From d464af4cce3ba33e8bc12e63a0facb7ee8ba53ab Mon Sep 17 00:00:00 2001
From: Joseph Schorr <josephschorr@users.noreply.github.com>
Date: Fri, 16 Oct 2015 15:38:06 -0400
Subject: [PATCH] Add ability to update superusers via the UI

Fixes #634
---
 endpoints/api/superuser.py      | 14 +++++++++++++-
 static/js/pages/superuser.js    | 25 +++++++++++++++++++++++++
 static/partials/super-user.html | 11 +++++++++++
 3 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/endpoints/api/superuser.py b/endpoints/api/superuser.py
index 0606154fa..62218075f 100644
--- a/endpoints/api/superuser.py
+++ b/endpoints/api/superuser.py
@@ -9,7 +9,7 @@ from flask import request
 
 import features
 
-from app import app, avatar, superusers, authentication
+from app import app, avatar, superusers, authentication, config_provider
 from endpoints.api import (ApiResource, nickname, resource, validate_json_request,
                            internal_only, require_scope, show_if, parse_args,
                            query_param, abort, require_fresh_login, path_param, verify_not_prod)
@@ -397,6 +397,18 @@ class SuperUserManagement(ApiResource):
         user.enabled = bool(user_data['enabled'])
         user.save()
 
+      if 'superuser' in user_data:
+        config_object = config_provider.get_config()
+        superusers_set = set(config_object['SUPER_USERS'])
+
+        if user_data['superuser']:
+          superusers_set.add(username)
+        elif username in superusers_set:
+          superusers_set.remove(username)
+
+        config_object['SUPER_USERS'] = list(superusers_set)
+        config_provider.save_config(config_object)
+
       return user_view(user, password=user_data.get('password'))
 
     abort(403)
diff --git a/static/js/pages/superuser.js b/static/js/pages/superuser.js
index 5976e3c60..2b6d9e461 100644
--- a/static/js/pages/superuser.js
+++ b/static/js/pages/superuser.js
@@ -160,6 +160,31 @@
       }, errorHandler)
     };
 
+    $scope.setSuperuser = function(user, status) {
+      var setSuperuser = function() {
+        var params = {
+          'username': user.username
+        };
+
+        var data = {
+          'superuser': status
+        };
+
+        ApiService.changeInstallUser(data, params).then(function(resp) {
+          $scope.requiresRestart = true;
+        }, ApiService.errorDisplay('Could not change user'));
+      };
+
+      var msg = 'Note: This change, once applied, will require your installation ' +
+                'to be restarted to take effect';
+
+      bootbox.confirm(msg, function(status) {
+        if (status) {
+          setSuperuser();
+        }
+      });
+    };
+
     $scope.showDeleteUser = function(user) {
       if (user.username == UserService.currentUser().username) {
         bootbox.dialog({
diff --git a/static/partials/super-user.html b/static/partials/super-user.html
index 8b7ff1483..ce08488f3 100644
--- a/static/partials/super-user.html
+++ b/static/partials/super-user.html
@@ -185,6 +185,17 @@
                 <td style="text-align: center;">
                   <span class="cor-options-menu"
                         ng-if="user.username != current_user.username && !current_user.super_user">
+                    <span class="cor-option" option-click="setSuperuser(current_user, true)"
+                          quay-show="!current_user.super_user">
+                      <i class="fa">&Omega;</i>
+                      Make Superuser
+                    </span>
+                    <span class="cor-option" option-click="setSuperuser(current_user, false)"
+                          quay-show="current_user.super_user">
+                      <i class="fa">&omega;</i>
+                      Remove Superuser
+                    </span>
+
                     <span class="cor-option" option-click="showChangeEmail(current_user)"
                           quay-show="Config.AUTHENTICATION_TYPE == 'Database'">
                       <i class="fa fa-envelope-o"></i> Change E-mail Address