From f02bb3caee923a45636b91905a605e6209898ae4 Mon Sep 17 00:00:00 2001
From: Matt Jibson <matt.jibson@gmail.com>
Date: Wed, 18 Nov 2015 12:01:40 -0500
Subject: [PATCH] Add user admin scope

Also remove unused scope decorator.

fixes #890
---
 auth/scopes.py            | 12 +++++++++++-
 endpoints/api/__init__.py |  3 +--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/auth/scopes.py b/auth/scopes.py
index 52ebda6d7..c41ad7033 100644
--- a/auth/scopes.py
+++ b/auth/scopes.py
@@ -43,6 +43,15 @@ READ_USER = Scope(scope= 'user:read',
                   description=('This application will be able to read user information such as '
                                'username and email address.'))
 
+ADMIN_USER = Scope(scope= 'user:admin',
+                  icon='fa-gear',
+                  dangerous=True,
+                  title='Administer User',
+                  description=('This application will be able to administer your account '
+                               'including creating robots and granting them permissions '
+                               'to your repositories. You should have absolute trust in the '
+                               'requesting application before granting this permission.'))
+
 ORG_ADMIN = Scope(scope='org:admin',
                   icon='fa-gear',
                   dangerous=True,
@@ -71,7 +80,7 @@ SUPERUSER = Scope(scope='super:user',
                                'permission.'))
 
 ALL_SCOPES = {scope.scope: scope for scope in (READ_REPO, WRITE_REPO, ADMIN_REPO, CREATE_REPO,
-                                               READ_USER, ORG_ADMIN, SUPERUSER)}
+                                               READ_USER, ORG_ADMIN, SUPERUSER, ADMIN_USER)}
 
 IMPLIED_SCOPES = {
   ADMIN_REPO: {ADMIN_REPO, WRITE_REPO, READ_REPO},
@@ -81,6 +90,7 @@ IMPLIED_SCOPES = {
   READ_USER: {READ_USER},
   ORG_ADMIN: {ORG_ADMIN},
   SUPERUSER: {SUPERUSER},
+  ADMIN_USER: {ADMIN_USER},
   None: set(),
 }
 
diff --git a/endpoints/api/__init__.py b/endpoints/api/__init__.py
index a83a7ac58..b014491fe 100644
--- a/endpoints/api/__init__.py
+++ b/endpoints/api/__init__.py
@@ -284,8 +284,7 @@ def require_user_permission(permission_class, scope=None):
 
 
 require_user_read = require_user_permission(UserReadPermission, scopes.READ_USER)
-require_user_admin = require_user_permission(UserAdminPermission, None)
-require_fresh_user_admin = require_user_permission(UserAdminPermission, None)
+require_user_admin = require_user_permission(UserAdminPermission, scopes.ADMIN_USER)
 
 
 def verify_not_prod(func):