Commit b130b8ae authored by ale's avatar ale

Add a new privileged user update API

Currently only usable to set the user status. Currently the status
changes are not propagated to owned resources.
parent a43aef5d
......@@ -416,11 +416,22 @@ Non-authentication request attributes are all optional.
Request parameters:
* `username` - user to fetch
* `username` - user to modify
* `sso` - SSO ticket
* `lang` - set the preferred language for this user
* `u2f_registrations` - set the list of U2F registrations
### `/api/user/admin_update`
A privileged version of the above (admin-only), that allows updates to
user status and other privileged internal attributes.
Request parameters:
* `username` - user to modify
* `sso` - SSO ticket
* `status` - if not empty, new user status
### `/api/user/create`
Create a new user (admin-only). Will also create all the resources
......
......@@ -416,5 +416,35 @@ func (r *UpdateUserRequest) Serve(rctx *RequestContext) (interface{}, error) {
rctx.User.Lang = r.Lang
}
// TODO: check if setU2FRegistration calls tx.UpdateUser, this is a bug otherwise.
return nil, rctx.User.setU2FRegistrations(rctx.Context, rctx.TX, r.U2FRegistrations)
}
// AdminUpdateUserRequest is the privileged version of UpdateUser and
// allows to update many more attributes. It is a catch-all function
// for very simple changes that don't justify their own specialized
// method.
type AdminUpdateUserRequest struct {
AdminUserRequestBase
Lang string `json:"lang,omitempty"`
Status string `json:"status"`
}
// Validate the request.
func (r *AdminUpdateUserRequest) Validate(rctx *RequestContext) error {
switch r.Status {
case "", ResourceStatusActive, ResourceStatusInactive:
default:
return errors.New("invalid or unknown status")
}
return nil
}
// Serve the request.
func (r *AdminUpdateUserRequest) Serve(rctx *RequestContext) (interface{}, error) {
if r.Status != "" {
rctx.User.Status = r.Status
}
return nil, rctx.TX.UpdateUser(rctx.Context, &rctx.User.User)
}
......@@ -51,6 +51,7 @@ func New(service *as.AccountService, backend as.Backend) *APIServer {
s.Register("/api/user/search", &as.SearchUserRequest{})
s.Register("/api/user/create", &as.CreateUserRequest{})
s.Register("/api/user/update", &as.UpdateUserRequest{})
s.Register("/api/user/admin_update", &as.AdminUpdateUserRequest{})
s.Register("/api/user/change_password", &as.ChangeUserPasswordRequest{})
s.Register("/api/user/set_account_recovery_hint", &as.SetAccountRecoveryHintRequest{})
s.Register("/api/user/enable_otp", &as.EnableOTPRequest{})
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment