Orgs: allow admins to set seat count and org_roles

2017-08-23 16:04:45 +02:00
parent 1c9f425a40
commit 08294e2f14
3 changed files with 43 additions and 2 deletions
--- a/pillar/api/organizations/patch.py
+++ b/pillar/api/organizations/patch.py
@@ -105,7 +105,8 @@ class OrganizationPatchHandler(patch_handler.AbstractPatchHandler):
        from pymongo.results import UpdateResult

        self._assert_is_admin(org_id)
-        current_user_id = current_user().user_id
+        user = current_user()
+        current_user_id = user.user_id

        # Only take known fields from the patch, don't just copy everything.
        update = {
@@ -114,6 +115,19 @@ class OrganizationPatchHandler(patch_handler.AbstractPatchHandler):
            'website': patch.get('website', '').strip(),
            'location': patch.get('location', '').strip(),
        }
+
+        if user.has_cap('admin'):
+            if 'seat_count' in patch:
+                update['seat_count'] = int(patch['seat_count'])
+            if 'org_roles' in patch:
+                org_roles = [stripped for stripped in (role.strip() for role in patch['org_roles'])
+                             if stripped]
+                if not all(role.startswith('org-') for role in org_roles):
+                    raise wz_exceptions.UnprocessableEntity(
+                        'Invalid role given, all roles must start with "org-"')
+
+                update['org_roles'] = org_roles
+
        self.log.info('User %s edits Organization %s: %s', current_user_id, org_id, update)

        validator = current_app.validator_for_resource('organizations')
--- a/pillar/web/organizations/routes.py
+++ b/pillar/web/organizations/routes.py
@@ -54,7 +54,8 @@ def view_embed(organization_id: str):
    # Make sure it's never None
    organization.unknown_members = organization.unknown_members or []

-    can_edit = om.user_is_admin(organization_oid)
+    can_super_edit = current_user.has_cap('admin')
+    can_edit = can_super_edit or om.user_is_admin(organization_oid)

    csrf = flask_wtf.csrf.generate_csrf()

@@ -62,6 +63,7 @@ def view_embed(organization_id: str):
                           organization=organization,
                           members=members,
                           can_edit=can_edit,
+                           can_super_edit=can_super_edit,
                           seats_used=len(members) + len(organization.unknown_members),
                           csrf=csrf)