Bug 2351 Fixed: Able to Update user role even with project user role
Change-Id: I787b76f53219d24113dd3cb30ea3cafd18933d8f
Signed-off-by: Adurti <adurti.v@tataelxsi.co.in>
diff --git a/osm_nbi/admin_topics.py b/osm_nbi/admin_topics.py
index 02a9737..46bddeb 100644
--- a/osm_nbi/admin_topics.py
+++ b/osm_nbi/admin_topics.py
@@ -1079,6 +1079,30 @@
indata["add_project_role_mappings"].append(
{"project": proj, "role": rid}
)
+ if (
+ indata.get("remove_project_role_mappings")
+ or indata.get("add_project_role_mappings")
+ or indata.get("project_role_mappings")
+ ):
+ user_details = self.db.get_one("users", {"_id": session.get("user_id")})
+ edit_role = False
+ for pr in user_details["project_role_mappings"]:
+ role_id = pr.get("role")
+ role_details = self.db.get_one("roles", {"_id": role_id})
+ if role_details["permissions"].get("default"):
+ if "roles" not in role_details["permissions"] or role_details[
+ "permissions"
+ ].get("roles"):
+ edit_role = True
+ elif role_details["permissions"].get("roles"):
+ edit_role = True
+ if not edit_role:
+ raise EngineException(
+ "User {} has no privileges to edit or delete project-role mappings".format(
+ session.get("username")
+ ),
+ http_code=HTTPStatus.UNPROCESSABLE_ENTITY,
+ )
# user = self.show(session, _id) # Already in 'content'
original_mapping = content["project_role_mappings"]