def get_count_of_users_with_permission(self, service_id, permission): if permission not in roles.keys(): raise TypeError('{} is not a valid permission'.format(permission)) return len([ user for user in self.get_users_for_service(service_id) if user.has_permission_for_service(service_id, permission) ])
def get_permissions_from_form(form): # view_activity is a default role to be added to all users. # All users will have at minimum view_activity to allow users to see notifications, # templates, team members but no update privileges selected_roles = {role for role in roles.keys() if form[role].data is True} selected_roles.add('view_activity') return selected_roles
def remove_user_from_service(service_id, user_id): user = user_api_client.get_user(user_id) # Need to make the email address read only, or a disabled field? # Do it through the template or the form class? form = PermissionsForm( **{ role: user.has_permission_for_service(service_id, role) for role in roles.keys() }) if request.method == 'POST': try: service_api_client.remove_user_from_service(service_id, user_id) except HTTPError as e: msg = "You cannot remove the only user for a service" if e.status_code == 400 and msg in e.message: flash(msg, 'info') return redirect(url_for('.manage_users', service_id=service_id)) else: abort(500, e) return redirect(url_for('.manage_users', service_id=service_id)) flash('Are you sure you want to remove {}?'.format(user.name), 'remove') return render_template('views/edit-user-permissions.html', user=user, form=form)
def edit_user_permissions(service_id, user_id): service_has_email_auth = 'email_auth' in current_service['permissions'] # TODO we should probably using the service id here in the get user # call as well. eg. /user/<user_id>?&service=service_id user = user_api_client.get_user(user_id) user_has_no_mobile_number = user.mobile_number is None form = PermissionsForm(**{ role: user.has_permission_for_service(service_id, role) for role in roles.keys() }, login_authentication=user.auth_type) if form.validate_on_submit(): user_api_client.set_user_permissions( user_id, service_id, permissions=set(get_permissions_from_form(form)), ) if service_has_email_auth: user_api_client.update_user_attribute( user_id, auth_type=form.login_authentication.data) return redirect(url_for('.manage_users', service_id=service_id)) return render_template('views/edit-user-permissions.html', user=user, form=form, service_has_email_auth=service_has_email_auth, user_has_no_mobile_number=user_has_no_mobile_number)
def permissions(self): return {role for role in roles.keys() if self[role].data is True}
def from_user(cls, user, service_id): return cls(**{ role: user.has_permission_for_service(service_id, role) for role in roles.keys() }, login_authentication=user.auth_type)