def delete(self): user = self.user # Predefined users can not be deleted if user.id in (settings.ADMIN_USER, settings.SYSTEM_USER, self.request.user.id): raise PermissionDenied relations = user.get_relations() if relations: message = { 'detail': _('Cannot delete user, because he has relations to some objects.'), 'relations': relations } return FailureTaskResponse(self.request, message, obj=user, dc_bound=False) dd = {'email': user.email, 'date_joined': user.date_joined} was_staff = user.is_staff old_roles = list(user.roles.all()) ser = self.serializer(self.request, user) ser.object.delete() res = SuccessTaskResponse(self.request, None, obj=user, msg=LOG_USER_DELETE, detail_dict=dd, dc_bound=False) # User was removed, which may affect the cached list of DC admins for DCs which are attached to user's groups # So we need to clear the list of admins cached for each affected DC affected_dcs = Dc.objects.distinct().filter(roles__in=old_roles, roles__permissions__id=AdminPermission.id) for dc in affected_dcs: User.clear_dc_admin_ids(dc) if was_staff: User.clear_super_admin_ids() return res
def user_modify(self, update=False, serializer=None): affected_groups = () if not serializer: serializer = self.serializer user = self.user ser = serializer(self.request, user, data=self.data, partial=update) if not ser.is_valid(): return FailureTaskResponse(self.request, ser.errors, obj=user, dc_bound=False) ser.save() if update: msg = LOG_USER_UPDATE status = HTTP_200_OK else: msg = LOG_USER_CREATE status = HTTP_201_CREATED res = SuccessTaskResponse(self.request, ser.data, status=status, obj=user, msg=msg, owner=ser.object, detail_dict=ser.detail_dict(), dc_bound=False) if serializer == UserSerializer: # User's is_staff attribute was changed -> Clear the cached list of super admins if ser.is_staff_changed: User.clear_super_admin_ids() # User's groups were changed, which may affect the cached list of DC admins for DCs which are attached # to these groups. So we need to clear the list of admins cached for each affected DC # noinspection PyProtectedMember if user._roles_to_save is not None: # noinspection PyProtectedMember affected_groups = set(user._roles_to_save) affected_groups.update(ser.old_roles) affected_dcs = Dc.objects.distinct().filter( roles__in=affected_groups, roles__permissions__id=AdminPermission.id) for dc in affected_dcs: User.clear_dc_admin_ids(dc) # User was removed from some groups and may loose access to DCs which are attached to this group # So we better set his current_dc to default_dc if ser.old_roles and not user.is_staff: user.reset_current_dc() connection.on_commit(lambda: user_relationship_changed.send( user_name=ser.object.username, affected_groups=tuple(group.id for group in affected_groups))) return res