def change(self, user_id, new_role): # FIXME CHECK RIGHTS user_id = int(user_id) new_role_id = int(new_role) role_api = RoleApi(tg.tmpl_context.current_user) role = role_api.get_one(user_id, tg.tmpl_context.workspace_id) if tmpl_context.current_user.profile.id < Group.TIM_ADMIN and tmpl_context.current_user.user_id == user_id: tg.flash(_('You can\'t change your own role'), CST.STATUS_ERROR) tg.redirect( self.parent_controller.url(tg.tmpl_context.workspace_id)) if new_role_id not in role_api.ALL_ROLE_VALUES: tg.flash(_('Unknown role'), CST.STATUS_ERROR) tg.redirect( self.parent_controller.url(tg.tmpl_context.workspace_id)) return if new_role_id == role.role: tg.flash(_('No change found.'), CST.STATUS_ERROR) tg.redirect( self.parent_controller.url(tg.tmpl_context.workspace_id)) return role.role = new_role_id role_api.save(role) tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id))
def post_delete(self, user_id): user_id = int(user_id) role_api = RoleApi(tg.tmpl_context.current_user) role = role_api.get_one(user_id, tg.tmpl_context.workspace_id) username = role.user.get_display_name() undo_url = self.url(user_id, 'undelete', dict(old_role=role.role)) if tmpl_context.current_user.profile.id<Group.TIM_ADMIN and tmpl_context.current_user.user_id==user_id: tg.flash(_('You can\'t remove yourself from this workgroup'), CST.STATUS_ERROR) tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id)) role_api.delete_one(user_id, tg.tmpl_context.workspace_id, True) tg.flash(_('User {} removed. You can <a class="alert-link" href="{}">restore it</a>').format(username, undo_url), CST.STATUS_OK, no_escape=True) tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id))
def change(self, user_id, new_role): # FIXME CHECK RIGHTS user_id = int(user_id) new_role_id = int(new_role) role_api = RoleApi(tg.tmpl_context.current_user) role = role_api.get_one(user_id, tg.tmpl_context.workspace_id) if tmpl_context.current_user.profile.id<Group.TIM_ADMIN and tmpl_context.current_user.user_id==user_id: tg.flash(_('You can\'t change your own role'), CST.STATUS_ERROR) tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id)) if new_role_id not in role_api.ALL_ROLE_VALUES: tg.flash(_('Unknown role'), CST.STATUS_ERROR) tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id)) return if new_role_id==role.role: tg.flash(_('No change found.'), CST.STATUS_ERROR) tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id)) return role.role = new_role_id role_api.save(role) tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id))