diff --git a/endpoints/api/user.py b/endpoints/api/user.py index 7c3094cc7..0f21273b3 100644 --- a/endpoints/api/user.py +++ b/endpoints/api/user.py @@ -62,16 +62,22 @@ def handle_invite_code(invite_code, user): def user_view(user): - def org_view(o): + def org_view(o, user_admin=True): admin_org = AdministerOrganizationPermission(o.username) - return { + org_response = { 'name': o.username, 'avatar': avatar.get_data_for_org(o), - 'is_org_admin': admin_org.can(), - 'can_create_repo': admin_org.can() or CreateRepositoryPermission(o.username).can(), - 'preferred_namespace': not (o.stripe_id is None) + 'can_create_repo': CreateRepositoryPermission(o.username).can(), } + if user_admin: + org_response.update({ + 'is_org_admin': admin_org.can(), + 'preferred_namespace': not (o.stripe_id is None), + }) + + return org_response + organizations = model.organization.get_user_organizations(user.username) def login_view(login): @@ -91,23 +97,29 @@ def user_view(user): user_response = { 'anonymous': False, 'username': user.username, - 'avatar': avatar.get_data_for_user(user) + 'avatar': avatar.get_data_for_user(user), } user_admin = UserAdminPermission(user.username) if user_admin.can(): user_response.update({ + 'can_create_repo': True, 'is_me': True, 'verified': user.verified, 'email': user.email, - 'organizations': [org_view(o) for o in organizations], 'logins': [login_view(login) for login in logins], - 'can_create_repo': True, 'invoice_email': user.invoice_email, 'preferred_namespace': not (user.stripe_id is None), 'tag_expiration': user.removed_tag_expiration_s, }) + user_view_perm = UserReadPermission(user.username) + if user_view_perm.can(): + user_response.update({ + 'organizations': [org_view(o, user_admin=user_admin.can()) for o in organizations], + }) + + if features.SUPER_USERS and SuperUserPermission().can(): user_response.update({ 'super_user': user and user == get_authenticated_user() and SuperUserPermission().can()