Orgs: allow setting org admin via web interface / PATCH request

2017-08-23 17:13:39 +02:00
parent a5d11ec31b
commit f1edb901d1
5 changed files with 122 additions and 2 deletions
--- a/pillar/api/organizations/init.py
+++ b/pillar/api/organizations/init.py
@@ -144,6 +144,22 @@ class OrgManager:

        return org_doc

+    def assign_admin(self, org_id: bson.ObjectId, *, user_id: bson.ObjectId):
+        """Assigns a user as admin user for this organization."""
+
+        assert isinstance(org_id, bson.ObjectId)
+        assert isinstance(user_id, bson.ObjectId)
+
+        org_coll = current_app.db('organizations')
+        users_coll = current_app.db('users')
+
+        if users_coll.count({'_id': user_id}) == 0:
+            raise ValueError('User not found')
+
+        self._log.info('Updating organization %s, setting admin user to %s', org_id, user_id)
+        org_coll.update_one({'_id': org_id},
+                            {'$set': {'admin_uid': user_id}})
+
    def remove_user(self,
                    org_id: bson.ObjectId,
                    *,
--- a/pillar/api/organizations/patch.py
+++ b/pillar/api/organizations/patch.py
@@ -64,6 +64,26 @@ class OrganizationPatchHandler(patch_handler.AbstractPatchHandler):
        org_doc = current_app.org_manager.assign_single_user(org_id, user_id=user_oid)
        return jsonify(org_doc)

+    @authorization.require_login()
+    def patch_assign_admin(self, org_id: bson.ObjectId, patch: dict):
+        """Assigns a single user by User ID as admin of the organization.
+
+        The calling user must be admin of the organization.
+        """
+
+        self._assert_is_admin(org_id)
+
+        # Do some basic validation.
+        try:
+            user_id = patch['user_id']
+        except KeyError:
+            raise wz_exceptions.BadRequest('No key "user_id" in patch.')
+
+        user_oid = str2id(user_id)
+        log.info('User %s uses PATCH to set user %s as admin for organization %s',
+                 current_user().user_id, user_oid, org_id)
+        current_app.org_manager.assign_admin(org_id, user_id=user_oid)
+
    @authorization.require_login()
    def patch_remove_user(self, org_id: bson.ObjectId, patch: dict):
        """Removes a user from an organization.
--- a/pillar/web/organizations/routes.py
+++ b/pillar/web/organizations/routes.py
@@ -9,8 +9,7 @@ from pillar import current_app
 from pillar.api.utils import authorization, str2id, gravatar
 from pillar.web.system_util import pillar_api

-
-from pillarsdk import Organization
+from pillarsdk import Organization, User

 log = logging.getLogger(__name__)
 blueprint = Blueprint('pillar.web.organizations', __name__, url_prefix='/organizations')
@@ -51,6 +50,8 @@ def view_embed(organization_id: str):
        member['avatar'] = gravatar(member.get('email'))
        member['_id'] = str(member['_id'])

+    admin_user = User.find(organization.admin_uid, api=api)
+
    # Make sure it's never None
    organization.unknown_members = organization.unknown_members or []

@@ -61,6 +62,7 @@ def view_embed(organization_id: str):

    return render_template('organizations/view_embed.html',
                           organization=organization,
+                           admin_user=admin_user,
                           members=members,
                           can_edit=can_edit,
                           can_super_edit=can_super_edit,