[Plugin] Users now allows setting the role of an user

This commit is contained in:
Ferdinand Thiessen 2020-10-24 20:10:43 +02:00
parent dc6b30e4e7
commit d2858c8c76
1 changed files with 21 additions and 9 deletions

View File

@ -8,12 +8,13 @@ from flaschengeist.system.controller import userController
users_bp = Blueprint("users", __name__)
_permission_edit = "users_edit_other"
_permission_set_roles = "users_set_roles"
_permission_delete = "users_delete_other"
class UsersPlugin(Plugin):
def __init__(self, config):
super().__init__(blueprint=users_bp, permissions=[_permission_edit, _permission_delete])
super().__init__(blueprint=users_bp, permissions=[_permission_edit, _permission_delete, _permission_set_roles])
#################################################
# Routes #
@ -64,17 +65,28 @@ def __delete_user(uid, **kwargs):
def __edit_user(uid, **kwargs):
logger.debug("Modify information of user {{ {} }}".format(uid))
user = userController.get_user(uid)
if uid != kwargs["access_token"].user.userid and user.has_permission(_permission_edit):
return Forbidden
data = request.get_json()
password = None
new_password = data["new_password"] if "new_password" in data else None
if uid != kwargs["access_token"].user.userid:
if not user.has_permission(_permission_edit):
return Forbidden
else:
if "password" not in data:
raise BadRequest("Password is missing")
password = data["password"]
for key in ["firstname", "lastname", "display_name", "mail"]:
if key in data:
setattr(user, key, data[key])
new_password = data["new_password"] if "new_password" in data else None
userController.modify_user(user, data["password"], new_password)
if "roles" in data:
if not user.has_permission(_permission_set_roles):
raise Forbidden
userController.set_roles(user, data["roles"])
userController.modify_user(user, password, new_password)
userController.update_user(user)
return jsonify({"ok": "ok"})