예제 #1
0
 def decorate_has_user_permission_for_group_or_org(group_id, user_name,
                                                   permission):
     user_id = authz.get_user_id_for_username(user_name, allow_none=True)
     if not user_id:
         return False
     if CadastaAdmin.is_user_cadasta_admin(model.Session, user_id):
         return True
     return method(group_id, user_name, permission)
예제 #2
0
 def decorate_has_user_permission_for_group_or_org(group_id, user_name,
                                                   permission):
     user_id = authz.get_user_id_for_username(user_name, allow_none=True)
     if not user_id:
         return False
     if CadastaAdmin.is_user_cadasta_admin(model.Session, user_id):
         return True
     return method(group_id, user_name, permission)
예제 #3
0
def cadasta_admin_create(context, data_dict):
    '''Make a user a Cadasta admin

    Cadasta admin can administer all organizations.
    You must be a sysadmin to make this api call.

    :param username: the username of the cadasta admin to delete
    :type username: str

    :rtype: bool (success)
    '''
    toolkit.check_access('sysadmin', context, data_dict)
    session = context['session']
    username = data_dict['username']
    user_object = model.User.get(username)
    if CadastaAdmin.exists(session, user_id=user_object.id):
        raise toolkit.ValidationError(
            'user {0} is already a Cadasta admin'.format(username)
        )
    return CadastaAdmin.create(session, user_id=user_object.id)
예제 #4
0
def cadasta_admin_list(context, data_dict):
    '''Show the list of admins that can administer all organizations

    You must be a sysadmin to make this api call

    :rtype: list of user ids
    '''
    toolkit.check_access('sysadmin', context, data_dict)
    session = context['session']
    user_ids = CadastaAdmin.get_cadasta_admin_ids(session)
    return [toolkit.get_action('user_show')(data_dict={'id': user_id})
            for user_id in user_ids]
예제 #5
0
def cadasta_admin_delete(context, data_dict):
    '''Delete a cadasta admin

    You must be a sysadmin to make this api call

    :param username: the username of the cadasta admin to delete
    :type username: str

    :rtype: bool (success)
    '''
    toolkit.check_access('sysadmin', context, data_dict)
    session = context['session']
    username = data_dict['username']
    user_object = model.User.get(username)
    admin = CadastaAdmin.get(session, user_id=user_object.id)
    if admin:
        session.delete(admin)
        session.commit()
    else:
        raise toolkit.ValidationError(
            'user {0} is not a Cadasta admin'.format(username)
        )