-
Notifications
You must be signed in to change notification settings - Fork 27
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow meeting admin user to update a non admin user that shares all h…
…is meetings with requesting user. (#2576) * Allow meeting admin user to update a non admin user that shares all his meetings with requesting admin user. * Use user.can_update and user.can_manage. * Implement get_user_editable presenter with payload field names to support all payload field groups. --------- Co-authored-by: Elblinator <[email protected]> Co-authored-by: luisa-beerboom <[email protected]>
- Loading branch information
1 parent
deac9e1
commit c13b26f
Showing
27 changed files
with
1,671 additions
and
112 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
## Payload | ||
|
||
```js | ||
{ | ||
user_ids: Id[], // required | ||
fields: string[] // required | ||
} | ||
``` | ||
|
||
## Returns | ||
|
||
```js | ||
{ | ||
user_id: Id: { | ||
field: str: ( | ||
editable: boolean, // true if user can be updated or deleted, | ||
message?: string // error message if an exception was caught | ||
), | ||
... | ||
}, | ||
... | ||
} | ||
``` | ||
|
||
## Logic | ||
|
||
It iterates over the given `user_ids` and calculates whether a user can be updated depending on the given payload fields, permissions in shared committees and meetings, OML and the user-scope. The user scope is defined [here](https://github.com/OpenSlides/OpenSlides/wiki/Users#user-scopes). The payload field permissions are described [here](https://github.com/OpenSlides/openslides-backend/blob/main/docs/actions/user.update.md) and [here](https://github.com/OpenSlides/openslides-backend/blob/main/docs/actions/user.create.md). | ||
|
||
## Permissions | ||
|
||
There are no special permissions necessary. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
from collections import defaultdict | ||
from typing import Any | ||
|
||
import fastjsonschema | ||
|
||
from openslides_backend.permissions.permissions import Permissions | ||
from openslides_backend.shared.exceptions import ( | ||
ActionException, | ||
MissingPermission, | ||
PermissionDenied, | ||
PresenterException, | ||
) | ||
from openslides_backend.shared.mixins.user_create_update_permissions_mixin import ( | ||
CreateUpdatePermissionsMixin, | ||
) | ||
from openslides_backend.shared.schema import id_list_schema, str_list_schema | ||
|
||
from ..shared.schema import schema_version | ||
from .base import BasePresenter | ||
from .presenter import register_presenter | ||
|
||
get_user_editable_schema = fastjsonschema.compile( | ||
{ | ||
"$schema": schema_version, | ||
"type": "object", | ||
"title": "get_user_editable", | ||
"description": "get user editable", | ||
"properties": { | ||
"user_ids": id_list_schema, | ||
"fields": str_list_schema, | ||
}, | ||
"required": ["user_ids", "fields"], | ||
"additionalProperties": False, | ||
} | ||
) | ||
|
||
|
||
@register_presenter("get_user_editable") | ||
class GetUserEditable(CreateUpdatePermissionsMixin, BasePresenter): | ||
""" | ||
Checks for each given user whether the given fields are editable by calling user on a per payload group basis. | ||
""" | ||
|
||
schema = get_user_editable_schema | ||
name = "get_user_editable" | ||
permission = Permissions.User.CAN_MANAGE | ||
|
||
def get_result(self) -> Any: | ||
if not self.data["fields"]: | ||
raise PresenterException( | ||
"Need at least one field name to check editability." | ||
) | ||
reversed_field_rights = { | ||
field: group | ||
for group, fields in self.field_rights.items() | ||
for field in fields | ||
} | ||
one_field_per_group = { | ||
group_fields[0] | ||
for field_name in self.data["fields"] | ||
for group_fields in self.field_rights.values() | ||
if field_name in group_fields | ||
} | ||
result: defaultdict[str, dict[str, tuple[bool, str]]] = defaultdict(dict) | ||
for user_id in self.data["user_ids"]: | ||
result[str(user_id)] = {} | ||
groups_editable = {} | ||
for field_name in one_field_per_group: | ||
try: | ||
self.check_permissions({"id": user_id, field_name: None}) | ||
groups_editable[reversed_field_rights[field_name]] = (True, "") | ||
except (PermissionDenied, MissingPermission, ActionException) as e: | ||
groups_editable[reversed_field_rights[field_name]] = ( | ||
False, | ||
e.message, | ||
) | ||
result[str(user_id)].update( | ||
{ | ||
data_field_name: groups_editable[ | ||
reversed_field_rights[data_field_name] | ||
] | ||
for data_field_name in self.data["fields"] | ||
} | ||
) | ||
return result |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.