From 6c029382d93cb1ccbe70167f5dd3bc43bc844898 Mon Sep 17 00:00:00 2001
From: Lance Edgar <lance@edbob.org>
Date: Tue, 26 Nov 2019 16:42:27 -0600
Subject: [PATCH] Add API views for admin user to become / stop being "root"

---
 tailbone/api/auth.py | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/tailbone/api/auth.py b/tailbone/api/auth.py
index bf87be27..a707bf70 100644
--- a/tailbone/api/auth.py
+++ b/tailbone/api/auth.py
@@ -56,6 +56,7 @@ class AuthenticationView(APIView):
         data = {'ok': True}
         if self.request.user:
             data = self.user_info(self.request.user)
+            data['user']['is_admin'] = self.request.is_admin
             data['user']['is_root'] = self.request.is_root
 
         data['permissions'] = list(self.request.tailbone_cached_permissions)
@@ -103,6 +104,28 @@ class AuthenticationView(APIView):
         logout_user(self.request)
         return {'ok': True}
 
+    @api
+    def become_root(self):
+        """
+        Elevate the current request to 'root' for full system access.
+        """
+        if not self.request.is_admin:
+            raise self.forbidden()
+        self.request.user.record_event(self.enum.USER_EVENT_BECOME_ROOT)
+        self.request.session['is_root'] = True
+        return self.user_info(self.request.user)
+
+    @api
+    def stop_root(self):
+        """
+        Lower the current request from 'root' back to normal access.
+        """
+        if not self.request.is_admin:
+            raise self.forbidden()
+        self.request.user.record_event(self.enum.USER_EVENT_STOP_ROOT)
+        self.request.session['is_root'] = False
+        return self.user_info(self.request.user)
+
     @classmethod
     def defaults(cls, config):
 
@@ -118,6 +141,14 @@ class AuthenticationView(APIView):
         config.add_route('api.logout', '/logout', request_method=('OPTIONS', 'POST'))
         config.add_view(cls, attr='logout', route_name='api.logout', renderer='json')
 
+        # become root
+        config.add_route('api.become_root', '/become-root', request_method=('OPTIONS', 'POST'))
+        config.add_view(cls, attr='become_root', route_name='api.become_root', renderer='json')
+
+        # stop root
+        config.add_route('api.stop_root', '/stop-root', request_method=('OPTIONS', 'POST'))
+        config.add_view(cls, attr='stop_root', route_name='api.stop_root', renderer='json')
+
 
 def includeme(config):
     AuthenticationView.defaults(config)