func userAuthorizedToChangeAccess(st common.ModelManagerBackend, userIsAdmin bool, userTag names.UserTag) error {
if userIsAdmin {
// Just confirm that the model that has been given is a valid model.
_, err := st.Model()
if err != nil {
return errors.Trace(err)
}
return nil
}
// Get the current user's ModelUser for the Model to see if the user has
// permission to grant or revoke permissions on the model.
currentUser, err := st.UserAccess(userTag, st.ModelTag())
if err != nil {
if errors.IsNotFound(err) {
// No, this user doesn't have permission.
return common.ErrPerm
}
return errors.Annotate(err, "could not retrieve user")
}
if currentUser.Access != permission.AdminAccess {
return common.ErrPerm
}
return nil
}
