Change API calls that expect non-robots to explicitly filter

Before this change, we'd filter in the UI but calls to the API could allow robots accounts where we only expect real users

endpoints/api/superuser.py

@@ -238,8 +238,8 @@ class SuperUserSendRecoveryEmail(ApiResource):
   @nickname('sendInstallUserRecoveryEmail')
   def post(self, username):
     if SuperUserPermission().can():
-      user = model.get_user(username)
-      if not user or user.organization or user.robot:
+      user = model.get_nonrobot_user(username)
+      if not user:
         abort(404)
 
       if superusers.is_superuser(username):
@@ -288,8 +288,8 @@ class SuperUserManagement(ApiResource):
   def get(self, username):
     """ Returns information about the specified user. """
     if SuperUserPermission().can():
-      user = model.get_user(username)
-      if not user or user.organization or user.robot:
+      user = model.get_nonrobot_user(username)
+      if not user:
         abort(404)
 
       return user_view(user)
@@ -302,8 +302,8 @@ class SuperUserManagement(ApiResource):
   def delete(self, username):
     """ Deletes the specified user. """
     if SuperUserPermission().can():
-      user = model.get_user(username)
-      if not user or user.organization or user.robot:
+      user = model.get_nonrobot_user(username)
+      if not user:
         abort(404)
 
       if superusers.is_superuser(username):
@@ -321,8 +321,8 @@ class SuperUserManagement(ApiResource):
   def put(self, username):
     """ Updates information about the specified user. """
     if SuperUserPermission().can():
-        user = model.get_user(username)
-        if not user or user.organization or user.robot:
+        user = model.get_nonrobot_user(username)
+        if not user:
           abort(404)
 
         if superusers.is_superuser(username):