- add a revoke-permission cli command

- clean up grant- and revoke-permission to remove duplicate work and enable better error reporting
2009-10-07 13:57:33 -04:00 · 2009-10-07 13:57:33 -04:00 · 06f940299c
commit 06f940299c
parent c67cfcdcf7
2 changed files with 39 additions and 8 deletions
--- a/cli/koji
+++ b/cli/koji
@ -1738,21 +1738,39 @@ def handle_grant_permission(options, session, args):
        parser.error(_("Please specify a permission and at least one user"))
        assert False
    activate_session(session)
-    perms = dict([(p['name'], p['id']) for p in session.getAllPerms()])
-    perm_id = perms.get(args[0], None)
-    if perm_id is None:
-        print "No such permission: %s" % args[0]
-        return 1
+    perm = args[0]
    names = args[1:]
    users = []
    for n in names:
        user = session.getUser(n)
        if user is None:
-            print "No such user: %s" % n
-            return 1
+            parser.error(_("No such user: %s" % n))
+            assert False
        users.append(user)
    for user in users:
-        session.grantPermission(user['id'], perm_id)
+        session.grantPermission(user['name'], perm)
+
+def handle_revoke_permission(options, session, args):
+    "[admin] Revoke a permission from a user"
+    usage = _("usage: %prog revoke-permission <permission> <user> [<user> ...]")
+    usage += _("\n(Specify the --help global option for a list of other help options)")
+    parser = OptionParser(usage=usage)
+    (options, args) = parser.parse_args(args)
+    if len(args) < 2:
+        parser.error(_("Please specify a permission and at least one user"))
+        assert False
+    activate_session(session)
+    perm = args[0]
+    names = args[1:]
+    users = []
+    for n in names:
+        user = session.getUser(n)
+        if user is None:
+            parser.error(_("No such user: %s" % n))
+            assert False
+        users.append(user)
+    for user in users:
+        session.revokePermission(user['name'], perm)

 def anon_handle_latest_pkg(options, session, args):
    "Print the latest packages for a tag"
--- a/hub/kojihub.py
+++ b/hub/kojihub.py
@ -5986,6 +5986,19 @@ class RootExports(object):
        VALUES (%(user_id)i, %(perm_id)i)"""
        _dml(insert, locals())

+    def revokePermission(self, userinfo, permission):
+        """Revoke a permission from a user"""
+        context.session.assertPerm('admin')
+        user_id = get_user(userinfo, strict=True)['id']
+        perm = lookup_perm(permission, strict=True)
+        perm_id = perm['id']
+        if perm['name'] not in koji.auth.get_user_perms(user_id):
+            raise koji.GenericError, 'user %s does not have permission: %s' % (userinfo, perm['name'])
+        update = """UPDATE user_perms
+        SET active = NULL, revoke_event = get_event()
+        WHERE user_id = %(user_id)i and perm_id = %(perm_id)i"""
+        _dml(update, locals())
+
    def createUser(self, username, status=None, krb_principal=None):
        """Add a user to the database"""
        context.session.assertPerm('admin')