = Group.get_by_id(group) if not group: raise HttpErrorException.bad_request('invalid group id') group.delete(self) users = user_user.User.get_all_users( organization=group.organization.get(), to_dict=False, request_user=self.user, request=self ) mod_users = [] for user in users: if group.key in user.groups: user.groups.remove(group.key) mod_users.append(user) ndb.put_multi(mod_users)