func userAuthorizedToChangeAccess(st common.ModelManagerBackend, userIsAdmin bool, userTag names.UserTag) error { if userIsAdmin { // Just confirm that the model that has been given is a valid model. _, err := st.Model() if err != nil { return errors.Trace(err) } return nil } // Get the current user's ModelUser for the Model to see if the user has // permission to grant or revoke permissions on the model. currentUser, err := st.UserAccess(userTag, st.ModelTag()) if err != nil { if errors.IsNotFound(err) { // No, this user doesn't have permission. return common.ErrPerm } return errors.Annotate(err, "could not retrieve user") } if currentUser.Access != permission.AdminAccess { return common.ErrPerm } return nil }