Orgs: allow admins to set seat count and org_roles

pillar/api/organizations/patch.py

@@ -105,7 +105,8 @@ class OrganizationPatchHandler(patch_handler.AbstractPatchHandler):
         from pymongo.results import UpdateResult
 
         self._assert_is_admin(org_id)
-        current_user_id = current_user().user_id
+        user = current_user()
+        current_user_id = user.user_id
 
         # Only take known fields from the patch, don't just copy everything.
         update = {
@@ -114,6 +115,19 @@ class OrganizationPatchHandler(patch_handler.AbstractPatchHandler):
             'website': patch.get('website', '').strip(),
             'location': patch.get('location', '').strip(),
         }
+
+        if user.has_cap('admin'):
+            if 'seat_count' in patch:
+                update['seat_count'] = int(patch['seat_count'])
+            if 'org_roles' in patch:
+                org_roles = [stripped for stripped in (role.strip() for role in patch['org_roles'])
+                             if stripped]
+                if not all(role.startswith('org-') for role in org_roles):
+                    raise wz_exceptions.UnprocessableEntity(
+                        'Invalid role given, all roles must start with "org-"')
+
+                update['org_roles'] = org_roles
+
         self.log.info('User %s edits Organization %s: %s', current_user_id, org_id, update)
 
         validator = current_app.validator_for_resource('organizations')

pillar/web/organizations/routes.py

@@ -54,7 +54,8 @@ def view_embed(organization_id: str):
     # Make sure it's never None
     organization.unknown_members = organization.unknown_members or []
 
-    can_edit = om.user_is_admin(organization_oid)
+    can_super_edit = current_user.has_cap('admin')
+    can_edit = can_super_edit or om.user_is_admin(organization_oid)
 
     csrf = flask_wtf.csrf.generate_csrf()
 
@@ -62,6 +63,7 @@ def view_embed(organization_id: str):
                            organization=organization,
                            members=members,
                            can_edit=can_edit,
+                           can_super_edit=can_super_edit,
                            seats_used=len(members) + len(organization.unknown_members),
                            csrf=csrf)
 

src/templates/organizations/view_embed.jade

@@ -25,6 +25,20 @@
 				type="text",
 				placeholder="Organization's location",
 				value="{{ organization.location | hide_none }}")
+		| {% if can_super_edit %}
+		.input-group
+			input.item-location.input-transparent(
+				name="seat_count",
+				type="text",
+				placeholder="Seat count",
+				value="{{ organization.seat_count | hide_none }}")
+		.input-group
+			input.item-location.input-transparent(
+				name="org_roles",
+				type="text",
+				placeholder="Organization roles",
+				value="{{ organization.org_roles | hide_none | sort | join(' ') }}")
+		| {% endif %}
 		.input-group
 			button#item-save.btn.btn-default.btn-block(type='submit')
 				i.pi-check
@@ -281,15 +295,26 @@ script.
 		var $form = $('#item_form');
 		var new_name = $form.find('*[name="name"]').val();
 
+		{% if can_super_edit %}
+		var org_roles_str = $form.find('*[name="org_roles"]').val().trim();
+		var org_roles = Array();
+		if (org_roles_str.length) org_roles = org_roles_str.split(/\s/);
+		{% endif %}
+
 		patchOrganization({
 			op: 'edit-from-web',
 			name: new_name,
 			description: $form.find('*[name="description"]').val(),
 			website: $form.find('*[name="website"]').val(),
 			location: $form.find('*[name="location"]').val(),
+			{% if can_super_edit %}
+			seat_count: parseInt($form.find('*[name="seat_count"]').val()),
+			org_roles: org_roles,
+			{% endif %}
 		})
 		.done(function() {
 			$('span.organization-name-{{ organization._id }}').text(new_name);
+			item_open('{{ organization._id }}', false);
 		})
 		.fail(function(err) {
 			var msg = xhrErrorResponseMessage(err);