def access_delete(owner, package_name, user):
if g.auth.user != owner:
raise ApiException(
requests.codes.forbidden,
"Only the package owner can revoke access"
)
if user == owner:
raise ApiException(
requests.codes.forbidden,
"Cannot revoke the owner's access"
)
if HAVE_PAYMENTS and user == PUBLIC:
customer = _get_or_create_customer()
plan = _get_customer_plan(customer)
if plan == PaymentPlan.FREE:
raise ApiException(
requests.codes.payment_required,
"Insufficient permissions. " +
"Upgrade your plan to create private packages: https://quiltdata.com/profile."
)
access = (
Access.query
.with_for_update()
.filter_by(user=user)
.join(Access.package)
.filter_by(owner=owner, name=package_name)
.one_or_none()
)
if access is None:
raise PackageNotFoundException(owner, package_name)
db.session.delete(access)
db.session.commit()
return dict()
评论列表
文章目录
