feat(chalice): EE role check on member update
feat(chalice): EE removed member's email update
This commit is contained in:
Taha Yassine Kraiem
parent
77ea6e1960
commit
b10390c509
2 changed files with 47 additions and 29 deletions
|
|
@ -300,7 +300,7 @@ def edit_member(user_id_to_update, tenant_id, changes: schemas.EditMemberSchema,
|
|||
if not admin["superAdmin"] and not admin["admin"]:
|
||||
return {"errors": ["unauthorized"]}
|
||||
if admin["admin"] and user["superAdmin"]:
|
||||
return {"errors": ["only a superAdmin can edit his own details"]}
|
||||
return {"errors": ["only the owner can edit his own details"]}
|
||||
else:
|
||||
if user["superAdmin"]:
|
||||
changes.admin = None
|
||||
|
|
@ -646,6 +646,4 @@ def get_user_role(tenant_id, user_id):
|
|||
LIMIT 1""",
|
||||
{"user_id": user_id})
|
||||
)
|
||||
u = helper.dict_to_camel_case(cur.fetchone())
|
||||
|
||||
return u
|
||||
return helper.dict_to_camel_case(cur.fetchone())
|
||||
|
|
|
|||
|
|
@ -128,7 +128,7 @@ def reset_member(tenant_id, editor_id, user_id_to_update):
|
|||
return {"data": {"invitationLink": generate_new_invitation(user_id_to_update)}}
|
||||
|
||||
|
||||
def update(tenant_id, user_id, changes):
|
||||
def update(tenant_id, user_id, changes, output=True):
|
||||
AUTH_KEYS = ["password", "invitationToken", "invitedAt", "changePwdExpireAt", "changePwdToken"]
|
||||
if len(changes.keys()) == 0:
|
||||
return None
|
||||
|
|
@ -197,7 +197,8 @@ def update(tenant_id, user_id, changes):
|
|||
AND roles.role_id=users.role_id) AS role_name;""",
|
||||
{"tenant_id": tenant_id, "user_id": user_id, **changes})
|
||||
)
|
||||
|
||||
if not output:
|
||||
return None
|
||||
return get(user_id=user_id, tenant_id=tenant_id)
|
||||
|
||||
|
||||
|
|
@ -344,33 +345,29 @@ def edit(user_id_to_update, tenant_id, changes: schemas_ee.EditUserSchema, edito
|
|||
return {"data": user}
|
||||
|
||||
|
||||
def edit_member(user_id_to_update, tenant_id, changes: schemas_ee.EditUserSchema, editor_id):
|
||||
def edit_member(user_id_to_update, tenant_id, changes: schemas_ee.EditMemberSchema, editor_id):
|
||||
user = get_member(user_id=user_id_to_update, tenant_id=tenant_id)
|
||||
if editor_id != user_id_to_update or changes.admin is not None and changes.admin != user["admin"]:
|
||||
admin = get(tenant_id=tenant_id, user_id=editor_id)
|
||||
_changes = {}
|
||||
if editor_id != user_id_to_update:
|
||||
admin = get_user_role(tenant_id=tenant_id, user_id=editor_id)
|
||||
if not admin["superAdmin"] and not admin["admin"]:
|
||||
return {"errors": ["unauthorized"]}
|
||||
_changes = {}
|
||||
if editor_id == user_id_to_update:
|
||||
if changes.admin is not None:
|
||||
if user["superAdmin"]:
|
||||
changes.admin = None
|
||||
elif changes.admin != user["admin"]:
|
||||
return {"errors": ["cannot change your own role"]}
|
||||
if changes.roleId is not None:
|
||||
if user["superAdmin"]:
|
||||
if admin["admin"] and user["superAdmin"]:
|
||||
return {"errors": ["only the owner can edit his own details"]}
|
||||
else:
|
||||
if user["superAdmin"]:
|
||||
changes.admin = None
|
||||
elif changes.admin != user["admin"]:
|
||||
return {"errors": ["cannot change your own admin privileges"]}
|
||||
if changes.roleId:
|
||||
if user["superAdmin"] and changes.roleId != user["roleId"]:
|
||||
changes.roleId = None
|
||||
elif changes.roleId != user["roleId"]:
|
||||
return {"errors": ["owner's role cannot be changed"]}
|
||||
|
||||
if changes.roleId != user["roleId"]:
|
||||
return {"errors": ["cannot change your own role"]}
|
||||
|
||||
if changes.email is not None and changes.email != user["email"]:
|
||||
if email_exists(changes.email):
|
||||
return {"errors": ["email already exists."]}
|
||||
if get_deleted_user_by_email(changes.email) is not None:
|
||||
return {"errors": ["email previously deleted."]}
|
||||
_changes["email"] = changes.email
|
||||
|
||||
if changes.name is not None and len(changes.name) > 0:
|
||||
if changes.name and len(changes.name) > 0:
|
||||
_changes["name"] = changes.name
|
||||
|
||||
if changes.admin is not None:
|
||||
|
|
@ -380,8 +377,8 @@ def edit_member(user_id_to_update, tenant_id, changes: schemas_ee.EditUserSchema
|
|||
_changes["roleId"] = changes.roleId
|
||||
|
||||
if len(_changes.keys()) > 0:
|
||||
update(tenant_id=tenant_id, user_id=user_id_to_update, changes=_changes)
|
||||
return {"data": get_member(tenant_id=tenant_id, user_id=user_id_to_update)}
|
||||
update(tenant_id=tenant_id, user_id=user_id_to_update, changes=_changes, output=False)
|
||||
return {"data": get_member(user_id=user_id_to_update, tenant_id=tenant_id)}
|
||||
return {"data": user}
|
||||
|
||||
|
||||
|
|
@ -853,3 +850,26 @@ def __hard_delete_user(user_id):
|
|||
WHERE users.user_id = %(user_id)s AND users.deleted_at IS NOT NULL ;""",
|
||||
{"user_id": user_id})
|
||||
cur.execute(query)
|
||||
|
||||
|
||||
def get_user_role(tenant_id, user_id):
|
||||
with pg_client.PostgresClient() as cur:
|
||||
cur.execute(
|
||||
cur.mogrify(
|
||||
f"""SELECT
|
||||
users.user_id,
|
||||
users.email,
|
||||
users.role,
|
||||
users.name,
|
||||
users.created_at,
|
||||
(CASE WHEN users.role = 'owner' THEN TRUE ELSE FALSE END) AS super_admin,
|
||||
(CASE WHEN users.role = 'admin' THEN TRUE ELSE FALSE END) AS admin,
|
||||
(CASE WHEN users.role = 'member' THEN TRUE ELSE FALSE END) AS member
|
||||
FROM public.users
|
||||
WHERE users.deleted_at IS NULL
|
||||
AND users.user_id=%(user_id)s
|
||||
AND users.tenant_id=%(tenant_id)s
|
||||
LIMIT 1""",
|
||||
{"tenant_id": tenant_id, "user_id": user_id})
|
||||
)
|
||||
return helper.dict_to_camel_case(cur.fetchone())
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue