def org_add_user(user, org_id_slug, user_email):
if not user.admin:
raise AuthError(
'You must be an admin to add a user to an Org.')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
if not org:
raise NotFoundError(
'This Org does not exist.')
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
'You are not allowed to edit this Org.')
# localize
localize(org)
# get this new user by id / email
new_org_user = fetch_by_id_or_field(User, 'email', user_email)
# get the form.
req_data = request_data()
email = req_data.get('email')
name = req_data.get('name')
admin = req_data.get('admin', False)
password = req_data.get('password')
if email and not mail.validate(email):
raise RequestError(
'{} is an invalid email address.'
.format(email))
# insert
if not new_org_user:
if not all([email, password, name]):
raise RequestError(
'An email, password, and name are required to create a User.')
new_org_user = User(
email=email,
password=password,
name=name,
admin=admin)
org.users.append(new_org_user)
db.session.add(org)
# ensure the active user can edit this Org
elif new_org_user.id not in org.user_ids:
raise ForbiddenError(
"You are not allowed to access this Org.")
# update
if name:
new_org_user.name = name
if email:
new_org_user.email = email
if admin:
new_org_user.admin = admin
if password:
new_org_user.set_password(password)
new_org_user.admin = admin
db.session.add(new_org_user)
db.session.commit()
return jsonify(new_org_user)
def org_add_user(user, org_id, user_email):
if not user.admin:
raise AuthError('You must be an admin to add a user to an Org.')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id)
if not org:
raise NotFoundError('Org {} does not exist.'.format(org_id))
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError('You are not allowed to edit this Org.')
# localize
localize(org)
# get this new user by id / email
new_org_user = fetch_by_id_or_field(User, 'email', user_email)
# get the form.
req_data = request_data()
email = req_data.get('email')
name = req_data.get('name')
admin = req_data.get('admin', False)
password = req_data.get('password')
if email and not mail.validate(email):
raise RequestError('{} is an invalid email address.'.format(email))
# insert
if not new_org_user:
if not all([email, password, name]):
raise RequestError(
'An email, password, and name are required to create a User.')
new_org_user = User(email=email,
password=password,
name=name,
admin=admin)
org.users.append(new_org_user)
db.session.add(org)
# ensure the active user can edit this Org
elif new_org_user.id not in org.user_ids:
raise ForbiddenError("You are not allowed to access this Org.")
# update
if name:
new_org_user.name = name
if email:
new_org_user.email = email
if admin:
new_org_user.admin = admin
if password:
new_org_user.set_password(password)
new_org_user.admin = admin
db.session.add(new_org_user)
db.session.commit()
return jsonify(new_org_user)
