add 'can_update_user' admin permission for subscription system admin (#4843)

seahub/api2/endpoints/admin/users.py

@@ -970,7 +970,8 @@ class AdminUser(APIView):
 
     def get(self, request, email):
 
-        if not request.user.admin_permissions.can_manage_user():
+        if not (request.user.admin_permissions.can_manage_user() or \
+            request.user.admin_permissions.can_update_user()):
             return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
 
         avatar_size = request.data.get('avatar_size', 64)
@@ -994,7 +995,8 @@ class AdminUser(APIView):
 
     def put(self, request, email):
 
-        if not request.user.admin_permissions.can_manage_user():
+        if not (request.user.admin_permissions.can_manage_user() or \
+            request.user.admin_permissions.can_update_user()):
             return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.')
 
         # basic user info check

seahub/base/accounts.py

@@ -243,6 +243,9 @@ class AdminPermissions(object):
     def can_manage_user(self):
         return get_enabled_admin_role_permissions_by_role(self.user.admin_role)['can_manage_user']
 
+    def can_update_user(self):
+        return get_enabled_admin_role_permissions_by_role(self.user.admin_role)['can_update_user']
+
     def can_manage_group(self):
         return get_enabled_admin_role_permissions_by_role(self.user.admin_role)['can_manage_group']
 

seahub/role_permissions/settings.py

@@ -87,6 +87,7 @@ DEFAULT_ENABLED_ADMIN_ROLE_PERMISSIONS = {
         'can_config_system': True,
         'can_manage_library': True,
         'can_manage_user': True,
+        'can_update_user': True,
         'can_manage_group': True,
         'can_view_user_log': True,
         'can_view_admin_log': True,