[cli] for create-admin command allow to bypass protected accounts

cgwire · Jul 31, 2024 · 738440c · 738440c
1 parent 39061c2
commit 738440c
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 4 deletions.
diff --git a/zou/app/services/persons_service.py b/zou/app/services/persons_service.py
@@ -276,12 +276,15 @@ def update_password(email, password):
     return person.serialize()
 
 
-def update_person(person_id, data):
+def update_person(person_id, data, bypass_protected_accounts=False):
     """
     Update person entry with data given in parameter.
     """
     person = Person.get(person_id)
-    if person.email in config.PROTECTED_ACCOUNTS:
+    if (
+        not bypass_protected_accounts
+        and person.email in config.PROTECTED_ACCOUNTS
+    ):
         message = None
         if data.get("active") is False:
             message = (

diff --git a/zou/cli.py b/zou/cli.py
@@ -140,7 +140,7 @@ def reset_migrations():
 
 @cli.command()
 @click.argument("email")
-@click.option("--password", required=True)
+@click.option("--password", default=None)
 def create_admin(email, password):
     """
     Create an admin user to allow usage of the API when database is empty.
@@ -149,10 +149,18 @@ def create_admin(email, password):
         try:
             person = persons_service.get_person_by_email(email)
             if person["role"] != "admin":
-                persons_service.update_person(person["id"], {"role": "admin"})
+                persons_service.update_person(
+                    person["id"],
+                    {"role": "admin"},
+                    bypass_protected_accounts=True,
+                )
                 print("Existing user's role has been upgraded to 'admin'.")
         except PersonNotFoundException:
             try:
+                if password is None:
+                    raise click.MissingParameter(
+                        param_type="option", param_hint="--password"
+                    )
                 auth.validate_password(password)
                 # Allow "[email protected]" to be invalid.
                 if email != "[email protected]":