def update_user_backend(
request: HttpRequest,
user_profile: UserProfile,
user_id: int,
full_name: Optional[str] = REQ(default="", validator=check_string),
is_admin: Optional[bool] = REQ(default=None, validator=check_bool),
is_guest: Optional[bool] = REQ(default=None, validator=check_bool),
profile_data: List[Dict[str, Union[int, str, List[int]]]] = REQ(
default=None, validator=check_list(check_dict([('id', check_int)])))
) -> HttpResponse:
target = access_user_by_id(user_profile,
user_id,
allow_deactivated=True,
allow_bots=True)
# Historically, UserProfile had two fields, is_guest and is_realm_admin.
# This condition protected against situations where update_user_backend
# could cause both is_guest and is_realm_admin to be set.
# Once we update the frontend to just send a 'role' value, we can remove this check.
if (((is_guest is None and target.is_guest) or is_guest)
and ((is_admin is None and target.is_realm_admin) or is_admin)):
return json_error(_("Guests cannot be organization administrators"))
if is_admin is not None and target.is_realm_admin != is_admin:
if not is_admin and check_last_admin(user_profile):
return json_error(
_('Cannot remove the only organization administrator'))
do_change_is_admin(target, is_admin)
if is_guest is not None and target.is_guest != is_guest:
do_change_is_guest(target, is_guest)
if (full_name is not None and target.full_name != full_name
and full_name.strip() != ""):
# We don't respect `name_changes_disabled` here because the request
# is on behalf of the administrator.
check_change_full_name(target, full_name, user_profile)
if profile_data is not None:
clean_profile_data = []
for entry in profile_data:
if not entry["value"]:
field_id = entry["id"]
check_remove_custom_profile_field_value(target, field_id)
else:
clean_profile_data.append(entry)
validate_user_custom_profile_data(target.realm.id, clean_profile_data)
do_update_user_custom_profile_data_if_changed(target,
clean_profile_data)
return json_success()
def update_user_backend(
request: HttpRequest,
user_profile: UserProfile,
user_id: int,
full_name: Optional[str] = REQ(default="", validator=check_string),
is_admin: Optional[bool] = REQ(default=None, validator=check_bool),
is_guest: Optional[bool] = REQ(default=None, validator=check_bool),
profile_data: List[Dict[str, Union[int, str, List[int]]]] = REQ(
default=None, validator=check_list(check_dict([('id', check_int)])))
) -> HttpResponse:
target = access_user_by_id(user_profile,
user_id,
allow_deactivated=True,
allow_bots=True)
# This condition is a bit complicated, because the user could
# already be a guest/admin, or the request could be to make the
# user a guest/admin. In any case, the point is that we outright
# reject requests that would result in a user who is both an admin
# and a guest.
if (((is_guest is None and target.is_guest) or is_guest)
and ((is_admin is None and target.is_realm_admin) or is_admin)):
return json_error(_("Guests cannot be organization administrators"))
if is_admin is not None and target.is_realm_admin != is_admin:
if not is_admin and check_last_admin(user_profile):
return json_error(
_('Cannot remove the only organization administrator'))
do_change_is_admin(target, is_admin)
if is_guest is not None and target.is_guest != is_guest:
do_change_is_guest(target, is_guest)
if (full_name is not None and target.full_name != full_name
and full_name.strip() != ""):
# We don't respect `name_changes_disabled` here because the request
# is on behalf of the administrator.
check_change_full_name(target, full_name, user_profile)
if profile_data is not None:
clean_profile_data = []
for entry in profile_data:
if not entry["value"]:
field_id = entry["id"]
check_remove_custom_profile_field_value(target, field_id)
else:
clean_profile_data.append(entry)
validate_user_custom_profile_data(target.realm.id, clean_profile_data)
do_update_user_custom_profile_data(target, clean_profile_data)
return json_success()
def test_change_role(self) -> None:
realm = get_realm('zulip')
now = timezone_now()
user_profile = self.example_user("hamlet")
do_change_is_admin(user_profile, True)
do_change_is_admin(user_profile, False)
do_change_is_guest(user_profile, True)
do_change_is_guest(user_profile, False)
for event in RealmAuditLog.objects.filter(
event_type=RealmAuditLog.USER_ROLE_CHANGED,
realm=realm, modified_user=user_profile,
event_time__gte=now, event_time__lte=now+timedelta(minutes=60)):
extra_data = ujson.loads(event.extra_data)
self.check_role_count_schema(extra_data[RealmAuditLog.ROLE_COUNT])
self.assertIn(RealmAuditLog.OLD_VALUE, extra_data)
self.assertIn(RealmAuditLog.NEW_VALUE, extra_data)
def update_user_backend(request: HttpRequest, user_profile: UserProfile, user_id: int,
full_name: Optional[str]=REQ(default="", validator=check_string),
is_admin: Optional[bool]=REQ(default=None, validator=check_bool),
is_guest: Optional[bool]=REQ(default=None, validator=check_bool),
profile_data: List[Dict[str, Union[int, str, List[int]]]]=
REQ(default=None,
validator=check_list(check_dict([('id', check_int)])))) -> HttpResponse:
target = access_user_by_id(user_profile, user_id, allow_deactivated=True, allow_bots=True)
# This condition is a bit complicated, because the user could
# already be a guest/admin, or the request could be to make the
# user a guest/admin. In any case, the point is that we outright
# reject requests that would result in a user who is both an admin
# and a guest.
if (((is_guest is None and target.is_guest) or is_guest) and
((is_admin is None and target.is_realm_admin) or is_admin)):
return json_error(_("Guests cannot be organization administrators"))
if is_admin is not None and target.is_realm_admin != is_admin:
if not is_admin and check_last_admin(user_profile):
return json_error(_('Cannot remove the only organization administrator'))
do_change_is_admin(target, is_admin)
if is_guest is not None and target.is_guest != is_guest:
do_change_is_guest(target, is_guest)
if (full_name is not None and target.full_name != full_name and
full_name.strip() != ""):
# We don't respect `name_changes_disabled` here because the request
# is on behalf of the administrator.
check_change_full_name(target, full_name, user_profile)
if profile_data is not None:
clean_profile_data = []
for entry in profile_data:
if not entry["value"]:
field_id = entry["id"]
check_remove_custom_profile_field_value(target, field_id)
else:
clean_profile_data.append(entry)
validate_user_custom_profile_data(target.realm.id, clean_profile_data)
do_update_user_custom_profile_data(target, clean_profile_data)
return json_success()
def update_user_backend(
request: HttpRequest,
user_profile: UserProfile,
user_id: int,
full_name: Optional[str] = REQ(default="", validator=check_string),
is_admin: Optional[bool] = REQ(default=None, validator=check_bool),
is_guest: Optional[bool] = REQ(default=None, validator=check_bool)
) -> HttpResponse:
target = access_user_by_id(user_profile,
user_id,
allow_deactivated=True,
allow_bots=True)
# This condition is a bit complicated, because the user could
# already be a guest/admin, or the request could be to make the
# user a guest/admin. In any case, the point is that we outright
# reject requests that would result in a user who is both an admin
# and a guest.
if (((is_guest is None and target.is_guest) or is_guest)
and ((is_admin is None and target.is_realm_admin) or is_admin)):
return json_error(_("Guests cannot be organization administrators"))
if is_admin is not None and target.is_realm_admin != is_admin:
if not is_admin and check_last_admin(user_profile):
return json_error(
_('Cannot remove the only organization administrator'))
do_change_is_admin(target, is_admin)
if is_guest is not None and target.is_guest != is_guest:
do_change_is_guest(target, is_guest)
if (full_name is not None and target.full_name != full_name
and full_name.strip() != ""):
# We don't respect `name_changes_disabled` here because the request
# is on behalf of the administrator.
check_change_full_name(target, full_name, user_profile)
return json_success()
