+ token_info = self._client.get_token()
+ # print(user)
+ myuser = self.get(name)
+ update_user = {
+ "add_project_role_mappings": [],
+ "remove_project_role_mappings": [],
+ }
+
+ if user.get("username"):
+ update_user["username"] = user["username"]
+ if user.get("new_password"):
+ update_user["password"] = user["new_password"]
+ if pwd_change and user.get("current_password"):
+ update_user["old_password"] = user["current_password"]
+
+ if user.get("set-project"):
+ # Remove project and insert project role mapping
+ for set_project in user["set-project"]:
+ set_project_clean = [m.strip() for m in set_project.split(",")]
+ project, roles = set_project_clean[0], set_project_clean[1:]
+
+ update_user["remove_project_role_mappings"].append({"project": project})
+
+ for role in roles:
+ mapping = {"project": project, "role": role}
+ update_user["add_project_role_mappings"].append(mapping)
+
+ if user.get("remove-project"):
+ for remove_project in user["remove-project"]:
+ update_user["remove_project_role_mappings"].append(
+ {"project": remove_project}
+ )
+
+ if user.get("add-project-role"):
+ for add_project_role in user["add-project-role"]:
+ add_project_role_clean = [
+ m.strip() for m in add_project_role.split(",")
+ ]
+ project, roles = add_project_role_clean[0], add_project_role_clean[1:]
+
+ for role in roles:
+ mapping = {"project": project, "role": role}
+ update_user["add_project_role_mappings"].append(mapping)
+
+ if user.get("remove-project-role"):
+ for remove_project_role in user["remove-project-role"]:
+ remove_project_role_clean = [
+ m.strip() for m in remove_project_role.split(",")
+ ]
+ project, roles = (
+ remove_project_role_clean[0],
+ remove_project_role_clean[1:],
+ )
+
+ for role in roles:
+ mapping = {"project": project, "role": role}
+ update_user["remove_project_role_mappings"].append(mapping)
+
+ if user.get("unlock"):
+ if token_info.get("admin_show"):
+ update_user["unlock"] = user["unlock"]
+ update_user["system_admin_id"] = token_info.get("user_id")
+ else:
+ raise ClientException(
+ "{} does not have privilege to unlock {}".format(
+ token_info.get("username"), myuser.get("username")
+ )
+ )
+
+ if user.get("renew"):
+ if token_info.get("admin_show"):
+ update_user["renew"] = user["renew"]
+ update_user["system_admin_id"] = token_info.get("user_id")
+ else:
+ raise ClientException(
+ "{} does not have privilege to renew {}".format(
+ token_info.get("username"), myuser.get("username")
+ )
+ )
+
+ if not update_user["remove_project_role_mappings"]:
+ del update_user["remove_project_role_mappings"]
+ if not update_user["add_project_role_mappings"]:
+ del update_user["add_project_role_mappings"]
+ if not update_user:
+ raise ClientException("At least something should be changed.")
+
+ http_code, resp = self._http.patch_cmd(
+ endpoint="{}/{}".format(self._apiBase, myuser["_id"]),
+ postfields_dict=update_user,
+ skip_query_admin=True,
+ )
+ # print('HTTP CODE: {}'.format(http_code))
+ # print('RESP: {}'.format(resp))
+ if http_code in (200, 201, 202):