jan/openreplay
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(chalice): fixed edit user's role (#2810)

Browse source
This commit is contained in:
Kraiem Taha Yassine 2024-12-03 16:27:42 +01:00 committed by GitHub
parent 14191c1de4
commit e9a1a8c4eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 33 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
ee/api/chalicelib/core/roles.py
View file

@ -182,3 +182,20 @@ def delete(tenant_id, user_id, role_id):
{"tenant_id": tenant_id, "role_id": role_id}) {"tenant_id": tenant_id, "role_id": role_id})
cur.execute(query=query) cur.execute(query=query)
return get_roles(tenant_id=tenant_id) return get_roles(tenant_id=tenant_id)
def get_role(tenant_id, role_id):
with pg_client.PostgresClient() as cur:
query = cur.mogrify("""SELECT roles.*
FROM public.roles
WHERE tenant_id =%(tenant_id)s
AND deleted_at IS NULL
AND not service_role
AND role_id = %(role_id)s
LIMIT 1;""",
{"tenant_id": tenant_id, "role_id": role_id})
cur.execute(query=query)
row = cur.fetchone()
if row is not None:
row["created_at"] = TimeUTC.datetime_to_timestamp(row["created_at"])
return helper.dict_to_camel_case(row)

20
ee/api/chalicelib/core/users.py
View file

@ -199,6 +199,12 @@ def create_member(tenant_id, user_id, data: schemas.CreateMemberSchema, backgrou
role_id = data.roleId role_id = data.roleId
if role_id is None: if role_id is None:
role_id = roles.get_role_by_name(tenant_id=tenant_id, name="member").get("roleId") role_id = roles.get_role_by_name(tenant_id=tenant_id, name="member").get("roleId")
else:
role = roles.get_role(tenant_id=tenant_id, role_id=role_id)
if role is None:
return {"errors": ["role not found"]}
if role["name"].lower() == "owner" and role["protected"]:
return {"errors": ["invalid role"]}
invitation_token = __generate_invitation_token() invitation_token = __generate_invitation_token()
user = get_deleted_user_by_email(email=data.email) user = get_deleted_user_by_email(email=data.email)
if user is not None and user["tenantId"] == tenant_id: if user is not None and user["tenantId"] == tenant_id:
@ -333,7 +339,7 @@ def edit_member(user_id_to_update, tenant_id, changes: schemas.EditMemberSchema,
if editor_id != user_id_to_update: if editor_id != user_id_to_update:
admin = get_user_role(tenant_id=tenant_id, user_id=editor_id) admin = get_user_role(tenant_id=tenant_id, user_id=editor_id)
if not admin["superAdmin"] and not admin["admin"]: if not admin["superAdmin"] and not admin["admin"]:
return {"errors": ["unauthorized"]} return {"errors": ["unauthorized, you must have admin privileges"]}
if admin["admin"] and user["superAdmin"]: if admin["admin"] and user["superAdmin"]:
return {"errors": ["only the owner can edit his own details"]} return {"errors": ["only the owner can edit his own details"]}
else: else:
@ -343,10 +349,10 @@ def edit_member(user_id_to_update, tenant_id, changes: schemas.EditMemberSchema,
return {"errors": ["cannot change your own admin privileges"]} return {"errors": ["cannot change your own admin privileges"]}
if changes.roleId: if changes.roleId:
if user["superAdmin"] and changes.roleId != user["roleId"]: if user["superAdmin"] and changes.roleId != user["roleId"]:
changes.roleId = None
return {"errors": ["owner's role cannot be changed"]} return {"errors": ["owner's role cannot be changed"]}
elif user["superAdmin"]:
if changes.roleId != user["roleId"]: changes.roleId = None
elif changes.roleId != user["roleId"]:
return {"errors": ["cannot change your own role"]} return {"errors": ["cannot change your own role"]}
if changes.name and len(changes.name) > 0: if changes.name and len(changes.name) > 0:
@ -357,6 +363,12 @@ def edit_member(user_id_to_update, tenant_id, changes: schemas.EditMemberSchema,
if changes.roleId is not None: if changes.roleId is not None:
_changes["roleId"] = changes.roleId _changes["roleId"] = changes.roleId
role = roles.get_role(tenant_id=tenant_id, role_id=changes.roleId)
if role is None:
return {"errors": ["role not found"]}
else:
if role["name"].lower() == "owner" and role["protected"]:
return {"errors": ["invalid role"]}
if len(_changes.keys()) > 0: if len(_changes.keys()) > 0:
update(tenant_id=tenant_id, user_id=user_id_to_update, changes=_changes, output=False) update(tenant_id=tenant_id, user_id=user_id_to_update, changes=_changes, output=False)