Require role explicitly on user/group creation

Rather than default to administrator, require the user to explicitly set the role to administrator.
2024-11-22 17:43:14 +00:00 · 2020-01-27 16:12:03 -05:00 · 2020-01-27 16:12:03 -05:00 · cf72cf2d8c
commit cf72cf2d8c
parent 0652a7321b
2 changed files with 15 additions and 10 deletions
--- a/confluent_server/confluent/config/configmanager.py
+++ b/confluent_server/confluent/config/configmanager.py
@ -1349,7 +1349,7 @@ class ConfigManager(object):
        _mark_dirtykey('usergroups', groupname, self.tenant)
        self._bg_sync_to_file()

-    def create_usergroup(self, groupname, role="Administrator"):
+    def create_usergroup(self, groupname, role):
        """Create a new user

        :param groupname: The name of the user group
@ -1365,7 +1365,7 @@ class ConfigManager(object):
                              role)
        self._true_create_usergroup(groupname, role)

-    def _true_create_usergroup(self, groupname, role="Administrator"):
+    def _true_create_usergroup(self, groupname, role):
        if 'usergroups' not in self._cfgstore:
            self._cfgstore['usergroups'] = {}
        groupname = confluent.util.stringify(groupname)
@ -1440,7 +1440,7 @@ class ConfigManager(object):
        self._bg_sync_to_file()

    def create_user(self, name,
-                    role="Administrator", uid=None, displayname=None,
+                    role, uid=None, displayname=None,
                    attributemap=None):
        """Create a new user

@ -1459,7 +1459,7 @@ class ConfigManager(object):
                              role, uid, displayname, attributemap)
        self._true_create_user(name, role, uid, displayname, attributemap)

-    def _true_create_user(self, name, role="Administrator", uid=None,
+    def _true_create_user(self, name, role, uid=None,
                          displayname=None, attributemap=None):
        if 'idmap' not in _cfgstore['main']:
            _cfgstore['main']['idmap'] = {}
@ -1478,9 +1478,10 @@ class ConfigManager(object):
            self._cfgstore['users'][name]['displayname'] = displayname
        _cfgstore['main']['idmap'][uid] = {
            'tenant': self.tenant,
-            'username': name
+            'username': name,
+            'role': role,
        }
-        if attributemap is not None:
+        if attributemap:
            self._true_set_user(name, attributemap)
        _mark_dirtykey('users', name, self.tenant)
        _mark_dirtykey('idmap', uid)
--- a/confluent_server/confluent/core.py
+++ b/confluent_server/confluent/core.py
@ -412,18 +412,22 @@ def create_user(inputdata, configmanager):
    try:
        username = inputdata['name']
        del inputdata['name']
+        role = inputdata['role']
+        del inputdata['role']
    except (KeyError, ValueError):
-        raise exc.InvalidArgumentException()
-    configmanager.create_user(username, attributemap=inputdata)
+        raise exc.InvalidArgumentException('Missing user name or role')
+    configmanager.create_user(username, role, attributemap=inputdata)


 def create_usergroup(inputdata, configmanager):
    try:
        groupname = inputdata['name']
+        role = inputdata['role']
        del inputdata['name']
+        del inputdata['role']
    except (KeyError, ValueError):
-        raise exc.InvalidArgumentException()
-    configmanager.create_usergroup(groupname)
+        raise exc.InvalidArgumentException("Missing user name or role")
+    configmanager.create_usergroup(groupname, role)


 def update_usergroup(groupname, attribmap, configmanager):