def put(self, request, organization, member_id):
try:
om = self._get_member(request, organization, member_id)
except OrganizationMember.DoesNotExist:
raise ResourceDoesNotExist
serializer = OrganizationMemberSerializer(data=request.DATA,
partial=True)
if not serializer.is_valid():
return Response(status=400)
try:
auth_provider = AuthProvider.objects.get(organization=organization)
auth_provider = auth_provider.get_provider()
except AuthProvider.DoesNotExist:
auth_provider = None
result = serializer.object
# XXX(dcramer): if/when this expands beyond reinvite we need to check
# access level
if result.get('reinvite'):
if om.is_pending:
om.send_invite_email()
elif auth_provider and not getattr(om.flags, 'sso:linked'):
om.send_sso_link_email(request.user, auth_provider)
else:
# TODO(dcramer): proper error message
return Response({'detail': ERR_UNINVITABLE}, status=400)
if auth_provider:
sso_enabled.send(organization=organization, sender=request.user)
return Response(status=204)
def put(self, request, organization, member_id):
try:
om = self._get_member(request, organization, member_id)
except OrganizationMember.DoesNotExist:
raise ResourceDoesNotExist
serializer = OrganizationMemberSerializer(data=request.DATA, partial=True)
if not serializer.is_valid():
return Response(status=400)
has_sso = AuthProvider.objects.filter(
organization=organization,
).exists()
result = serializer.object
# XXX(dcramer): if/when this expands beyond reinvite we need to check
# access level
if result.get('reinvite'):
if om.is_pending:
om.send_invite_email()
elif has_sso and not getattr(om.flags, 'sso:linked'):
om.send_sso_link_email()
else:
# TODO(dcramer): proper error message
return Response({'detail': ERR_UNINVITABLE}, status=400)
if has_sso:
sso_enabled.send(organization=organization, sender=request.user)
return Response(status=204)
def test_sso(self):
sso_enabled.send(organization=self.organization,
user=self.user,
provider='google',
sender=type(self.organization))
feature_complete = FeatureAdoption.objects.get_by_slug(
organization=self.organization, slug="sso")
assert feature_complete
def test_sso(self):
sso_enabled.send(
organization=self.organization,
user=self.user,
provider='google',
sender=type(
self.organization))
feature_complete = FeatureAdoption.objects.get_by_slug(
organization=self.organization, slug="sso"
)
assert feature_complete
def put(self, request, organization, member_id):
try:
om = self._get_member(request, organization, member_id)
except OrganizationMember.DoesNotExist:
raise ResourceDoesNotExist
serializer = OrganizationMemberSerializer(data=request.DATA,
partial=True)
if not serializer.is_valid():
return Response(status=400)
try:
auth_provider = AuthProvider.objects.get(organization=organization)
auth_provider = auth_provider.get_provider()
except AuthProvider.DoesNotExist:
auth_provider = None
allowed_roles = None
result = serializer.object
# XXX(dcramer): if/when this expands beyond reinvite we need to check
# access level
if result.get('reinvite'):
if om.is_pending:
if result.get('regenerate'):
if request.access.has_scope('member:admin'):
om.update(token=om.generate_token())
else:
return Response({'detail': ERR_INSUFFICIENT_SCOPE},
status=400)
om.send_invite_email()
elif auth_provider and not getattr(om.flags, 'sso:linked'):
om.send_sso_link_email(request.user, auth_provider)
else:
# TODO(dcramer): proper error message
return Response({'detail': ERR_UNINVITABLE}, status=400)
if auth_provider:
sso_enabled.send(organization=organization, sender=request.user)
if result.get('teams'):
# dupe code from member_index
# ensure listed teams are real teams
teams = list(
Team.objects.filter(
organization=organization,
status=TeamStatus.VISIBLE,
slug__in=result['teams'],
))
if len(set(result['teams'])) != len(teams):
return Response({'teams': 'Invalid team'}, status=400)
with transaction.atomic():
# teams may be empty
OrganizationMemberTeam.objects.filter(
organizationmember=om).delete()
OrganizationMemberTeam.objects.bulk_create([
OrganizationMemberTeam(team=team, organizationmember=om)
for team in teams
])
if result.get('role'):
_, allowed_roles = get_allowed_roles(request, organization)
if not result['role'] in {r.id for r in allowed_roles}:
return Response(
{
'role':
'You do not have permission to invite that role.'
},
status=403)
om.update(role=result['role'])
context = self._serialize_member(om, request, allowed_roles)
return Response(context)
def put(self, request, organization, member_id):
try:
om = self._get_member(request, organization, member_id)
except OrganizationMember.DoesNotExist:
raise ResourceDoesNotExist
serializer = OrganizationMemberSerializer(
data=request.DATA, partial=True)
if not serializer.is_valid():
return Response(status=400)
try:
auth_provider = AuthProvider.objects.get(organization=organization)
auth_provider = auth_provider.get_provider()
except AuthProvider.DoesNotExist:
auth_provider = None
allowed_roles = None
result = serializer.object
# XXX(dcramer): if/when this expands beyond reinvite we need to check
# access level
if result.get('reinvite'):
if om.is_pending:
if result.get('regenerate'):
if request.access.has_scope('member:admin'):
om.update(token=om.generate_token())
else:
return Response({'detail': ERR_INSUFFICIENT_SCOPE}, status=400)
om.send_invite_email()
elif auth_provider and not getattr(om.flags, 'sso:linked'):
om.send_sso_link_email(request.user, auth_provider)
else:
# TODO(dcramer): proper error message
return Response({'detail': ERR_UNINVITABLE}, status=400)
if auth_provider:
sso_enabled.send(organization=organization, sender=request.user)
if result.get('teams'):
# dupe code from member_index
# ensure listed teams are real teams
teams = list(Team.objects.filter(
organization=organization,
status=TeamStatus.VISIBLE,
slug__in=result['teams'],
))
if len(set(result['teams'])) != len(teams):
return Response({'teams': 'Invalid team'}, status=400)
with transaction.atomic():
# teams may be empty
OrganizationMemberTeam.objects.filter(
organizationmember=om).delete()
OrganizationMemberTeam.objects.bulk_create(
[
OrganizationMemberTeam(
team=team, organizationmember=om)
for team in teams
]
)
if result.get('role'):
_, allowed_roles = get_allowed_roles(request, organization)
if not result['role'] in {r.id for r in allowed_roles}:
return Response(
{'role': 'You do not have permission to invite that role.'}, status=403)
om.update(role=result['role'])
context = self._serialize_member(om, request, allowed_roles)
return Response(context)
