def update_role(org_id, user_id, new_role):
current_role = permission_model.get_role(user_id, org_id)
if not (permission_model.permitted(g.user, org_id, PermissionTags.EDIT_USER) and
permission_model.role_gte(g.user, org_id, current_role) and
permission_model.role_gte(g.user, org_id, new_role)):
raise InsufficientPermission()
permission_model.set_role(user_id, org_id, new_role)
return Response(status=204)
def kick_user(org_id, user_id):
if not permission_model.permitted(g.user, org_id, PermissionTags.EDIT_USER):
raise InsufficientPermission()
if org_model.has_user(org_id, user_id):
role = permission_model.get_role(user_id, org_id)
if not permission_model.role_gte(g.user, org_id, role):
raise InsufficientPermission()
org_model.remove_user(org_id, user_id)
events.mediator('kick', user_id=user_id, org_id=org_id)
else:
user_model.remove_from_waiting_list(user_id, org_id)
return Response(status=204)
def add_user_to_org(org_id, username):
role = request.form['role']
if not (permission_model.permitted(g.user, org_id, PermissionTags.EDIT_USER) and
permission_model.role_gte(g.user, org_id, role)):
raise InsufficientPermission()
user_id = user_model.id_from('email', username)
if user_id:
org_model.add_user(org_id, user_id, role=role)
events.mediator('added_to_project', email=username, project=org_id)
else:
# Add user to waiting list
user_model.add_to_waiting_list(username, org_id, role)
events.mediator('invite', email=username, org_id=org_id)
org = org_model.get(org_id)
return Response(json.dumps(org), status=200, content_type='application/json')
