Changeset - a0a8f38e8fb8
Parent rev.
Child rev.
[Not reviewed]
beta
0 2 0
Marcin Kuzminski - 13 years ago 2013-01-13 23:11:55
marcin@python-works.com
API method get_user can be executed by non-admin users ref #539
2 files changed with 22 insertions and 14 deletions:
docs/api/api.rst
11
10
rhodecode/controllers/api/api.py
11
4
0 comments (0 inline, 0 general)
docs/api/api.rst
Show inline comments
 
@@ -195,59 +195,60 @@ INPUT::
 
                "userid" : "<user_id or username>",
 
              }
 

			




	
	
	
		
 
OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
    id : <id_given_in_input>

			




	
	
	
		
 
    result : {

			




	
	
	
		
 
                 "ip_addr_server": <ip_from_clien>",

			




	
	
	
		
 
                 "user_ips": [

			




	
	
	
		
 
                                {

			




	
	
	
		
 
                                   "ip_addr": "<ip_with_mask>",

			




	
	
	
		
 
                                   "ip_range": ["<start_ip>", "<end_ip>"],

			




	
	
	
		
 
                                },

			




	
	
	
		
 
                                ...

			




	
	
	
		
 
                             ]

			




	
	
	
		
 
             }

			




	
	
	
		
 
    

			




	
	
	
		
 
    error :  null

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
get_user

			




	
	
	
		
 
--------

			




	
	
	
		
 

			




	
	
	
		
 
Get's an user by username or user_id, Returns empty result if user is not found.

			




	
	
	
		
 
If userid param is skipped it is set to id of user who is calling this method.

			




	
	
	
		
 
This command can be executed only using api_key belonging to user with admin 

			




	
	
	
		
 
rights.

			




	
	
	
		
 
rights, or regular users which cannot specify userid parameter.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
INPUT::

			




	
	
	
		
 

			




	
	
	
		
 
    id : <id_for_response>

			




	
	
	
		
 
    api_key : "<api_key>"

			




	
	
	
		
 
    method :  "get_user"

			




	
	
	
		
 
    args :    { 

			




	
	
	
		
 
                "userid" : "<username or user_id>"

			




	
	
	
		
 
                "userid" : "<username or user_id Optional(=apiuser)>"

			




	
	
	
		
 
              }

			




	
	
	
		
 

			




	
	
	
		
 
OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
    id : <id_given_in_input>

			




	
	
	
		
 
    result: None if user does not exist or 

			




	
	
	
		
 
            {

			




	
	
	
		
 
                "user_id" :     "<user_id>",

			




	
	
	
		
 
                "username" :    "<username>",

			




	
	
	
		
 
                "firstname":    "<firstname>",

			




	
	
	
		
 
                "lastname" :    "<lastname>",

			




	
	
	
		
 
                "email" :       "<email>",

			




	
	
	
		
 
                "emails":       "<list_of_all_additional_emails>",

			




	
	
	
		
 
                "ip_addresses": "<list_of_ip_addresses_for_user>",

			




	
	
	
		
 
                "active" :      "<bool>",

			




	
	
	
		
 
                "admin" :       "<bool>",

			




	
	
	
		
 
                "ldap_dn" :     "<ldap_dn>",

			




	
	
	
		
 
                "last_login":   "<last_login>",

			




	
	
	
		
 
                "permissions": {

			




	
	
	
		
 
                    "global": ["hg.create.repository",

			




	
	
	
		
 
                               "repository.read",

			




	
	
	
		
 
                               "hg.register.manual_activate"],

			




	
	
	
		
 
                    "repositories": {"repo1": "repository.none"},

			




	
	
	
		
 
                    "repositories_groups": {"Group1": "group.read"}

			




	
	
		
 
@@ -330,56 +331,56 @@ OUTPUT::

			




	
	
	
		
 
                "emails":    "<list_of_all_additional_emails>",

			




	
	
	
		
 
                "active" :   "<bool>",

			




	
	
	
		
 
                "admin" :    "<bool>",

			




	
	
	
		
 
                "ldap_dn" :  "<ldap_dn>",

			




	
	
	
		
 
                "last_login": "<last_login>",

			




	
	
	
		
 
              },

			




	
	
	
		
 
            }

			




	
	
	
		
 
    error:  null

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
update_user

			




	
	
	
		
 
-----------

			




	
	
	
		
 

			




	
	
	
		
 
updates given user if such user exists. This command can 

			




	
	
	
		
 
be executed only using api_key belonging to user with admin rights.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
INPUT::

			




	
	
	
		
 

			




	
	
	
		
 
    id : <id_for_response>

			




	
	
	
		
 
    api_key : "<api_key>"

			




	
	
	
		
 
    method :  "update_user"

			




	
	
	
		
 
    args :    {

			




	
	
	
		
 
                "userid" : "<user_id or username>",

			




	
	
	
		
 
                "username" :  "<username> = Optional",

			




	
	
	
		
 
                "email" :     "<useremail> = Optional",

			




	
	
	
		
 
                "password" :  "<password> = Optional",

			




	
	
	
		
 
                "firstname" : "<firstname> = Optional",

			




	
	
	
		
 
                "lastname" :  "<lastname> = Optional",

			




	
	
	
		
 
                "active" :    "<bool> = Optional",

			




	
	
	
		
 
                "admin" :     "<bool> = Optional",

			




	
	
	
		
 
                "ldap_dn" :   "<ldap_dn> = Optional"

			




	
	
	
		
 
                "username" :  "<username> = Optional(None)",

			




	
	
	
		
 
                "email" :     "<useremail> = Optional(None)",

			




	
	
	
		
 
                "password" :  "<password> = Optional(None)",

			




	
	
	
		
 
                "firstname" : "<firstname> = Optional(None)",

			




	
	
	
		
 
                "lastname" :  "<lastname> = Optional(None)",

			




	
	
	
		
 
                "active" :    "<bool> = Optional(None)",

			




	
	
	
		
 
                "admin" :     "<bool> = Optional(None)",

			




	
	
	
		
 
                "ldap_dn" :   "<ldap_dn> = Optional(None)"

			




	
	
	
		
 
              }

			




	
	
	
		
 

			




	
	
	
		
 
OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
    id : <id_given_in_input>

			




	
	
	
		
 
    result: {

			




	
	
	
		
 
              "msg" : "updated user ID:<userid> <username>",

			




	
	
	
		
 
              "user": {

			




	
	
	
		
 
                "user_id" :  "<user_id>",

			




	
	
	
		
 
                "username" : "<username>",

			




	
	
	
		
 
                "firstname": "<firstname>",

			




	
	
	
		
 
                "lastname" : "<lastname>",

			




	
	
	
		
 
                "email" :    "<email>",

			




	
	
	
		
 
                "emails":    "<list_of_all_additional_emails>",

			




	
	
	
		
 
                "active" :   "<bool>",

			




	
	
	
		
 
                "admin" :    "<bool>",

			




	
	
	
		
 
                "ldap_dn" :  "<ldap_dn>",

			




	
	
	
		
 
                "last_login": "<last_login>",

			




	
	
	
		
 
              },              

			




	
	
	
		
 
            }

			




	
	
	
		
 
    error:  null

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
delete_user

			




        

    


    
    

    

        

                

                    rhodecode/controllers/api/api.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -201,94 +201,101 @@ class ApiController(JSONRPCController):

			




	
	
	
		
 
            raise JSONRPCError(

			




	
	
	
		
 
                'Error occurred during rescan repositories action'

			




	
	
	
		
 
            )

			




	
	
	
		
 

			




	
	
	
		
 
    def lock(self, apiuser, repoid, locked, userid=Optional(OAttr('apiuser'))):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Set locking state on particular repository by given user, if

			




	
	
	
		
 
        this command is runned by non-admin account userid is set to user

			




	
	
	
		
 
        who is calling this method

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser:

			




	
	
	
		
 
        :param repoid:

			




	
	
	
		
 
        :param userid:

			




	
	
	
		
 
        :param locked:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        repo = get_repo_or_error(repoid)

			




	
	
	
		
 
        if HasPermissionAnyApi('hg.admin')(user=apiuser):

			




	
	
	
		
 
            pass

			




	
	
	
		
 
        elif HasRepoPermissionAnyApi('repository.admin',

			




	
	
	
		
 
                                     'repository.write')(user=apiuser,

			




	
	
	
		
 
                                                         repo_name=repo.repo_name):

			




	
	
	
		
 
            #make sure normal user does not pass userid, he is not allowed to do that

			




	
	
	
		
 
            if not isinstance(userid, Optional):

			




	
	
	
		
 
                raise JSONRPCError(

			




	
	
	
		
 
                    'Only RhodeCode admin can specify `userid` params'

			




	
	
	
		
 
                    'Only RhodeCode admin can specify `userid` param'

			




	
	
	
		
 
                )

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            return abort(403)

			




	
	
	
		
 
        if isinstance(userid, Optional):

			




	
	
	
		
 
            userid = apiuser.user_id

			




	
	
	
		
 
        user = get_user_or_error(userid)

			




	
	
	
		
 
        locked = bool(locked)

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            if locked:

			




	
	
	
		
 
                Repository.lock(repo, user.user_id)

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                Repository.unlock(repo)

			




	
	
	
		
 

			




	
	
	
		
 
            return ('User `%s` set lock state for repo `%s` to `%s`'

			




	
	
	
		
 
                    % (user.username, repo.repo_name, locked))

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError(

			




	
	
	
		
 
                'Error occurred locking repository `%s`' % repo.repo_name

			




	
	
	
		
 
            )

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAllDecorator('hg.admin')

			




	
	
	
		
 
    def show_ip(self, apiuser, userid):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Shows IP address as seen from RhodeCode server, together with all

			




	
	
	
		
 
        defined IP addresses for given user

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser:

			




	
	
	
		
 
        :param userid:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user = get_user_or_error(userid)

			




	
	
	
		
 
        ips = UserIpMap.query().filter(UserIpMap.user == user).all()

			




	
	
	
		
 
        return dict(

			




	
	
	
		
 
            ip_addr_server=self.ip_addr,

			




	
	
	
		
 
            user_ips=ips

			




	
	
	
		
 
        )

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAllDecorator('hg.admin')

			




	
	
	
		
 
    def get_user(self, apiuser, userid):

			




	
	
	
		
 
    def get_user(self, apiuser, userid=Optional(OAttr('apiuser'))):

			




	
	
	
		
 
        """"

			




	
	
	
		
 
        Get a user by username

			




	
	
	
		
 
        Get a user by username, or userid, if userid is given

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser:

			




	
	
	
		
 
        :param userid:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        if HasPermissionAnyApi('hg.admin')(user=apiuser):

			




	
	
	
		
 
            pass

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            if not isinstance(userid, Optional):

			




	
	
	
		
 
                raise JSONRPCError(

			




	
	
	
		
 
                    'Only RhodeCode admin can specify `userid` params'

			




	
	
	
		
 
                )

			




	
	
	
		
 
            userid = apiuser.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        user = get_user_or_error(userid)

			




	
	
	
		
 
        data = user.get_api_data()

			




	
	
	
		
 
        data['permissions'] = AuthUser(user_id=user.user_id).permissions

			




	
	
	
		
 
        return data

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAllDecorator('hg.admin')

			




	
	
	
		
 
    def get_users(self, apiuser):

			




	
	
	
		
 
        """"

			




	
	
	
		
 
        Get all users

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser:

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        result = []

			




	
	
	
		
 
        for user in UserModel().get_all():

			




	
	
	
		
 
            result.append(user.get_api_data())

			




	
	
	
		
 
        return result

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAllDecorator('hg.admin')

			




	
	
	
		
 
    def create_user(self, apiuser, username, email, password,

			




	
	
	
		
 
                    firstname=Optional(None), lastname=Optional(None),

			




	
	
	
		
 
                    active=Optional(True), admin=Optional(False),

			




	
	
	
		
 
                    ldap_dn=Optional(None)):

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.