Improve docs for webadmin create/edit User privileges

melissalinkert · Jul 3, 2018 · b249097 · b249097
1 parent 67a67cc
commit b249097
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/components/tools/OmeroWeb/omeroweb/webadmin/views.py b/components/tools/OmeroWeb/omeroweb/webadmin/views.py
@@ -590,6 +590,7 @@ def manage_experimenter(request, action, eid=None, conn=None, **kwargs):
                 privileges = conn.get_privileges_from_form(form)
                 to_add = []
                 to_remove = []
+                # privileges may be None if disabled in form
                 if privileges is not None:
                     # Only update privileges that we have permission to set
                     # (prevents privilege escalation)

diff --git a/components/tools/OmeroWeb/omeroweb/webclient/webclient_gateway.py b/components/tools/OmeroWeb/omeroweb/webclient/webclient_gateway.py
@@ -1097,7 +1097,7 @@ def createExperimenter(self, omeName, firstName, lastName, email, isAdmin,
         @type lastName String
         @param email A new email.
         @type email String
-        @param isAdmin An Admin permission.
+        @param isAdmin If True, new user is an Admin or Restricted Admin.
         @type isAdmin Boolean
         @param isActive Active user (user can log in).
         @type isActive Boolean
@@ -1107,6 +1107,8 @@ def createExperimenter(self, omeName, firstName, lastName, email, isAdmin,
         @type otherGroupIds L{ExperimenterGroupI}
         @param password Must pass validation in the security sub-system.
         @type password String
+        @param privileges   List of Admin Privileges. Ignored if isAdmin False.
+        @type privileges    List of Strings
         @param middleName A middle name.
         @type middleName String
         @param institution An institution.
@@ -1276,7 +1278,11 @@ def get_privileges_from_form(self, experimenter_form):
         """
         Get 'AdminPrivilege' roles from Experimenter Form
 
-        Returns None if Role is User
+        Returns None if Role section of form is disabled.
+        Returns empty list if role is regular 'user', not admin.
+        If role is 'administrator' returns ALL privileges.
+
+        @param experimenter_form    Submitted instance of ExperimenterForm
         """
         privileges = []
         role = experimenter_form.cleaned_data['role']