Allow service accounts to be email-less

This removes the ability of updating service accounts through the CLI
(something we never used anyway), now that service accounts cannot be
uniquely identified by their email address.

pillar/api/users/hooks.py

@@ -5,13 +5,14 @@ from eve.utils import parse_request
 from flask import current_app, g
 from pillar.api.users.routes import log
 from pillar.api.utils.authorization import user_has_role
-from werkzeug.exceptions import Forbidden
+from werkzeug import exceptions as wz_exceptions
 
 USER_EDITABLE_FIELDS = {'full_name', 'username', 'email', 'settings'}
 
 # These fields nobody is allowed to touch directly, not even admins.
 USER_ALWAYS_RESTORE_FIELDS = {'auth'}
 
+
 def before_replacing_user(request, lookup):
     """Prevents changes to any field of the user doc, except USER_EDITABLE_FIELDS."""
 
@@ -52,6 +53,11 @@ def before_replacing_user(request, lookup):
         else:
             del put_data[db_key]
 
+    # Regular users should always have an email address
+    if 'service' not in put_data['roles']:
+        if not put_data.get('email'):
+            raise wz_exceptions.UnprocessableEntity('email field must be given')
+
 
 def push_updated_user_to_algolia(user, original):
     """Push an update to the Algolia index when a user item is updated"""
@@ -91,7 +97,7 @@ def check_user_access(request, lookup):
         return
 
     if not lookup and not current_user:
-        raise Forbidden()
+        raise wz_exceptions.Forbidden()
 
     # Add a filter to only return the current user.
     if '_id' not in lookup:
@@ -106,10 +112,10 @@ def check_put_access(request, lookup):
 
     current_user = g.get('current_user')
     if not current_user:
-        raise Forbidden()
+        raise wz_exceptions.Forbidden()
 
     if str(lookup['_id']) != str(current_user['user_id']):
-        raise Forbidden()
+        raise wz_exceptions.Forbidden()
 
 
 def after_fetching_user(user):