ADMIN CLI: support grant/revoke user admin authorization (#12381)

### What problem does this PR solve? ``` admin> grant admin 'aaa@aaa1.com'; Fail to grant aaa@aaa1.com admin authorization, code: 404, message: User 'aaa@aaa1.com' not found admin> grant admin 'aaa@aaa.com'; Grant successfully! admin> revoke admin 'aaa1@aaa.com'; Fail to revoke aaa1@aaa.com admin authorization, code: 404, message: User 'aaa1@aaa.com' not found admin> revoke admin 'aaa@aaa.com'; Revoke successfully! admin> revoke admin 'aaa@aaa.com'; aaa@aaa.com isn't superuser, yet! admin> grant admin 'aaa@aaa.com'; Grant successfully! admin> grant admin 'aaa@aaa.com'; aaa@aaa.com is already superuser! admin> revoke admin 'aaa@aaa.com'; Revoke successfully! ``` ### Type of change - [x] New Feature (non-breaking change which adds functionality) Signed-off-by: Jin Hai <haijin.chn@gmail.com> Co-authored-by: Kevin Hu <kevinhu.sh@gmail.com>
2026-01-02 10:42:36 +08:00 · 2026-01-01 12:49:34 +08:00
parent ca3bd2cf9f
commit ff1020ccfb
3 changed files with 107 additions and 0 deletions
--- a/admin/server/routes.py
+++ b/admin/server/routes.py
@ -158,6 +158,36 @@ def alter_user_activate_status(username):
        return error_response(str(e), 500)


+@admin_bp.route('/users/<username>/admin', methods=['PUT'])
+@login_required
+@check_admin_auth
+def grant_admin(username):
+    try:
+        if current_user.email == username:
+            return error_response(f"can't grant current user: {username}", 409)
+        msg = UserMgr.grant_admin(username)
+        return success_response(None, msg)
+
+    except AdminException as e:
+        return error_response(e.message, e.code)
+    except Exception as e:
+        return error_response(str(e), 500)
+
+@admin_bp.route('/users/<username>/admin', methods=['DELETE'])
+@login_required
+@check_admin_auth
+def revoke_admin(username):
+    try:
+        if current_user.email == username:
+            return error_response(f"can't grant current user: {username}", 409)
+        msg = UserMgr.revoke_admin(username)
+        return success_response(None, msg)
+
+    except AdminException as e:
+        return error_response(e.message, e.code)
+    except Exception as e:
+        return error_response(str(e), 500)
+
@admin_bp.route('/users/<username>', methods=['GET'])
@login_required
@check_admin_auth