##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
user-groups-audit: properly link to user_group when doing api actions...
marcink -
r2107:ba9e03f0 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,818 +1,822 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2011-2017 RhodeCode GmbH
3 # Copyright (C) 2011-2017 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import logging
21 import logging
22
22
23 from rhodecode.api import (
23 from rhodecode.api import (
24 jsonrpc_method, JSONRPCError, JSONRPCForbidden, JSONRPCValidationError)
24 jsonrpc_method, JSONRPCError, JSONRPCForbidden, JSONRPCValidationError)
25 from rhodecode.api.utils import (
25 from rhodecode.api.utils import (
26 Optional, OAttr, store_update, has_superadmin_permission, get_origin,
26 Optional, OAttr, store_update, has_superadmin_permission, get_origin,
27 get_user_or_error, get_user_group_or_error, get_perm_or_error)
27 get_user_or_error, get_user_group_or_error, get_perm_or_error)
28 from rhodecode.lib import audit_logger
28 from rhodecode.lib import audit_logger
29 from rhodecode.lib.auth import HasUserGroupPermissionAnyApi, HasPermissionAnyApi
29 from rhodecode.lib.auth import HasUserGroupPermissionAnyApi, HasPermissionAnyApi
30 from rhodecode.lib.exceptions import UserGroupAssignedException
30 from rhodecode.lib.exceptions import UserGroupAssignedException
31 from rhodecode.model.db import Session
31 from rhodecode.model.db import Session
32 from rhodecode.model.scm import UserGroupList
32 from rhodecode.model.scm import UserGroupList
33 from rhodecode.model.user_group import UserGroupModel
33 from rhodecode.model.user_group import UserGroupModel
34 from rhodecode.model import validation_schema
34 from rhodecode.model import validation_schema
35 from rhodecode.model.validation_schema.schemas import user_group_schema
35 from rhodecode.model.validation_schema.schemas import user_group_schema
36
36
37 log = logging.getLogger(__name__)
37 log = logging.getLogger(__name__)
38
38
39
39
40 @jsonrpc_method()
40 @jsonrpc_method()
41 def get_user_group(request, apiuser, usergroupid):
41 def get_user_group(request, apiuser, usergroupid):
42 """
42 """
43 Returns the data of an existing user group.
43 Returns the data of an existing user group.
44
44
45 This command can only be run using an |authtoken| with admin rights to
45 This command can only be run using an |authtoken| with admin rights to
46 the specified repository.
46 the specified repository.
47
47
48 :param apiuser: This is filled automatically from the |authtoken|.
48 :param apiuser: This is filled automatically from the |authtoken|.
49 :type apiuser: AuthUser
49 :type apiuser: AuthUser
50 :param usergroupid: Set the user group from which to return data.
50 :param usergroupid: Set the user group from which to return data.
51 :type usergroupid: str or int
51 :type usergroupid: str or int
52
52
53 Example error output:
53 Example error output:
54
54
55 .. code-block:: bash
55 .. code-block:: bash
56
56
57 {
57 {
58 "error": null,
58 "error": null,
59 "id": <id>,
59 "id": <id>,
60 "result": {
60 "result": {
61 "active": true,
61 "active": true,
62 "group_description": "group description",
62 "group_description": "group description",
63 "group_name": "group name",
63 "group_name": "group name",
64 "members": [
64 "members": [
65 {
65 {
66 "name": "owner-name",
66 "name": "owner-name",
67 "origin": "owner",
67 "origin": "owner",
68 "permission": "usergroup.admin",
68 "permission": "usergroup.admin",
69 "type": "user"
69 "type": "user"
70 },
70 },
71 {
71 {
72 {
72 {
73 "name": "user name",
73 "name": "user name",
74 "origin": "permission",
74 "origin": "permission",
75 "permission": "usergroup.admin",
75 "permission": "usergroup.admin",
76 "type": "user"
76 "type": "user"
77 },
77 },
78 {
78 {
79 "name": "user group name",
79 "name": "user group name",
80 "origin": "permission",
80 "origin": "permission",
81 "permission": "usergroup.write",
81 "permission": "usergroup.write",
82 "type": "user_group"
82 "type": "user_group"
83 }
83 }
84 ],
84 ],
85 "owner": "owner name",
85 "owner": "owner name",
86 "users": [],
86 "users": [],
87 "users_group_id": 2
87 "users_group_id": 2
88 }
88 }
89 }
89 }
90
90
91 """
91 """
92
92
93 user_group = get_user_group_or_error(usergroupid)
93 user_group = get_user_group_or_error(usergroupid)
94 if not has_superadmin_permission(apiuser):
94 if not has_superadmin_permission(apiuser):
95 # check if we have at least read permission for this user group !
95 # check if we have at least read permission for this user group !
96 _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
96 _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
97 if not HasUserGroupPermissionAnyApi(*_perms)(
97 if not HasUserGroupPermissionAnyApi(*_perms)(
98 user=apiuser, user_group_name=user_group.users_group_name):
98 user=apiuser, user_group_name=user_group.users_group_name):
99 raise JSONRPCError('user group `%s` does not exist' % (
99 raise JSONRPCError('user group `%s` does not exist' % (
100 usergroupid,))
100 usergroupid,))
101
101
102 permissions = []
102 permissions = []
103 for _user in user_group.permissions():
103 for _user in user_group.permissions():
104 user_data = {
104 user_data = {
105 'name': _user.username,
105 'name': _user.username,
106 'permission': _user.permission,
106 'permission': _user.permission,
107 'origin': get_origin(_user),
107 'origin': get_origin(_user),
108 'type': "user",
108 'type': "user",
109 }
109 }
110 permissions.append(user_data)
110 permissions.append(user_data)
111
111
112 for _user_group in user_group.permission_user_groups():
112 for _user_group in user_group.permission_user_groups():
113 user_group_data = {
113 user_group_data = {
114 'name': _user_group.users_group_name,
114 'name': _user_group.users_group_name,
115 'permission': _user_group.permission,
115 'permission': _user_group.permission,
116 'origin': get_origin(_user_group),
116 'origin': get_origin(_user_group),
117 'type': "user_group",
117 'type': "user_group",
118 }
118 }
119 permissions.append(user_group_data)
119 permissions.append(user_group_data)
120
120
121 data = user_group.get_api_data()
121 data = user_group.get_api_data()
122 data['members'] = permissions
122 data['members'] = permissions
123
123
124 return data
124 return data
125
125
126
126
127 @jsonrpc_method()
127 @jsonrpc_method()
128 def get_user_groups(request, apiuser):
128 def get_user_groups(request, apiuser):
129 """
129 """
130 Lists all the existing user groups within RhodeCode.
130 Lists all the existing user groups within RhodeCode.
131
131
132 This command can only be run using an |authtoken| with admin rights to
132 This command can only be run using an |authtoken| with admin rights to
133 the specified repository.
133 the specified repository.
134
134
135 This command takes the following options:
135 This command takes the following options:
136
136
137 :param apiuser: This is filled automatically from the |authtoken|.
137 :param apiuser: This is filled automatically from the |authtoken|.
138 :type apiuser: AuthUser
138 :type apiuser: AuthUser
139
139
140 Example error output:
140 Example error output:
141
141
142 .. code-block:: bash
142 .. code-block:: bash
143
143
144 id : <id_given_in_input>
144 id : <id_given_in_input>
145 result : [<user_group_obj>,...]
145 result : [<user_group_obj>,...]
146 error : null
146 error : null
147 """
147 """
148
148
149 include_secrets = has_superadmin_permission(apiuser)
149 include_secrets = has_superadmin_permission(apiuser)
150
150
151 result = []
151 result = []
152 _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
152 _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
153 extras = {'user': apiuser}
153 extras = {'user': apiuser}
154 for user_group in UserGroupList(UserGroupModel().get_all(),
154 for user_group in UserGroupList(UserGroupModel().get_all(),
155 perm_set=_perms, extra_kwargs=extras):
155 perm_set=_perms, extra_kwargs=extras):
156 result.append(
156 result.append(
157 user_group.get_api_data(include_secrets=include_secrets))
157 user_group.get_api_data(include_secrets=include_secrets))
158 return result
158 return result
159
159
160
160
161 @jsonrpc_method()
161 @jsonrpc_method()
162 def create_user_group(
162 def create_user_group(
163 request, apiuser, group_name, description=Optional(''),
163 request, apiuser, group_name, description=Optional(''),
164 owner=Optional(OAttr('apiuser')), active=Optional(True)):
164 owner=Optional(OAttr('apiuser')), active=Optional(True)):
165 """
165 """
166 Creates a new user group.
166 Creates a new user group.
167
167
168 This command can only be run using an |authtoken| with admin rights to
168 This command can only be run using an |authtoken| with admin rights to
169 the specified repository.
169 the specified repository.
170
170
171 This command takes the following options:
171 This command takes the following options:
172
172
173 :param apiuser: This is filled automatically from the |authtoken|.
173 :param apiuser: This is filled automatically from the |authtoken|.
174 :type apiuser: AuthUser
174 :type apiuser: AuthUser
175 :param group_name: Set the name of the new user group.
175 :param group_name: Set the name of the new user group.
176 :type group_name: str
176 :type group_name: str
177 :param description: Give a description of the new user group.
177 :param description: Give a description of the new user group.
178 :type description: str
178 :type description: str
179 :param owner: Set the owner of the new user group.
179 :param owner: Set the owner of the new user group.
180 If not set, the owner is the |authtoken| user.
180 If not set, the owner is the |authtoken| user.
181 :type owner: Optional(str or int)
181 :type owner: Optional(str or int)
182 :param active: Set this group as active.
182 :param active: Set this group as active.
183 :type active: Optional(``True`` | ``False``)
183 :type active: Optional(``True`` | ``False``)
184
184
185 Example output:
185 Example output:
186
186
187 .. code-block:: bash
187 .. code-block:: bash
188
188
189 id : <id_given_in_input>
189 id : <id_given_in_input>
190 result: {
190 result: {
191 "msg": "created new user group `<groupname>`",
191 "msg": "created new user group `<groupname>`",
192 "user_group": <user_group_object>
192 "user_group": <user_group_object>
193 }
193 }
194 error: null
194 error: null
195
195
196 Example error output:
196 Example error output:
197
197
198 .. code-block:: bash
198 .. code-block:: bash
199
199
200 id : <id_given_in_input>
200 id : <id_given_in_input>
201 result : null
201 result : null
202 error : {
202 error : {
203 "user group `<group name>` already exist"
203 "user group `<group name>` already exist"
204 or
204 or
205 "failed to create group `<group name>`"
205 "failed to create group `<group name>`"
206 }
206 }
207
207
208 """
208 """
209
209
210 if not has_superadmin_permission(apiuser):
210 if not has_superadmin_permission(apiuser):
211 if not HasPermissionAnyApi('hg.usergroup.create.true')(user=apiuser):
211 if not HasPermissionAnyApi('hg.usergroup.create.true')(user=apiuser):
212 raise JSONRPCForbidden()
212 raise JSONRPCForbidden()
213
213
214 if UserGroupModel().get_by_name(group_name):
214 if UserGroupModel().get_by_name(group_name):
215 raise JSONRPCError("user group `%s` already exist" % (group_name,))
215 raise JSONRPCError("user group `%s` already exist" % (group_name,))
216
216
217 if isinstance(owner, Optional):
217 if isinstance(owner, Optional):
218 owner = apiuser.user_id
218 owner = apiuser.user_id
219
219
220 owner = get_user_or_error(owner)
220 owner = get_user_or_error(owner)
221 active = Optional.extract(active)
221 active = Optional.extract(active)
222 description = Optional.extract(description)
222 description = Optional.extract(description)
223
223
224 schema = user_group_schema.UserGroupSchema().bind(
224 schema = user_group_schema.UserGroupSchema().bind(
225 # user caller
225 # user caller
226 user=apiuser)
226 user=apiuser)
227 try:
227 try:
228 schema_data = schema.deserialize(dict(
228 schema_data = schema.deserialize(dict(
229 user_group_name=group_name,
229 user_group_name=group_name,
230 user_group_description=description,
230 user_group_description=description,
231 user_group_owner=owner.username,
231 user_group_owner=owner.username,
232 user_group_active=active,
232 user_group_active=active,
233 ))
233 ))
234 except validation_schema.Invalid as err:
234 except validation_schema.Invalid as err:
235 raise JSONRPCValidationError(colander_exc=err)
235 raise JSONRPCValidationError(colander_exc=err)
236
236
237 try:
237 try:
238 user_group = UserGroupModel().create(
238 user_group = UserGroupModel().create(
239 name=schema_data['user_group_name'],
239 name=schema_data['user_group_name'],
240 description=schema_data['user_group_description'],
240 description=schema_data['user_group_description'],
241 owner=owner,
241 owner=owner,
242 active=schema_data['user_group_active'])
242 active=schema_data['user_group_active'])
243 Session().flush()
243 Session().flush()
244 creation_data = user_group.get_api_data()
244 creation_data = user_group.get_api_data()
245 audit_logger.store_api(
245 audit_logger.store_api(
246 'user_group.create', action_data={'data': creation_data},
246 'user_group.create', action_data={'data': creation_data},
247 user=apiuser)
247 user=apiuser)
248 Session().commit()
248 Session().commit()
249 return {
249 return {
250 'msg': 'created new user group `%s`' % group_name,
250 'msg': 'created new user group `%s`' % group_name,
251 'user_group': creation_data
251 'user_group': creation_data
252 }
252 }
253 except Exception:
253 except Exception:
254 log.exception("Error occurred during creation of user group")
254 log.exception("Error occurred during creation of user group")
255 raise JSONRPCError('failed to create group `%s`' % (group_name,))
255 raise JSONRPCError('failed to create group `%s`' % (group_name,))
256
256
257
257
258 @jsonrpc_method()
258 @jsonrpc_method()
259 def update_user_group(request, apiuser, usergroupid, group_name=Optional(''),
259 def update_user_group(request, apiuser, usergroupid, group_name=Optional(''),
260 description=Optional(''), owner=Optional(None),
260 description=Optional(''), owner=Optional(None),
261 active=Optional(True)):
261 active=Optional(True)):
262 """
262 """
263 Updates the specified `user group` with the details provided.
263 Updates the specified `user group` with the details provided.
264
264
265 This command can only be run using an |authtoken| with admin rights to
265 This command can only be run using an |authtoken| with admin rights to
266 the specified repository.
266 the specified repository.
267
267
268 :param apiuser: This is filled automatically from the |authtoken|.
268 :param apiuser: This is filled automatically from the |authtoken|.
269 :type apiuser: AuthUser
269 :type apiuser: AuthUser
270 :param usergroupid: Set the id of the `user group` to update.
270 :param usergroupid: Set the id of the `user group` to update.
271 :type usergroupid: str or int
271 :type usergroupid: str or int
272 :param group_name: Set the new name the `user group`
272 :param group_name: Set the new name the `user group`
273 :type group_name: str
273 :type group_name: str
274 :param description: Give a description for the `user group`
274 :param description: Give a description for the `user group`
275 :type description: str
275 :type description: str
276 :param owner: Set the owner of the `user group`.
276 :param owner: Set the owner of the `user group`.
277 :type owner: Optional(str or int)
277 :type owner: Optional(str or int)
278 :param active: Set the group as active.
278 :param active: Set the group as active.
279 :type active: Optional(``True`` | ``False``)
279 :type active: Optional(``True`` | ``False``)
280
280
281 Example output:
281 Example output:
282
282
283 .. code-block:: bash
283 .. code-block:: bash
284
284
285 id : <id_given_in_input>
285 id : <id_given_in_input>
286 result : {
286 result : {
287 "msg": 'updated user group ID:<user group id> <user group name>',
287 "msg": 'updated user group ID:<user group id> <user group name>',
288 "user_group": <user_group_object>
288 "user_group": <user_group_object>
289 }
289 }
290 error : null
290 error : null
291
291
292 Example error output:
292 Example error output:
293
293
294 .. code-block:: bash
294 .. code-block:: bash
295
295
296 id : <id_given_in_input>
296 id : <id_given_in_input>
297 result : null
297 result : null
298 error : {
298 error : {
299 "failed to update user group `<user group name>`"
299 "failed to update user group `<user group name>`"
300 }
300 }
301
301
302 """
302 """
303
303
304 user_group = get_user_group_or_error(usergroupid)
304 user_group = get_user_group_or_error(usergroupid)
305 include_secrets = False
305 include_secrets = False
306 if not has_superadmin_permission(apiuser):
306 if not has_superadmin_permission(apiuser):
307 # check if we have admin permission for this user group !
307 # check if we have admin permission for this user group !
308 _perms = ('usergroup.admin',)
308 _perms = ('usergroup.admin',)
309 if not HasUserGroupPermissionAnyApi(*_perms)(
309 if not HasUserGroupPermissionAnyApi(*_perms)(
310 user=apiuser, user_group_name=user_group.users_group_name):
310 user=apiuser, user_group_name=user_group.users_group_name):
311 raise JSONRPCError(
311 raise JSONRPCError(
312 'user group `%s` does not exist' % (usergroupid,))
312 'user group `%s` does not exist' % (usergroupid,))
313 else:
313 else:
314 include_secrets = True
314 include_secrets = True
315
315
316 if not isinstance(owner, Optional):
316 if not isinstance(owner, Optional):
317 owner = get_user_or_error(owner)
317 owner = get_user_or_error(owner)
318
318
319 old_data = user_group.get_api_data()
319 old_data = user_group.get_api_data()
320 updates = {}
320 updates = {}
321 store_update(updates, group_name, 'users_group_name')
321 store_update(updates, group_name, 'users_group_name')
322 store_update(updates, description, 'user_group_description')
322 store_update(updates, description, 'user_group_description')
323 store_update(updates, owner, 'user')
323 store_update(updates, owner, 'user')
324 store_update(updates, active, 'users_group_active')
324 store_update(updates, active, 'users_group_active')
325 try:
325 try:
326 UserGroupModel().update(user_group, updates)
326 UserGroupModel().update(user_group, updates)
327 audit_logger.store_api(
327 audit_logger.store_api(
328 'user_group.edit', action_data={'old_data': old_data},
328 'user_group.edit', action_data={'old_data': old_data},
329 user=apiuser)
329 user=apiuser)
330 Session().commit()
330 Session().commit()
331 return {
331 return {
332 'msg': 'updated user group ID:%s %s' % (
332 'msg': 'updated user group ID:%s %s' % (
333 user_group.users_group_id, user_group.users_group_name),
333 user_group.users_group_id, user_group.users_group_name),
334 'user_group': user_group.get_api_data(
334 'user_group': user_group.get_api_data(
335 include_secrets=include_secrets)
335 include_secrets=include_secrets)
336 }
336 }
337 except Exception:
337 except Exception:
338 log.exception("Error occurred during update of user group")
338 log.exception("Error occurred during update of user group")
339 raise JSONRPCError(
339 raise JSONRPCError(
340 'failed to update user group `%s`' % (usergroupid,))
340 'failed to update user group `%s`' % (usergroupid,))
341
341
342
342
343 @jsonrpc_method()
343 @jsonrpc_method()
344 def delete_user_group(request, apiuser, usergroupid):
344 def delete_user_group(request, apiuser, usergroupid):
345 """
345 """
346 Deletes the specified `user group`.
346 Deletes the specified `user group`.
347
347
348 This command can only be run using an |authtoken| with admin rights to
348 This command can only be run using an |authtoken| with admin rights to
349 the specified repository.
349 the specified repository.
350
350
351 This command takes the following options:
351 This command takes the following options:
352
352
353 :param apiuser: filled automatically from apikey
353 :param apiuser: filled automatically from apikey
354 :type apiuser: AuthUser
354 :type apiuser: AuthUser
355 :param usergroupid:
355 :param usergroupid:
356 :type usergroupid: int
356 :type usergroupid: int
357
357
358 Example output:
358 Example output:
359
359
360 .. code-block:: bash
360 .. code-block:: bash
361
361
362 id : <id_given_in_input>
362 id : <id_given_in_input>
363 result : {
363 result : {
364 "msg": "deleted user group ID:<user_group_id> <user_group_name>"
364 "msg": "deleted user group ID:<user_group_id> <user_group_name>"
365 }
365 }
366 error : null
366 error : null
367
367
368 Example error output:
368 Example error output:
369
369
370 .. code-block:: bash
370 .. code-block:: bash
371
371
372 id : <id_given_in_input>
372 id : <id_given_in_input>
373 result : null
373 result : null
374 error : {
374 error : {
375 "failed to delete user group ID:<user_group_id> <user_group_name>"
375 "failed to delete user group ID:<user_group_id> <user_group_name>"
376 or
376 or
377 "RepoGroup assigned to <repo_groups_list>"
377 "RepoGroup assigned to <repo_groups_list>"
378 }
378 }
379
379
380 """
380 """
381
381
382 user_group = get_user_group_or_error(usergroupid)
382 user_group = get_user_group_or_error(usergroupid)
383 if not has_superadmin_permission(apiuser):
383 if not has_superadmin_permission(apiuser):
384 # check if we have admin permission for this user group !
384 # check if we have admin permission for this user group !
385 _perms = ('usergroup.admin',)
385 _perms = ('usergroup.admin',)
386 if not HasUserGroupPermissionAnyApi(*_perms)(
386 if not HasUserGroupPermissionAnyApi(*_perms)(
387 user=apiuser, user_group_name=user_group.users_group_name):
387 user=apiuser, user_group_name=user_group.users_group_name):
388 raise JSONRPCError(
388 raise JSONRPCError(
389 'user group `%s` does not exist' % (usergroupid,))
389 'user group `%s` does not exist' % (usergroupid,))
390
390
391 old_data = user_group.get_api_data()
391 old_data = user_group.get_api_data()
392 try:
392 try:
393 UserGroupModel().delete(user_group)
393 UserGroupModel().delete(user_group)
394 audit_logger.store_api(
394 audit_logger.store_api(
395 'user_group.delete', action_data={'old_data': old_data},
395 'user_group.delete', action_data={'old_data': old_data},
396 user=apiuser)
396 user=apiuser)
397 Session().commit()
397 Session().commit()
398 return {
398 return {
399 'msg': 'deleted user group ID:%s %s' % (
399 'msg': 'deleted user group ID:%s %s' % (
400 user_group.users_group_id, user_group.users_group_name),
400 user_group.users_group_id, user_group.users_group_name),
401 'user_group': None
401 'user_group': None
402 }
402 }
403 except UserGroupAssignedException as e:
403 except UserGroupAssignedException as e:
404 log.exception("UserGroupAssigned error")
404 log.exception("UserGroupAssigned error")
405 raise JSONRPCError(str(e))
405 raise JSONRPCError(str(e))
406 except Exception:
406 except Exception:
407 log.exception("Error occurred during deletion of user group")
407 log.exception("Error occurred during deletion of user group")
408 raise JSONRPCError(
408 raise JSONRPCError(
409 'failed to delete user group ID:%s %s' %(
409 'failed to delete user group ID:%s %s' %(
410 user_group.users_group_id, user_group.users_group_name))
410 user_group.users_group_id, user_group.users_group_name))
411
411
412
412
413 @jsonrpc_method()
413 @jsonrpc_method()
414 def add_user_to_user_group(request, apiuser, usergroupid, userid):
414 def add_user_to_user_group(request, apiuser, usergroupid, userid):
415 """
415 """
416 Adds a user to a `user group`. If the user already exists in the group
416 Adds a user to a `user group`. If the user already exists in the group
417 this command will return false.
417 this command will return false.
418
418
419 This command can only be run using an |authtoken| with admin rights to
419 This command can only be run using an |authtoken| with admin rights to
420 the specified user group.
420 the specified user group.
421
421
422 This command takes the following options:
422 This command takes the following options:
423
423
424 :param apiuser: This is filled automatically from the |authtoken|.
424 :param apiuser: This is filled automatically from the |authtoken|.
425 :type apiuser: AuthUser
425 :type apiuser: AuthUser
426 :param usergroupid: Set the name of the `user group` to which a
426 :param usergroupid: Set the name of the `user group` to which a
427 user will be added.
427 user will be added.
428 :type usergroupid: int
428 :type usergroupid: int
429 :param userid: Set the `user_id` of the user to add to the group.
429 :param userid: Set the `user_id` of the user to add to the group.
430 :type userid: int
430 :type userid: int
431
431
432 Example output:
432 Example output:
433
433
434 .. code-block:: bash
434 .. code-block:: bash
435
435
436 id : <id_given_in_input>
436 id : <id_given_in_input>
437 result : {
437 result : {
438 "success": True|False # depends on if member is in group
438 "success": True|False # depends on if member is in group
439 "msg": "added member `<username>` to user group `<groupname>` |
439 "msg": "added member `<username>` to user group `<groupname>` |
440 User is already in that group"
440 User is already in that group"
441
441
442 }
442 }
443 error : null
443 error : null
444
444
445 Example error output:
445 Example error output:
446
446
447 .. code-block:: bash
447 .. code-block:: bash
448
448
449 id : <id_given_in_input>
449 id : <id_given_in_input>
450 result : null
450 result : null
451 error : {
451 error : {
452 "failed to add member to user group `<user_group_name>`"
452 "failed to add member to user group `<user_group_name>`"
453 }
453 }
454
454
455 """
455 """
456
456
457 user = get_user_or_error(userid)
457 user = get_user_or_error(userid)
458 user_group = get_user_group_or_error(usergroupid)
458 user_group = get_user_group_or_error(usergroupid)
459 if not has_superadmin_permission(apiuser):
459 if not has_superadmin_permission(apiuser):
460 # check if we have admin permission for this user group !
460 # check if we have admin permission for this user group !
461 _perms = ('usergroup.admin',)
461 _perms = ('usergroup.admin',)
462 if not HasUserGroupPermissionAnyApi(*_perms)(
462 if not HasUserGroupPermissionAnyApi(*_perms)(
463 user=apiuser, user_group_name=user_group.users_group_name):
463 user=apiuser, user_group_name=user_group.users_group_name):
464 raise JSONRPCError('user group `%s` does not exist' % (
464 raise JSONRPCError('user group `%s` does not exist' % (
465 usergroupid,))
465 usergroupid,))
466
466
467 old_values = user_group.get_api_data()
467 try:
468 try:
468 ugm = UserGroupModel().add_user_to_group(user_group, user)
469 ugm = UserGroupModel().add_user_to_group(user_group, user)
469 success = True if ugm is not True else False
470 success = True if ugm is not True else False
470 msg = 'added member `%s` to user group `%s`' % (
471 msg = 'added member `%s` to user group `%s`' % (
471 user.username, user_group.users_group_name
472 user.username, user_group.users_group_name
472 )
473 )
473 msg = msg if success else 'User is already in that group'
474 msg = msg if success else 'User is already in that group'
474 if success:
475 if success:
475 user_data = user.get_api_data()
476 user_data = user.get_api_data()
476 audit_logger.store_api(
477 audit_logger.store_api(
477 'user_group.edit.member.add', action_data={'user': user_data},
478 'user_group.edit.member.add',
479 action_data={'user': user_data, 'old_data': old_values},
478 user=apiuser)
480 user=apiuser)
479
481
480 Session().commit()
482 Session().commit()
481
483
482 return {
484 return {
483 'success': success,
485 'success': success,
484 'msg': msg
486 'msg': msg
485 }
487 }
486 except Exception:
488 except Exception:
487 log.exception("Error occurred during adding a member to user group")
489 log.exception("Error occurred during adding a member to user group")
488 raise JSONRPCError(
490 raise JSONRPCError(
489 'failed to add member to user group `%s`' % (
491 'failed to add member to user group `%s`' % (
490 user_group.users_group_name,
492 user_group.users_group_name,
491 )
493 )
492 )
494 )
493
495
494
496
495 @jsonrpc_method()
497 @jsonrpc_method()
496 def remove_user_from_user_group(request, apiuser, usergroupid, userid):
498 def remove_user_from_user_group(request, apiuser, usergroupid, userid):
497 """
499 """
498 Removes a user from a user group.
500 Removes a user from a user group.
499
501
500 * If the specified user is not in the group, this command will return
502 * If the specified user is not in the group, this command will return
501 `false`.
503 `false`.
502
504
503 This command can only be run using an |authtoken| with admin rights to
505 This command can only be run using an |authtoken| with admin rights to
504 the specified user group.
506 the specified user group.
505
507
506 :param apiuser: This is filled automatically from the |authtoken|.
508 :param apiuser: This is filled automatically from the |authtoken|.
507 :type apiuser: AuthUser
509 :type apiuser: AuthUser
508 :param usergroupid: Sets the user group name.
510 :param usergroupid: Sets the user group name.
509 :type usergroupid: str or int
511 :type usergroupid: str or int
510 :param userid: The user you wish to remove from |RCE|.
512 :param userid: The user you wish to remove from |RCE|.
511 :type userid: str or int
513 :type userid: str or int
512
514
513 Example output:
515 Example output:
514
516
515 .. code-block:: bash
517 .. code-block:: bash
516
518
517 id : <id_given_in_input>
519 id : <id_given_in_input>
518 result: {
520 result: {
519 "success": True|False, # depends on if member is in group
521 "success": True|False, # depends on if member is in group
520 "msg": "removed member <username> from user group <groupname> |
522 "msg": "removed member <username> from user group <groupname> |
521 User wasn't in group"
523 User wasn't in group"
522 }
524 }
523 error: null
525 error: null
524
526
525 """
527 """
526
528
527 user = get_user_or_error(userid)
529 user = get_user_or_error(userid)
528 user_group = get_user_group_or_error(usergroupid)
530 user_group = get_user_group_or_error(usergroupid)
529 if not has_superadmin_permission(apiuser):
531 if not has_superadmin_permission(apiuser):
530 # check if we have admin permission for this user group !
532 # check if we have admin permission for this user group !
531 _perms = ('usergroup.admin',)
533 _perms = ('usergroup.admin',)
532 if not HasUserGroupPermissionAnyApi(*_perms)(
534 if not HasUserGroupPermissionAnyApi(*_perms)(
533 user=apiuser, user_group_name=user_group.users_group_name):
535 user=apiuser, user_group_name=user_group.users_group_name):
534 raise JSONRPCError(
536 raise JSONRPCError(
535 'user group `%s` does not exist' % (usergroupid,))
537 'user group `%s` does not exist' % (usergroupid,))
536
538
539 old_values = user_group.get_api_data()
537 try:
540 try:
538 success = UserGroupModel().remove_user_from_group(user_group, user)
541 success = UserGroupModel().remove_user_from_group(user_group, user)
539 msg = 'removed member `%s` from user group `%s`' % (
542 msg = 'removed member `%s` from user group `%s`' % (
540 user.username, user_group.users_group_name
543 user.username, user_group.users_group_name
541 )
544 )
542 msg = msg if success else "User wasn't in group"
545 msg = msg if success else "User wasn't in group"
543 if success:
546 if success:
544 user_data = user.get_api_data()
547 user_data = user.get_api_data()
545 audit_logger.store_api(
548 audit_logger.store_api(
546 'user_group.edit.member.delete', action_data={'user': user_data},
549 'user_group.edit.member.delete',
550 action_data={'user': user_data, 'old_data': old_values},
547 user=apiuser)
551 user=apiuser)
548
552
549 Session().commit()
553 Session().commit()
550 return {'success': success, 'msg': msg}
554 return {'success': success, 'msg': msg}
551 except Exception:
555 except Exception:
552 log.exception("Error occurred during removing an member from user group")
556 log.exception("Error occurred during removing an member from user group")
553 raise JSONRPCError(
557 raise JSONRPCError(
554 'failed to remove member from user group `%s`' % (
558 'failed to remove member from user group `%s`' % (
555 user_group.users_group_name,
559 user_group.users_group_name,
556 )
560 )
557 )
561 )
558
562
559
563
560 @jsonrpc_method()
564 @jsonrpc_method()
561 def grant_user_permission_to_user_group(
565 def grant_user_permission_to_user_group(
562 request, apiuser, usergroupid, userid, perm):
566 request, apiuser, usergroupid, userid, perm):
563 """
567 """
564 Set permissions for a user in a user group.
568 Set permissions for a user in a user group.
565
569
566 :param apiuser: This is filled automatically from the |authtoken|.
570 :param apiuser: This is filled automatically from the |authtoken|.
567 :type apiuser: AuthUser
571 :type apiuser: AuthUser
568 :param usergroupid: Set the user group to edit permissions on.
572 :param usergroupid: Set the user group to edit permissions on.
569 :type usergroupid: str or int
573 :type usergroupid: str or int
570 :param userid: Set the user from whom you wish to set permissions.
574 :param userid: Set the user from whom you wish to set permissions.
571 :type userid: str
575 :type userid: str
572 :param perm: (usergroup.(none|read|write|admin))
576 :param perm: (usergroup.(none|read|write|admin))
573 :type perm: str
577 :type perm: str
574
578
575 Example output:
579 Example output:
576
580
577 .. code-block:: bash
581 .. code-block:: bash
578
582
579 id : <id_given_in_input>
583 id : <id_given_in_input>
580 result : {
584 result : {
581 "msg": "Granted perm: `<perm_name>` for user: `<username>` in user group: `<user_group_name>`",
585 "msg": "Granted perm: `<perm_name>` for user: `<username>` in user group: `<user_group_name>`",
582 "success": true
586 "success": true
583 }
587 }
584 error : null
588 error : null
585 """
589 """
586
590
587 user_group = get_user_group_or_error(usergroupid)
591 user_group = get_user_group_or_error(usergroupid)
588
592
589 if not has_superadmin_permission(apiuser):
593 if not has_superadmin_permission(apiuser):
590 # check if we have admin permission for this user group !
594 # check if we have admin permission for this user group !
591 _perms = ('usergroup.admin',)
595 _perms = ('usergroup.admin',)
592 if not HasUserGroupPermissionAnyApi(*_perms)(
596 if not HasUserGroupPermissionAnyApi(*_perms)(
593 user=apiuser, user_group_name=user_group.users_group_name):
597 user=apiuser, user_group_name=user_group.users_group_name):
594 raise JSONRPCError(
598 raise JSONRPCError(
595 'user group `%s` does not exist' % (usergroupid,))
599 'user group `%s` does not exist' % (usergroupid,))
596
600
597 user = get_user_or_error(userid)
601 user = get_user_or_error(userid)
598 perm = get_perm_or_error(perm, prefix='usergroup.')
602 perm = get_perm_or_error(perm, prefix='usergroup.')
599
603
600 try:
604 try:
601 UserGroupModel().grant_user_permission(
605 UserGroupModel().grant_user_permission(
602 user_group=user_group, user=user, perm=perm)
606 user_group=user_group, user=user, perm=perm)
603 Session().commit()
607 Session().commit()
604 return {
608 return {
605 'msg':
609 'msg':
606 'Granted perm: `%s` for user: `%s` in user group: `%s`' % (
610 'Granted perm: `%s` for user: `%s` in user group: `%s`' % (
607 perm.permission_name, user.username,
611 perm.permission_name, user.username,
608 user_group.users_group_name
612 user_group.users_group_name
609 ),
613 ),
610 'success': True
614 'success': True
611 }
615 }
612 except Exception:
616 except Exception:
613 log.exception("Error occurred during editing permissions "
617 log.exception("Error occurred during editing permissions "
614 "for user in user group")
618 "for user in user group")
615 raise JSONRPCError(
619 raise JSONRPCError(
616 'failed to edit permission for user: '
620 'failed to edit permission for user: '
617 '`%s` in user group: `%s`' % (
621 '`%s` in user group: `%s`' % (
618 userid, user_group.users_group_name))
622 userid, user_group.users_group_name))
619
623
620
624
621 @jsonrpc_method()
625 @jsonrpc_method()
622 def revoke_user_permission_from_user_group(
626 def revoke_user_permission_from_user_group(
623 request, apiuser, usergroupid, userid):
627 request, apiuser, usergroupid, userid):
624 """
628 """
625 Revoke a users permissions in a user group.
629 Revoke a users permissions in a user group.
626
630
627 :param apiuser: This is filled automatically from the |authtoken|.
631 :param apiuser: This is filled automatically from the |authtoken|.
628 :type apiuser: AuthUser
632 :type apiuser: AuthUser
629 :param usergroupid: Set the user group from which to revoke the user
633 :param usergroupid: Set the user group from which to revoke the user
630 permissions.
634 permissions.
631 :type: usergroupid: str or int
635 :type: usergroupid: str or int
632 :param userid: Set the userid of the user whose permissions will be
636 :param userid: Set the userid of the user whose permissions will be
633 revoked.
637 revoked.
634 :type userid: str
638 :type userid: str
635
639
636 Example output:
640 Example output:
637
641
638 .. code-block:: bash
642 .. code-block:: bash
639
643
640 id : <id_given_in_input>
644 id : <id_given_in_input>
641 result : {
645 result : {
642 "msg": "Revoked perm for user: `<username>` in user group: `<user_group_name>`",
646 "msg": "Revoked perm for user: `<username>` in user group: `<user_group_name>`",
643 "success": true
647 "success": true
644 }
648 }
645 error : null
649 error : null
646 """
650 """
647
651
648 user_group = get_user_group_or_error(usergroupid)
652 user_group = get_user_group_or_error(usergroupid)
649
653
650 if not has_superadmin_permission(apiuser):
654 if not has_superadmin_permission(apiuser):
651 # check if we have admin permission for this user group !
655 # check if we have admin permission for this user group !
652 _perms = ('usergroup.admin',)
656 _perms = ('usergroup.admin',)
653 if not HasUserGroupPermissionAnyApi(*_perms)(
657 if not HasUserGroupPermissionAnyApi(*_perms)(
654 user=apiuser, user_group_name=user_group.users_group_name):
658 user=apiuser, user_group_name=user_group.users_group_name):
655 raise JSONRPCError(
659 raise JSONRPCError(
656 'user group `%s` does not exist' % (usergroupid,))
660 'user group `%s` does not exist' % (usergroupid,))
657
661
658 user = get_user_or_error(userid)
662 user = get_user_or_error(userid)
659
663
660 try:
664 try:
661 UserGroupModel().revoke_user_permission(
665 UserGroupModel().revoke_user_permission(
662 user_group=user_group, user=user)
666 user_group=user_group, user=user)
663 Session().commit()
667 Session().commit()
664 return {
668 return {
665 'msg': 'Revoked perm for user: `%s` in user group: `%s`' % (
669 'msg': 'Revoked perm for user: `%s` in user group: `%s`' % (
666 user.username, user_group.users_group_name
670 user.username, user_group.users_group_name
667 ),
671 ),
668 'success': True
672 'success': True
669 }
673 }
670 except Exception:
674 except Exception:
671 log.exception("Error occurred during editing permissions "
675 log.exception("Error occurred during editing permissions "
672 "for user in user group")
676 "for user in user group")
673 raise JSONRPCError(
677 raise JSONRPCError(
674 'failed to edit permission for user: `%s` in user group: `%s`'
678 'failed to edit permission for user: `%s` in user group: `%s`'
675 % (userid, user_group.users_group_name))
679 % (userid, user_group.users_group_name))
676
680
677
681
678 @jsonrpc_method()
682 @jsonrpc_method()
679 def grant_user_group_permission_to_user_group(
683 def grant_user_group_permission_to_user_group(
680 request, apiuser, usergroupid, sourceusergroupid, perm):
684 request, apiuser, usergroupid, sourceusergroupid, perm):
681 """
685 """
682 Give one user group permissions to another user group.
686 Give one user group permissions to another user group.
683
687
684 :param apiuser: This is filled automatically from the |authtoken|.
688 :param apiuser: This is filled automatically from the |authtoken|.
685 :type apiuser: AuthUser
689 :type apiuser: AuthUser
686 :param usergroupid: Set the user group on which to edit permissions.
690 :param usergroupid: Set the user group on which to edit permissions.
687 :type usergroupid: str or int
691 :type usergroupid: str or int
688 :param sourceusergroupid: Set the source user group to which
692 :param sourceusergroupid: Set the source user group to which
689 access/permissions will be granted.
693 access/permissions will be granted.
690 :type sourceusergroupid: str or int
694 :type sourceusergroupid: str or int
691 :param perm: (usergroup.(none|read|write|admin))
695 :param perm: (usergroup.(none|read|write|admin))
692 :type perm: str
696 :type perm: str
693
697
694 Example output:
698 Example output:
695
699
696 .. code-block:: bash
700 .. code-block:: bash
697
701
698 id : <id_given_in_input>
702 id : <id_given_in_input>
699 result : {
703 result : {
700 "msg": "Granted perm: `<perm_name>` for user group: `<source_user_group_name>` in user group: `<user_group_name>`",
704 "msg": "Granted perm: `<perm_name>` for user group: `<source_user_group_name>` in user group: `<user_group_name>`",
701 "success": true
705 "success": true
702 }
706 }
703 error : null
707 error : null
704 """
708 """
705
709
706 user_group = get_user_group_or_error(sourceusergroupid)
710 user_group = get_user_group_or_error(sourceusergroupid)
707 target_user_group = get_user_group_or_error(usergroupid)
711 target_user_group = get_user_group_or_error(usergroupid)
708 perm = get_perm_or_error(perm, prefix='usergroup.')
712 perm = get_perm_or_error(perm, prefix='usergroup.')
709
713
710 if not has_superadmin_permission(apiuser):
714 if not has_superadmin_permission(apiuser):
711 # check if we have admin permission for this user group !
715 # check if we have admin permission for this user group !
712 _perms = ('usergroup.admin',)
716 _perms = ('usergroup.admin',)
713 if not HasUserGroupPermissionAnyApi(*_perms)(
717 if not HasUserGroupPermissionAnyApi(*_perms)(
714 user=apiuser,
718 user=apiuser,
715 user_group_name=target_user_group.users_group_name):
719 user_group_name=target_user_group.users_group_name):
716 raise JSONRPCError(
720 raise JSONRPCError(
717 'to user group `%s` does not exist' % (usergroupid,))
721 'to user group `%s` does not exist' % (usergroupid,))
718
722
719 # check if we have at least read permission for source user group !
723 # check if we have at least read permission for source user group !
720 _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
724 _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
721 if not HasUserGroupPermissionAnyApi(*_perms)(
725 if not HasUserGroupPermissionAnyApi(*_perms)(
722 user=apiuser, user_group_name=user_group.users_group_name):
726 user=apiuser, user_group_name=user_group.users_group_name):
723 raise JSONRPCError(
727 raise JSONRPCError(
724 'user group `%s` does not exist' % (sourceusergroupid,))
728 'user group `%s` does not exist' % (sourceusergroupid,))
725
729
726 try:
730 try:
727 UserGroupModel().grant_user_group_permission(
731 UserGroupModel().grant_user_group_permission(
728 target_user_group=target_user_group,
732 target_user_group=target_user_group,
729 user_group=user_group, perm=perm)
733 user_group=user_group, perm=perm)
730 Session().commit()
734 Session().commit()
731
735
732 return {
736 return {
733 'msg': 'Granted perm: `%s` for user group: `%s` '
737 'msg': 'Granted perm: `%s` for user group: `%s` '
734 'in user group: `%s`' % (
738 'in user group: `%s`' % (
735 perm.permission_name, user_group.users_group_name,
739 perm.permission_name, user_group.users_group_name,
736 target_user_group.users_group_name
740 target_user_group.users_group_name
737 ),
741 ),
738 'success': True
742 'success': True
739 }
743 }
740 except Exception:
744 except Exception:
741 log.exception("Error occurred during editing permissions "
745 log.exception("Error occurred during editing permissions "
742 "for user group in user group")
746 "for user group in user group")
743 raise JSONRPCError(
747 raise JSONRPCError(
744 'failed to edit permission for user group: `%s` in '
748 'failed to edit permission for user group: `%s` in '
745 'user group: `%s`' % (
749 'user group: `%s`' % (
746 sourceusergroupid, target_user_group.users_group_name
750 sourceusergroupid, target_user_group.users_group_name
747 )
751 )
748 )
752 )
749
753
750
754
751 @jsonrpc_method()
755 @jsonrpc_method()
752 def revoke_user_group_permission_from_user_group(
756 def revoke_user_group_permission_from_user_group(
753 request, apiuser, usergroupid, sourceusergroupid):
757 request, apiuser, usergroupid, sourceusergroupid):
754 """
758 """
755 Revoke the permissions that one user group has to another.
759 Revoke the permissions that one user group has to another.
756
760
757 :param apiuser: This is filled automatically from the |authtoken|.
761 :param apiuser: This is filled automatically from the |authtoken|.
758 :type apiuser: AuthUser
762 :type apiuser: AuthUser
759 :param usergroupid: Set the user group on which to edit permissions.
763 :param usergroupid: Set the user group on which to edit permissions.
760 :type usergroupid: str or int
764 :type usergroupid: str or int
761 :param sourceusergroupid: Set the user group from which permissions
765 :param sourceusergroupid: Set the user group from which permissions
762 are revoked.
766 are revoked.
763 :type sourceusergroupid: str or int
767 :type sourceusergroupid: str or int
764
768
765 Example output:
769 Example output:
766
770
767 .. code-block:: bash
771 .. code-block:: bash
768
772
769 id : <id_given_in_input>
773 id : <id_given_in_input>
770 result : {
774 result : {
771 "msg": "Revoked perm for user group: `<user_group_name>` in user group: `<target_user_group_name>`",
775 "msg": "Revoked perm for user group: `<user_group_name>` in user group: `<target_user_group_name>`",
772 "success": true
776 "success": true
773 }
777 }
774 error : null
778 error : null
775 """
779 """
776
780
777 user_group = get_user_group_or_error(sourceusergroupid)
781 user_group = get_user_group_or_error(sourceusergroupid)
778 target_user_group = get_user_group_or_error(usergroupid)
782 target_user_group = get_user_group_or_error(usergroupid)
779
783
780 if not has_superadmin_permission(apiuser):
784 if not has_superadmin_permission(apiuser):
781 # check if we have admin permission for this user group !
785 # check if we have admin permission for this user group !
782 _perms = ('usergroup.admin',)
786 _perms = ('usergroup.admin',)
783 if not HasUserGroupPermissionAnyApi(*_perms)(
787 if not HasUserGroupPermissionAnyApi(*_perms)(
784 user=apiuser,
788 user=apiuser,
785 user_group_name=target_user_group.users_group_name):
789 user_group_name=target_user_group.users_group_name):
786 raise JSONRPCError(
790 raise JSONRPCError(
787 'to user group `%s` does not exist' % (usergroupid,))
791 'to user group `%s` does not exist' % (usergroupid,))
788
792
789 # check if we have at least read permission
793 # check if we have at least read permission
790 # for the source user group !
794 # for the source user group !
791 _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
795 _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
792 if not HasUserGroupPermissionAnyApi(*_perms)(
796 if not HasUserGroupPermissionAnyApi(*_perms)(
793 user=apiuser, user_group_name=user_group.users_group_name):
797 user=apiuser, user_group_name=user_group.users_group_name):
794 raise JSONRPCError(
798 raise JSONRPCError(
795 'user group `%s` does not exist' % (sourceusergroupid,))
799 'user group `%s` does not exist' % (sourceusergroupid,))
796
800
797 try:
801 try:
798 UserGroupModel().revoke_user_group_permission(
802 UserGroupModel().revoke_user_group_permission(
799 target_user_group=target_user_group, user_group=user_group)
803 target_user_group=target_user_group, user_group=user_group)
800 Session().commit()
804 Session().commit()
801
805
802 return {
806 return {
803 'msg': 'Revoked perm for user group: '
807 'msg': 'Revoked perm for user group: '
804 '`%s` in user group: `%s`' % (
808 '`%s` in user group: `%s`' % (
805 user_group.users_group_name,
809 user_group.users_group_name,
806 target_user_group.users_group_name
810 target_user_group.users_group_name
807 ),
811 ),
808 'success': True
812 'success': True
809 }
813 }
810 except Exception:
814 except Exception:
811 log.exception("Error occurred during editing permissions "
815 log.exception("Error occurred during editing permissions "
812 "for user group in user group")
816 "for user group in user group")
813 raise JSONRPCError(
817 raise JSONRPCError(
814 'failed to edit permission for user group: '
818 'failed to edit permission for user group: '
815 '`%s` in user group: `%s`' % (
819 '`%s` in user group: `%s`' % (
816 sourceusergroupid, target_user_group.users_group_name
820 sourceusergroupid, target_user_group.users_group_name
817 )
821 )
818 )
822 )
General Comments 0
You need to be logged in to leave comments. Login now