def grant_permission(target_username, body, user: hug.directives.user = None, response=None):
"""
Grant a permission to a user
Note that the new permissions only apply after the user logged out and in again.
Needs admin permission.
:param target_username: the username of the user the permission should be granted
:param body: the permission as returned by get_permissions
:return: 'OK', error message or None
"""
try:
permission = _Permission.from_json(body)
except ValueError:
response.status = falcon.HTTP_UNPROCESSABLE_ENTITY
return "invalid JSON"
if not is_admin(user):
logger.debug("%s tried to grant a permission %s to %s but is not admin.", user['name'], permission,
target_username)
response.status = falcon.HTTP_FORBIDDEN
return None
target_username = target_username.strip().lower()
client = _get_client(target_username)
if not client:
logger.debug("%s tried to grant permission to unknown user %s", user['name'], target_username)
response.status = falcon.HTTP_400
return "unknown target user"
permissions = client.permissions
permissions.append(permission.name)
permissions = list(set(permissions))
db = _get_db_conn()
try:
with db:
db.execute("UPDATE clients SET permissions=? WHERE username=?", [",".join(permissions), target_username])
finally:
db.close()
return "OK"
评论列表
文章目录
