def update_user_backend( request: HttpRequest, user_profile: UserProfile, user_id: int, full_name: Optional[str] = REQ(default="", validator=check_string), is_admin: Optional[bool] = REQ(default=None, validator=check_bool), is_guest: Optional[bool] = REQ(default=None, validator=check_bool), profile_data: List[Dict[str, Union[int, str, List[int]]]] = REQ( default=None, validator=check_list(check_dict([('id', check_int)]))) ) -> HttpResponse: target = access_user_by_id(user_profile, user_id, allow_deactivated=True, allow_bots=True) # Historically, UserProfile had two fields, is_guest and is_realm_admin. # This condition protected against situations where update_user_backend # could cause both is_guest and is_realm_admin to be set. # Once we update the frontend to just send a 'role' value, we can remove this check. if (((is_guest is None and target.is_guest) or is_guest) and ((is_admin is None and target.is_realm_admin) or is_admin)): return json_error(_("Guests cannot be organization administrators")) if is_admin is not None and target.is_realm_admin != is_admin: if not is_admin and check_last_admin(user_profile): return json_error( _('Cannot remove the only organization administrator')) do_change_is_admin(target, is_admin) if is_guest is not None and target.is_guest != is_guest: do_change_is_guest(target, is_guest) if (full_name is not None and target.full_name != full_name and full_name.strip() != ""): # We don't respect `name_changes_disabled` here because the request # is on behalf of the administrator. check_change_full_name(target, full_name, user_profile) if profile_data is not None: clean_profile_data = [] for entry in profile_data: if not entry["value"]: field_id = entry["id"] check_remove_custom_profile_field_value(target, field_id) else: clean_profile_data.append(entry) validate_user_custom_profile_data(target.realm.id, clean_profile_data) do_update_user_custom_profile_data_if_changed(target, clean_profile_data) return json_success()
def update_user_backend( request: HttpRequest, user_profile: UserProfile, user_id: int, full_name: Optional[str] = REQ(default="", validator=check_string), is_admin: Optional[bool] = REQ(default=None, validator=check_bool), is_guest: Optional[bool] = REQ(default=None, validator=check_bool), profile_data: List[Dict[str, Union[int, str, List[int]]]] = REQ( default=None, validator=check_list(check_dict([('id', check_int)]))) ) -> HttpResponse: target = access_user_by_id(user_profile, user_id, allow_deactivated=True, allow_bots=True) # This condition is a bit complicated, because the user could # already be a guest/admin, or the request could be to make the # user a guest/admin. In any case, the point is that we outright # reject requests that would result in a user who is both an admin # and a guest. if (((is_guest is None and target.is_guest) or is_guest) and ((is_admin is None and target.is_realm_admin) or is_admin)): return json_error(_("Guests cannot be organization administrators")) if is_admin is not None and target.is_realm_admin != is_admin: if not is_admin and check_last_admin(user_profile): return json_error( _('Cannot remove the only organization administrator')) do_change_is_admin(target, is_admin) if is_guest is not None and target.is_guest != is_guest: do_change_is_guest(target, is_guest) if (full_name is not None and target.full_name != full_name and full_name.strip() != ""): # We don't respect `name_changes_disabled` here because the request # is on behalf of the administrator. check_change_full_name(target, full_name, user_profile) if profile_data is not None: clean_profile_data = [] for entry in profile_data: if not entry["value"]: field_id = entry["id"] check_remove_custom_profile_field_value(target, field_id) else: clean_profile_data.append(entry) validate_user_custom_profile_data(target.realm.id, clean_profile_data) do_update_user_custom_profile_data(target, clean_profile_data) return json_success()
def test_change_role(self) -> None: realm = get_realm('zulip') now = timezone_now() user_profile = self.example_user("hamlet") do_change_is_admin(user_profile, True) do_change_is_admin(user_profile, False) do_change_is_guest(user_profile, True) do_change_is_guest(user_profile, False) for event in RealmAuditLog.objects.filter( event_type=RealmAuditLog.USER_ROLE_CHANGED, realm=realm, modified_user=user_profile, event_time__gte=now, event_time__lte=now+timedelta(minutes=60)): extra_data = ujson.loads(event.extra_data) self.check_role_count_schema(extra_data[RealmAuditLog.ROLE_COUNT]) self.assertIn(RealmAuditLog.OLD_VALUE, extra_data) self.assertIn(RealmAuditLog.NEW_VALUE, extra_data)
def update_user_backend(request: HttpRequest, user_profile: UserProfile, user_id: int, full_name: Optional[str]=REQ(default="", validator=check_string), is_admin: Optional[bool]=REQ(default=None, validator=check_bool), is_guest: Optional[bool]=REQ(default=None, validator=check_bool), profile_data: List[Dict[str, Union[int, str, List[int]]]]= REQ(default=None, validator=check_list(check_dict([('id', check_int)])))) -> HttpResponse: target = access_user_by_id(user_profile, user_id, allow_deactivated=True, allow_bots=True) # This condition is a bit complicated, because the user could # already be a guest/admin, or the request could be to make the # user a guest/admin. In any case, the point is that we outright # reject requests that would result in a user who is both an admin # and a guest. if (((is_guest is None and target.is_guest) or is_guest) and ((is_admin is None and target.is_realm_admin) or is_admin)): return json_error(_("Guests cannot be organization administrators")) if is_admin is not None and target.is_realm_admin != is_admin: if not is_admin and check_last_admin(user_profile): return json_error(_('Cannot remove the only organization administrator')) do_change_is_admin(target, is_admin) if is_guest is not None and target.is_guest != is_guest: do_change_is_guest(target, is_guest) if (full_name is not None and target.full_name != full_name and full_name.strip() != ""): # We don't respect `name_changes_disabled` here because the request # is on behalf of the administrator. check_change_full_name(target, full_name, user_profile) if profile_data is not None: clean_profile_data = [] for entry in profile_data: if not entry["value"]: field_id = entry["id"] check_remove_custom_profile_field_value(target, field_id) else: clean_profile_data.append(entry) validate_user_custom_profile_data(target.realm.id, clean_profile_data) do_update_user_custom_profile_data(target, clean_profile_data) return json_success()
def update_user_backend( request: HttpRequest, user_profile: UserProfile, user_id: int, full_name: Optional[str] = REQ(default="", validator=check_string), is_admin: Optional[bool] = REQ(default=None, validator=check_bool), is_guest: Optional[bool] = REQ(default=None, validator=check_bool) ) -> HttpResponse: target = access_user_by_id(user_profile, user_id, allow_deactivated=True, allow_bots=True) # This condition is a bit complicated, because the user could # already be a guest/admin, or the request could be to make the # user a guest/admin. In any case, the point is that we outright # reject requests that would result in a user who is both an admin # and a guest. if (((is_guest is None and target.is_guest) or is_guest) and ((is_admin is None and target.is_realm_admin) or is_admin)): return json_error(_("Guests cannot be organization administrators")) if is_admin is not None and target.is_realm_admin != is_admin: if not is_admin and check_last_admin(user_profile): return json_error( _('Cannot remove the only organization administrator')) do_change_is_admin(target, is_admin) if is_guest is not None and target.is_guest != is_guest: do_change_is_guest(target, is_guest) if (full_name is not None and target.full_name != full_name and full_name.strip() != ""): # We don't respect `name_changes_disabled` here because the request # is on behalf of the administrator. check_change_full_name(target, full_name, user_profile) return json_success()