def org_add_user(user, org_id_slug, user_email): if not user.admin: raise AuthError( 'You must be an admin to add a user to an Org.') # fetch org org = fetch_by_id_or_field(Org, 'slug', org_id_slug) if not org: raise NotFoundError( 'This Org does not exist.') # ensure the active user can edit this Org if user.id not in org.user_ids: raise ForbiddenError( 'You are not allowed to edit this Org.') # localize localize(org) # get this new user by id / email new_org_user = fetch_by_id_or_field(User, 'email', user_email) # get the form. req_data = request_data() email = req_data.get('email') name = req_data.get('name') admin = req_data.get('admin', False) password = req_data.get('password') if email and not mail.validate(email): raise RequestError( '{} is an invalid email address.' .format(email)) # insert if not new_org_user: if not all([email, password, name]): raise RequestError( 'An email, password, and name are required to create a User.') new_org_user = User( email=email, password=password, name=name, admin=admin) org.users.append(new_org_user) db.session.add(org) # ensure the active user can edit this Org elif new_org_user.id not in org.user_ids: raise ForbiddenError( "You are not allowed to access this Org.") # update if name: new_org_user.name = name if email: new_org_user.email = email if admin: new_org_user.admin = admin if password: new_org_user.set_password(password) new_org_user.admin = admin db.session.add(new_org_user) db.session.commit() return jsonify(new_org_user)
def org_add_user(user, org_id, user_email): if not user.admin: raise AuthError('You must be an admin to add a user to an Org.') # fetch org org = fetch_by_id_or_field(Org, 'slug', org_id) if not org: raise NotFoundError('Org {} does not exist.'.format(org_id)) # ensure the active user can edit this Org if user.id not in org.user_ids: raise ForbiddenError('You are not allowed to edit this Org.') # localize localize(org) # get this new user by id / email new_org_user = fetch_by_id_or_field(User, 'email', user_email) # get the form. req_data = request_data() email = req_data.get('email') name = req_data.get('name') admin = req_data.get('admin', False) password = req_data.get('password') if email and not mail.validate(email): raise RequestError('{} is an invalid email address.'.format(email)) # insert if not new_org_user: if not all([email, password, name]): raise RequestError( 'An email, password, and name are required to create a User.') new_org_user = User(email=email, password=password, name=name, admin=admin) org.users.append(new_org_user) db.session.add(org) # ensure the active user can edit this Org elif new_org_user.id not in org.user_ids: raise ForbiddenError("You are not allowed to access this Org.") # update if name: new_org_user.name = name if email: new_org_user.email = email if admin: new_org_user.admin = admin if password: new_org_user.set_password(password) new_org_user.admin = admin db.session.add(new_org_user) db.session.commit() return jsonify(new_org_user)