woodpecker/server/api/users.go

171 lines
4.9 KiB
Go
Raw Normal View History

2018-02-19 22:24:10 +00:00
// Copyright 2018 Drone.IO Inc.
2018-03-21 13:02:17 +00:00
//
2018-02-19 22:24:10 +00:00
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
2018-03-21 13:02:17 +00:00
//
2018-02-19 22:24:10 +00:00
// http://www.apache.org/licenses/LICENSE-2.0
2018-03-21 13:02:17 +00:00
//
2018-02-19 22:24:10 +00:00
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package api
2015-04-08 22:43:59 +00:00
import (
"encoding/base32"
2015-09-30 01:21:17 +00:00
"net/http"
2015-04-08 22:43:59 +00:00
2015-09-30 01:21:17 +00:00
"github.com/gin-gonic/gin"
"github.com/gorilla/securecookie"
"go.woodpecker-ci.org/woodpecker/v2/server/model"
"go.woodpecker-ci.org/woodpecker/v2/server/router/middleware/session"
"go.woodpecker-ci.org/woodpecker/v2/server/store"
2015-04-08 22:43:59 +00:00
)
// GetUsers
//
// @Summary Get all users
// @Description Returns all registered, active users in the system. Requires admin rights.
// @Router /users [get]
// @Produce json
// @Success 200 {array} User
// @Tags Users
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
// @Param page query int false "for response pagination, page offset number" default(1)
// @Param perPage query int false "for response pagination, max items per page" default(50)
2015-04-08 22:43:59 +00:00
func GetUsers(c *gin.Context) {
users, err := store.FromContext(c).GetUserList(session.Pagination(c))
2015-04-08 22:43:59 +00:00
if err != nil {
c.String(http.StatusInternalServerError, "Error getting user list. %s", err)
return
2015-04-08 22:43:59 +00:00
}
c.JSON(http.StatusOK, users)
2015-04-08 22:43:59 +00:00
}
// GetUser
//
// @Summary Get a user
// @Description Returns a user with the specified login name. Requires admin rights.
// @Router /users/{login} [get]
// @Produce json
// @Success 200 {object} User
// @Tags Users
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
// @Param login path string true "the user's login name"
2015-04-08 22:43:59 +00:00
func GetUser(c *gin.Context) {
user, err := store.FromContext(c).GetUserLogin(c.Param("login"))
2015-04-08 22:43:59 +00:00
if err != nil {
handleDbError(c, err)
2016-05-02 19:21:25 +00:00
return
2015-04-08 22:43:59 +00:00
}
c.JSON(http.StatusOK, user)
2015-04-08 22:43:59 +00:00
}
// PatchUser
//
// @Summary Change a user
// @Description Changes the data of an existing user. Requires admin rights.
// @Router /users/{login} [patch]
// @Produce json
// @Accept json
// @Success 200 {object} User
// @Tags Users
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
// @Param login path string true "the user's login name"
// @Param user body User true "the user's data"
2015-09-30 01:21:17 +00:00
func PatchUser(c *gin.Context) {
_store := store.FromContext(c)
2015-09-30 01:21:17 +00:00
in := &model.User{}
err := c.Bind(in)
2015-04-08 22:43:59 +00:00
if err != nil {
2015-09-30 01:21:17 +00:00
c.AbortWithStatus(http.StatusBadRequest)
2015-04-08 22:43:59 +00:00
return
}
user, err := _store.GetUserLogin(c.Param("login"))
2015-09-30 01:21:17 +00:00
if err != nil {
handleDbError(c, err)
2015-04-08 22:43:59 +00:00
return
}
// TODO: allow to change login (currently used as primary key)
// TODO: disallow to change login, email, avatar if the user is using oauth
user.Email = in.Email
user.Avatar = in.Avatar
user.Admin = in.Admin
2015-09-30 01:21:17 +00:00
err = _store.UpdateUser(user)
2015-09-30 01:21:17 +00:00
if err != nil {
c.AbortWithStatus(http.StatusConflict)
return
}
c.JSON(http.StatusOK, user)
2015-09-30 01:21:17 +00:00
}
2015-04-08 22:43:59 +00:00
// PostUser
//
// @Summary Create a user
// @Description Creates a new user account with the specified external login. Requires admin rights.
// @Router /users [post]
// @Produce json
// @Success 200 {object} User
// @Tags Users
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
// @Param user body User true "the user's data"
2015-09-30 01:21:17 +00:00
func PostUser(c *gin.Context) {
in := &model.User{}
err := c.Bind(in)
if err != nil {
c.String(http.StatusBadRequest, err.Error())
return
2015-04-08 22:43:59 +00:00
}
2016-05-02 19:21:25 +00:00
user := &model.User{
Login: in.Login,
Email: in.Email,
Avatar: in.Avatar,
Hash: base32.StdEncoding.EncodeToString(
securecookie.GenerateRandomKey(32),
),
2016-05-02 19:21:25 +00:00
}
2017-07-17 04:01:35 +00:00
if err = user.Validate(); err != nil {
c.String(http.StatusBadRequest, err.Error())
return
}
if err = store.FromContext(c).CreateUser(user); err != nil {
2015-09-30 01:21:17 +00:00
c.String(http.StatusInternalServerError, err.Error())
return
2015-04-08 22:43:59 +00:00
}
c.JSON(http.StatusOK, user)
2015-04-08 22:43:59 +00:00
}
// DeleteUser
//
// @Summary Delete a user
// @Description Deletes the given user. Requires admin rights.
// @Router /users/{login} [delete]
// @Produce plain
// @Success 204
// @Tags Users
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
// @Param login path string true "the user's login name"
2015-04-08 22:43:59 +00:00
func DeleteUser(c *gin.Context) {
_store := store.FromContext(c)
user, err := _store.GetUserLogin(c.Param("login"))
2015-04-08 22:43:59 +00:00
if err != nil {
handleDbError(c, err)
2015-04-08 22:43:59 +00:00
return
}
if err = _store.DeleteUser(user); err != nil {
handleDbError(c, err)
2016-05-02 19:21:25 +00:00
return
2015-04-08 22:43:59 +00:00
}
c.Status(http.StatusNoContent)
2015-04-08 22:43:59 +00:00
}