[#2939] Member delete auth functions

ckan/logic/auth/delete.py

@@ -108,3 +108,20 @@ def vocabulary_delete(context, data_dict):
 def tag_delete(context, data_dict):
     # sysadmins only
     return {'success': False}
+
+def _group_or_org_member_delete(context, data_dict):
+    group = get_group_object(context, data_dict)
+    user = context['user']
+    authorized = new_authz.has_user_permission_for_group_or_org(
+        group.id, user, 'delete_member')
+    if not authorized:
+        return {'success': False, 'msg': _('User %s not authorized to delete organization %s members') % (str(user),group.id)}
+    else:
+        return {'success': True}
+    return {'success': True}
+
+def group_member_delete(context, data_dict):
+    return _group_or_org_member_delete(context, data_dict)
+
+def organization_member_delete(context, data_dict):
+    return _group_or_org_member_delete(context, data_dict)