def delete_invite(request, org_id, invite_id): org = Organization.objects.get(pk=org_id) invite = OrganizationInvitation.objects.get(pk=invite_id) deletion = DeletionRecord(organization=org, deleter=request.user, deleted_invite=invite) deletion.save() invite.delete() messages.success(request, "You have succesfully revoked the invitation for " + invite.email_to_invite + ".") return HttpResponseRedirect(reverse("org_management"))
def delete_invite(request, org_id, invite_id): org = Organization.objects.get(pk=org_id) if not org.is_member(request.user): return HttpResponseNotAllowed("Nice try, but you have to be an admin for an org to delete its invitations.") invite = OrganizationInvitation.objects.get(pk=invite_id) deletion = DeletionRecord(organization=org, deleter=request.user, deleted_invite=invite) deletion.save() invite.delete() messages.success(request, "You have succesfully revoked the invitation for " + invite.email_to_invite + ".") return HttpResponseRedirect(reverse("homepage"))
def delete_invite(request, org_id, invite_id): org = Organization.objects.get(pk=org_id) invite = OrganizationInvitation.objects.get(pk=invite_id) deletion = DeletionRecord(organization=org, deleter=request.user, deleted_invite=invite) deletion.save() invite.delete() messages.success( request, "You have succesfully revoked the invitation for " + invite.email_to_invite + ".") return HttpResponseRedirect(reverse("org_management"))
def delete_admin(request, org_id, user_id): org = Organization.objects.get(pk=org_id) admin = org.users.get(pk=user_id) if org.owner == admin: raise PermissionDenied("The owner of an organization cannot be removed.") if request.user == admin: raise PermissionDenied("Your personal views are your own, but in this case " + "you are not allowed to delete yourself.") deletion = DeletionRecord(organization=org, deleter=request.user, deleted_user=admin) deletion.save() org.users.remove(admin) messages.success(request, "You have succesfully removed " + admin.username + " as an administrator for " + org.name + ".") return HttpResponseRedirect(reverse("org_management"))
def delete_admin(request, org_id, user_id): org = Organization.objects.get(pk=org_id) admin = org.users.get(pk=user_id) if not org.is_member(request.user): return HttpResponseNotAllowed("Nice try, but you have to be an admin for an org to delete someone from it.") if org.owner == admin: return HttpResponseNotAllowed("The owner of an organization cannot be removed.") if request.user == admin: return HttpResponseNotAllowed("Your personal views are your own, but in this case " + "you are not allowed to delete yourself.") deletion = DeletionRecord(organization=org, deleter=request.user, deleted_user=admin) deletion.save() org.users.remove(admin) messages.success(request, "You have succesfully removed " + admin.username + " as an administrator for " + org.name + ".") return HttpResponseRedirect(reverse("homepage"))
def delete_admin(request, org_id, user_id): org = Organization.objects.get(pk=org_id) admin = org.users.get(pk=user_id) if org.owner == admin: raise PermissionDenied( "The owner of an organization cannot be removed.") if request.user == admin: raise PermissionDenied( "Your personal views are your own, but in this case " + "you are not allowed to delete yourself.") deletion = DeletionRecord(organization=org, deleter=request.user, deleted_user=admin) deletion.save() org.users.remove(admin) messages.success( request, "You have succesfully removed " + admin.username + " as an administrator for " + org.name + ".") return HttpResponseRedirect(reverse("org_management"))