##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
api: expose more details of auth tokens in get_user api call.
marcink -
r1522:82f2feee default
parent child Browse files
Show More

The requested changes are too big and content was truncated. Show full diff

Show file before | Show file after | Hide comments
@@ -1,471 +1,472 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2011-2017 RhodeCode GmbH
3 # Copyright (C) 2011-2017 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import logging
21 import logging
22
22
23 from rhodecode.api import jsonrpc_method, JSONRPCError, JSONRPCForbidden
23 from rhodecode.api import jsonrpc_method, JSONRPCError, JSONRPCForbidden
24 from rhodecode.api.utils import (
24 from rhodecode.api.utils import (
25 Optional, OAttr, has_superadmin_permission, get_user_or_error, store_update)
25 Optional, OAttr, has_superadmin_permission, get_user_or_error, store_update)
26 from rhodecode.lib.auth import AuthUser, PasswordGenerator
26 from rhodecode.lib.auth import AuthUser, PasswordGenerator
27 from rhodecode.lib.exceptions import DefaultUserException
27 from rhodecode.lib.exceptions import DefaultUserException
28 from rhodecode.lib.utils2 import safe_int, str2bool
28 from rhodecode.lib.utils2 import safe_int, str2bool
29 from rhodecode.model.db import Session, User, Repository
29 from rhodecode.model.db import Session, User, Repository
30 from rhodecode.model.user import UserModel
30 from rhodecode.model.user import UserModel
31
31
32
32
33 log = logging.getLogger(__name__)
33 log = logging.getLogger(__name__)
34
34
35
35
36 @jsonrpc_method()
36 @jsonrpc_method()
37 def get_user(request, apiuser, userid=Optional(OAttr('apiuser'))):
37 def get_user(request, apiuser, userid=Optional(OAttr('apiuser'))):
38 """
38 """
39 Returns the information associated with a username or userid.
39 Returns the information associated with a username or userid.
40
40
41 * If the ``userid`` is not set, this command returns the information
41 * If the ``userid`` is not set, this command returns the information
42 for the ``userid`` calling the method.
42 for the ``userid`` calling the method.
43
43
44 .. note::
44 .. note::
45
45
46 Normal users may only run this command against their ``userid``. For
46 Normal users may only run this command against their ``userid``. For
47 full privileges you must run this command using an |authtoken| with
47 full privileges you must run this command using an |authtoken| with
48 admin rights.
48 admin rights.
49
49
50 :param apiuser: This is filled automatically from the |authtoken|.
50 :param apiuser: This is filled automatically from the |authtoken|.
51 :type apiuser: AuthUser
51 :type apiuser: AuthUser
52 :param userid: Sets the userid for which data will be returned.
52 :param userid: Sets the userid for which data will be returned.
53 :type userid: Optional(str or int)
53 :type userid: Optional(str or int)
54
54
55 Example output:
55 Example output:
56
56
57 .. code-block:: bash
57 .. code-block:: bash
58
58
59 {
59 {
60 "error": null,
60 "error": null,
61 "id": <id>,
61 "id": <id>,
62 "result": {
62 "result": {
63 "active": true,
63 "active": true,
64 "admin": false,
64 "admin": false,
65 "api_keys": [ list of keys ],
65 "api_keys": [ list of keys ],
66 "auth_tokens": [ list of tokens with details ],
66 "email": "user@example.com",
67 "email": "user@example.com",
67 "emails": [
68 "emails": [
68 "user@example.com"
69 "user@example.com"
69 ],
70 ],
70 "extern_name": "rhodecode",
71 "extern_name": "rhodecode",
71 "extern_type": "rhodecode",
72 "extern_type": "rhodecode",
72 "firstname": "username",
73 "firstname": "username",
73 "ip_addresses": [],
74 "ip_addresses": [],
74 "language": null,
75 "language": null,
75 "last_login": "Timestamp",
76 "last_login": "Timestamp",
76 "lastname": "surnae",
77 "lastname": "surnae",
77 "permissions": {
78 "permissions": {
78 "global": [
79 "global": [
79 "hg.inherit_default_perms.true",
80 "hg.inherit_default_perms.true",
80 "usergroup.read",
81 "usergroup.read",
81 "hg.repogroup.create.false",
82 "hg.repogroup.create.false",
82 "hg.create.none",
83 "hg.create.none",
83 "hg.password_reset.enabled",
84 "hg.password_reset.enabled",
84 "hg.extern_activate.manual",
85 "hg.extern_activate.manual",
85 "hg.create.write_on_repogroup.false",
86 "hg.create.write_on_repogroup.false",
86 "hg.usergroup.create.false",
87 "hg.usergroup.create.false",
87 "group.none",
88 "group.none",
88 "repository.none",
89 "repository.none",
89 "hg.register.none",
90 "hg.register.none",
90 "hg.fork.repository"
91 "hg.fork.repository"
91 ],
92 ],
92 "repositories": { "username/example": "repository.write"},
93 "repositories": { "username/example": "repository.write"},
93 "repositories_groups": { "user-group/repo": "group.none" },
94 "repositories_groups": { "user-group/repo": "group.none" },
94 "user_groups": { "user_group_name": "usergroup.read" }
95 "user_groups": { "user_group_name": "usergroup.read" }
95 },
96 },
96 "user_id": 32,
97 "user_id": 32,
97 "username": "username"
98 "username": "username"
98 }
99 }
99 }
100 }
100 """
101 """
101
102
102 if not has_superadmin_permission(apiuser):
103 if not has_superadmin_permission(apiuser):
103 # make sure normal user does not pass someone else userid,
104 # make sure normal user does not pass someone else userid,
104 # he is not allowed to do that
105 # he is not allowed to do that
105 if not isinstance(userid, Optional) and userid != apiuser.user_id:
106 if not isinstance(userid, Optional) and userid != apiuser.user_id:
106 raise JSONRPCError('userid is not the same as your user')
107 raise JSONRPCError('userid is not the same as your user')
107
108
108 userid = Optional.extract(userid, evaluate_locals=locals())
109 userid = Optional.extract(userid, evaluate_locals=locals())
109 userid = getattr(userid, 'user_id', userid)
110 userid = getattr(userid, 'user_id', userid)
110
111
111 user = get_user_or_error(userid)
112 user = get_user_or_error(userid)
112 data = user.get_api_data(include_secrets=True)
113 data = user.get_api_data(include_secrets=True)
113 data['permissions'] = AuthUser(user_id=user.user_id).permissions
114 data['permissions'] = AuthUser(user_id=user.user_id).permissions
114 return data
115 return data
115
116
116
117
117 @jsonrpc_method()
118 @jsonrpc_method()
118 def get_users(request, apiuser):
119 def get_users(request, apiuser):
119 """
120 """
120 Lists all users in the |RCE| user database.
121 Lists all users in the |RCE| user database.
121
122
122 This command can only be run using an |authtoken| with admin rights to
123 This command can only be run using an |authtoken| with admin rights to
123 the specified repository.
124 the specified repository.
124
125
125 This command takes the following options:
126 This command takes the following options:
126
127
127 :param apiuser: This is filled automatically from the |authtoken|.
128 :param apiuser: This is filled automatically from the |authtoken|.
128 :type apiuser: AuthUser
129 :type apiuser: AuthUser
129
130
130 Example output:
131 Example output:
131
132
132 .. code-block:: bash
133 .. code-block:: bash
133
134
134 id : <id_given_in_input>
135 id : <id_given_in_input>
135 result: [<user_object>, ...]
136 result: [<user_object>, ...]
136 error: null
137 error: null
137 """
138 """
138
139
139 if not has_superadmin_permission(apiuser):
140 if not has_superadmin_permission(apiuser):
140 raise JSONRPCForbidden()
141 raise JSONRPCForbidden()
141
142
142 result = []
143 result = []
143 users_list = User.query().order_by(User.username) \
144 users_list = User.query().order_by(User.username) \
144 .filter(User.username != User.DEFAULT_USER) \
145 .filter(User.username != User.DEFAULT_USER) \
145 .all()
146 .all()
146 for user in users_list:
147 for user in users_list:
147 result.append(user.get_api_data(include_secrets=True))
148 result.append(user.get_api_data(include_secrets=True))
148 return result
149 return result
149
150
150
151
151 @jsonrpc_method()
152 @jsonrpc_method()
152 def create_user(request, apiuser, username, email, password=Optional(''),
153 def create_user(request, apiuser, username, email, password=Optional(''),
153 firstname=Optional(''), lastname=Optional(''),
154 firstname=Optional(''), lastname=Optional(''),
154 active=Optional(True), admin=Optional(False),
155 active=Optional(True), admin=Optional(False),
155 extern_name=Optional('rhodecode'),
156 extern_name=Optional('rhodecode'),
156 extern_type=Optional('rhodecode'),
157 extern_type=Optional('rhodecode'),
157 force_password_change=Optional(False),
158 force_password_change=Optional(False),
158 create_personal_repo_group=Optional(None)):
159 create_personal_repo_group=Optional(None)):
159 """
160 """
160 Creates a new user and returns the new user object.
161 Creates a new user and returns the new user object.
161
162
162 This command can only be run using an |authtoken| with admin rights to
163 This command can only be run using an |authtoken| with admin rights to
163 the specified repository.
164 the specified repository.
164
165
165 This command takes the following options:
166 This command takes the following options:
166
167
167 :param apiuser: This is filled automatically from the |authtoken|.
168 :param apiuser: This is filled automatically from the |authtoken|.
168 :type apiuser: AuthUser
169 :type apiuser: AuthUser
169 :param username: Set the new username.
170 :param username: Set the new username.
170 :type username: str or int
171 :type username: str or int
171 :param email: Set the user email address.
172 :param email: Set the user email address.
172 :type email: str
173 :type email: str
173 :param password: Set the new user password.
174 :param password: Set the new user password.
174 :type password: Optional(str)
175 :type password: Optional(str)
175 :param firstname: Set the new user firstname.
176 :param firstname: Set the new user firstname.
176 :type firstname: Optional(str)
177 :type firstname: Optional(str)
177 :param lastname: Set the new user surname.
178 :param lastname: Set the new user surname.
178 :type lastname: Optional(str)
179 :type lastname: Optional(str)
179 :param active: Set the user as active.
180 :param active: Set the user as active.
180 :type active: Optional(``True`` | ``False``)
181 :type active: Optional(``True`` | ``False``)
181 :param admin: Give the new user admin rights.
182 :param admin: Give the new user admin rights.
182 :type admin: Optional(``True`` | ``False``)
183 :type admin: Optional(``True`` | ``False``)
183 :param extern_name: Set the authentication plugin name.
184 :param extern_name: Set the authentication plugin name.
184 Using LDAP this is filled with LDAP UID.
185 Using LDAP this is filled with LDAP UID.
185 :type extern_name: Optional(str)
186 :type extern_name: Optional(str)
186 :param extern_type: Set the new user authentication plugin.
187 :param extern_type: Set the new user authentication plugin.
187 :type extern_type: Optional(str)
188 :type extern_type: Optional(str)
188 :param force_password_change: Force the new user to change password
189 :param force_password_change: Force the new user to change password
189 on next login.
190 on next login.
190 :type force_password_change: Optional(``True`` | ``False``)
191 :type force_password_change: Optional(``True`` | ``False``)
191 :param create_personal_repo_group: Create personal repo group for this user
192 :param create_personal_repo_group: Create personal repo group for this user
192 :type create_personal_repo_group: Optional(``True`` | ``False``)
193 :type create_personal_repo_group: Optional(``True`` | ``False``)
193 Example output:
194 Example output:
194
195
195 .. code-block:: bash
196 .. code-block:: bash
196
197
197 id : <id_given_in_input>
198 id : <id_given_in_input>
198 result: {
199 result: {
199 "msg" : "created new user `<username>`",
200 "msg" : "created new user `<username>`",
200 "user": <user_obj>
201 "user": <user_obj>
201 }
202 }
202 error: null
203 error: null
203
204
204 Example error output:
205 Example error output:
205
206
206 .. code-block:: bash
207 .. code-block:: bash
207
208
208 id : <id_given_in_input>
209 id : <id_given_in_input>
209 result : null
210 result : null
210 error : {
211 error : {
211 "user `<username>` already exist"
212 "user `<username>` already exist"
212 or
213 or
213 "email `<email>` already exist"
214 "email `<email>` already exist"
214 or
215 or
215 "failed to create user `<username>`"
216 "failed to create user `<username>`"
216 }
217 }
217
218
218 """
219 """
219 if not has_superadmin_permission(apiuser):
220 if not has_superadmin_permission(apiuser):
220 raise JSONRPCForbidden()
221 raise JSONRPCForbidden()
221
222
222 if UserModel().get_by_username(username):
223 if UserModel().get_by_username(username):
223 raise JSONRPCError("user `%s` already exist" % (username,))
224 raise JSONRPCError("user `%s` already exist" % (username,))
224
225
225 if UserModel().get_by_email(email, case_insensitive=True):
226 if UserModel().get_by_email(email, case_insensitive=True):
226 raise JSONRPCError("email `%s` already exist" % (email,))
227 raise JSONRPCError("email `%s` already exist" % (email,))
227
228
228 # generate random password if we actually given the
229 # generate random password if we actually given the
229 # extern_name and it's not rhodecode
230 # extern_name and it's not rhodecode
230 if (not isinstance(extern_name, Optional) and
231 if (not isinstance(extern_name, Optional) and
231 Optional.extract(extern_name) != 'rhodecode'):
232 Optional.extract(extern_name) != 'rhodecode'):
232 # generate temporary password if user is external
233 # generate temporary password if user is external
233 password = PasswordGenerator().gen_password(length=16)
234 password = PasswordGenerator().gen_password(length=16)
234 create_repo_group = Optional.extract(create_personal_repo_group)
235 create_repo_group = Optional.extract(create_personal_repo_group)
235 if isinstance(create_repo_group, basestring):
236 if isinstance(create_repo_group, basestring):
236 create_repo_group = str2bool(create_repo_group)
237 create_repo_group = str2bool(create_repo_group)
237
238
238 try:
239 try:
239 user = UserModel().create_or_update(
240 user = UserModel().create_or_update(
240 username=Optional.extract(username),
241 username=Optional.extract(username),
241 password=Optional.extract(password),
242 password=Optional.extract(password),
242 email=Optional.extract(email),
243 email=Optional.extract(email),
243 firstname=Optional.extract(firstname),
244 firstname=Optional.extract(firstname),
244 lastname=Optional.extract(lastname),
245 lastname=Optional.extract(lastname),
245 active=Optional.extract(active),
246 active=Optional.extract(active),
246 admin=Optional.extract(admin),
247 admin=Optional.extract(admin),
247 extern_type=Optional.extract(extern_type),
248 extern_type=Optional.extract(extern_type),
248 extern_name=Optional.extract(extern_name),
249 extern_name=Optional.extract(extern_name),
249 force_password_change=Optional.extract(force_password_change),
250 force_password_change=Optional.extract(force_password_change),
250 create_repo_group=create_repo_group
251 create_repo_group=create_repo_group
251 )
252 )
252 Session().commit()
253 Session().commit()
253 return {
254 return {
254 'msg': 'created new user `%s`' % username,
255 'msg': 'created new user `%s`' % username,
255 'user': user.get_api_data(include_secrets=True)
256 'user': user.get_api_data(include_secrets=True)
256 }
257 }
257 except Exception:
258 except Exception:
258 log.exception('Error occurred during creation of user')
259 log.exception('Error occurred during creation of user')
259 raise JSONRPCError('failed to create user `%s`' % (username,))
260 raise JSONRPCError('failed to create user `%s`' % (username,))
260
261
261
262
262 @jsonrpc_method()
263 @jsonrpc_method()
263 def update_user(request, apiuser, userid, username=Optional(None),
264 def update_user(request, apiuser, userid, username=Optional(None),
264 email=Optional(None), password=Optional(None),
265 email=Optional(None), password=Optional(None),
265 firstname=Optional(None), lastname=Optional(None),
266 firstname=Optional(None), lastname=Optional(None),
266 active=Optional(None), admin=Optional(None),
267 active=Optional(None), admin=Optional(None),
267 extern_type=Optional(None), extern_name=Optional(None), ):
268 extern_type=Optional(None), extern_name=Optional(None), ):
268 """
269 """
269 Updates the details for the specified user, if that user exists.
270 Updates the details for the specified user, if that user exists.
270
271
271 This command can only be run using an |authtoken| with admin rights to
272 This command can only be run using an |authtoken| with admin rights to
272 the specified repository.
273 the specified repository.
273
274
274 This command takes the following options:
275 This command takes the following options:
275
276
276 :param apiuser: This is filled automatically from |authtoken|.
277 :param apiuser: This is filled automatically from |authtoken|.
277 :type apiuser: AuthUser
278 :type apiuser: AuthUser
278 :param userid: Set the ``userid`` to update.
279 :param userid: Set the ``userid`` to update.
279 :type userid: str or int
280 :type userid: str or int
280 :param username: Set the new username.
281 :param username: Set the new username.
281 :type username: str or int
282 :type username: str or int
282 :param email: Set the new email.
283 :param email: Set the new email.
283 :type email: str
284 :type email: str
284 :param password: Set the new password.
285 :param password: Set the new password.
285 :type password: Optional(str)
286 :type password: Optional(str)
286 :param firstname: Set the new first name.
287 :param firstname: Set the new first name.
287 :type firstname: Optional(str)
288 :type firstname: Optional(str)
288 :param lastname: Set the new surname.
289 :param lastname: Set the new surname.
289 :type lastname: Optional(str)
290 :type lastname: Optional(str)
290 :param active: Set the new user as active.
291 :param active: Set the new user as active.
291 :type active: Optional(``True`` | ``False``)
292 :type active: Optional(``True`` | ``False``)
292 :param admin: Give the user admin rights.
293 :param admin: Give the user admin rights.
293 :type admin: Optional(``True`` | ``False``)
294 :type admin: Optional(``True`` | ``False``)
294 :param extern_name: Set the authentication plugin user name.
295 :param extern_name: Set the authentication plugin user name.
295 Using LDAP this is filled with LDAP UID.
296 Using LDAP this is filled with LDAP UID.
296 :type extern_name: Optional(str)
297 :type extern_name: Optional(str)
297 :param extern_type: Set the authentication plugin type.
298 :param extern_type: Set the authentication plugin type.
298 :type extern_type: Optional(str)
299 :type extern_type: Optional(str)
299
300
300
301
301 Example output:
302 Example output:
302
303
303 .. code-block:: bash
304 .. code-block:: bash
304
305
305 id : <id_given_in_input>
306 id : <id_given_in_input>
306 result: {
307 result: {
307 "msg" : "updated user ID:<userid> <username>",
308 "msg" : "updated user ID:<userid> <username>",
308 "user": <user_object>,
309 "user": <user_object>,
309 }
310 }
310 error: null
311 error: null
311
312
312 Example error output:
313 Example error output:
313
314
314 .. code-block:: bash
315 .. code-block:: bash
315
316
316 id : <id_given_in_input>
317 id : <id_given_in_input>
317 result : null
318 result : null
318 error : {
319 error : {
319 "failed to update user `<username>`"
320 "failed to update user `<username>`"
320 }
321 }
321
322
322 """
323 """
323 if not has_superadmin_permission(apiuser):
324 if not has_superadmin_permission(apiuser):
324 raise JSONRPCForbidden()
325 raise JSONRPCForbidden()
325
326
326 user = get_user_or_error(userid)
327 user = get_user_or_error(userid)
327
328
328 # only non optional arguments will be stored in updates
329 # only non optional arguments will be stored in updates
329 updates = {}
330 updates = {}
330
331
331 try:
332 try:
332
333
333 store_update(updates, username, 'username')
334 store_update(updates, username, 'username')
334 store_update(updates, password, 'password')
335 store_update(updates, password, 'password')
335 store_update(updates, email, 'email')
336 store_update(updates, email, 'email')
336 store_update(updates, firstname, 'name')
337 store_update(updates, firstname, 'name')
337 store_update(updates, lastname, 'lastname')
338 store_update(updates, lastname, 'lastname')
338 store_update(updates, active, 'active')
339 store_update(updates, active, 'active')
339 store_update(updates, admin, 'admin')
340 store_update(updates, admin, 'admin')
340 store_update(updates, extern_name, 'extern_name')
341 store_update(updates, extern_name, 'extern_name')
341 store_update(updates, extern_type, 'extern_type')
342 store_update(updates, extern_type, 'extern_type')
342
343
343 user = UserModel().update_user(user, **updates)
344 user = UserModel().update_user(user, **updates)
344 Session().commit()
345 Session().commit()
345 return {
346 return {
346 'msg': 'updated user ID:%s %s' % (user.user_id, user.username),
347 'msg': 'updated user ID:%s %s' % (user.user_id, user.username),
347 'user': user.get_api_data(include_secrets=True)
348 'user': user.get_api_data(include_secrets=True)
348 }
349 }
349 except DefaultUserException:
350 except DefaultUserException:
350 log.exception("Default user edit exception")
351 log.exception("Default user edit exception")
351 raise JSONRPCError('editing default user is forbidden')
352 raise JSONRPCError('editing default user is forbidden')
352 except Exception:
353 except Exception:
353 log.exception("Error occurred during update of user")
354 log.exception("Error occurred during update of user")
354 raise JSONRPCError('failed to update user `%s`' % (userid,))
355 raise JSONRPCError('failed to update user `%s`' % (userid,))
355
356
356
357
357 @jsonrpc_method()
358 @jsonrpc_method()
358 def delete_user(request, apiuser, userid):
359 def delete_user(request, apiuser, userid):
359 """
360 """
360 Deletes the specified user from the |RCE| user database.
361 Deletes the specified user from the |RCE| user database.
361
362
362 This command can only be run using an |authtoken| with admin rights to
363 This command can only be run using an |authtoken| with admin rights to
363 the specified repository.
364 the specified repository.
364
365
365 .. important::
366 .. important::
366
367
367 Ensure all open pull requests and open code review
368 Ensure all open pull requests and open code review
368 requests to this user are close.
369 requests to this user are close.
369
370
370 Also ensure all repositories, or repository groups owned by this
371 Also ensure all repositories, or repository groups owned by this
371 user are reassigned before deletion.
372 user are reassigned before deletion.
372
373
373 This command takes the following options:
374 This command takes the following options:
374
375
375 :param apiuser: This is filled automatically from the |authtoken|.
376 :param apiuser: This is filled automatically from the |authtoken|.
376 :type apiuser: AuthUser
377 :type apiuser: AuthUser
377 :param userid: Set the user to delete.
378 :param userid: Set the user to delete.
378 :type userid: str or int
379 :type userid: str or int
379
380
380 Example output:
381 Example output:
381
382
382 .. code-block:: bash
383 .. code-block:: bash
383
384
384 id : <id_given_in_input>
385 id : <id_given_in_input>
385 result: {
386 result: {
386 "msg" : "deleted user ID:<userid> <username>",
387 "msg" : "deleted user ID:<userid> <username>",
387 "user": null
388 "user": null
388 }
389 }
389 error: null
390 error: null
390
391
391 Example error output:
392 Example error output:
392
393
393 .. code-block:: bash
394 .. code-block:: bash
394
395
395 id : <id_given_in_input>
396 id : <id_given_in_input>
396 result : null
397 result : null
397 error : {
398 error : {
398 "failed to delete user ID:<userid> <username>"
399 "failed to delete user ID:<userid> <username>"
399 }
400 }
400
401
401 """
402 """
402 if not has_superadmin_permission(apiuser):
403 if not has_superadmin_permission(apiuser):
403 raise JSONRPCForbidden()
404 raise JSONRPCForbidden()
404
405
405 user = get_user_or_error(userid)
406 user = get_user_or_error(userid)
406
407
407 try:
408 try:
408 UserModel().delete(userid)
409 UserModel().delete(userid)
409 Session().commit()
410 Session().commit()
410 return {
411 return {
411 'msg': 'deleted user ID:%s %s' % (user.user_id, user.username),
412 'msg': 'deleted user ID:%s %s' % (user.user_id, user.username),
412 'user': None
413 'user': None
413 }
414 }
414 except Exception:
415 except Exception:
415 log.exception("Error occurred during deleting of user")
416 log.exception("Error occurred during deleting of user")
416 raise JSONRPCError(
417 raise JSONRPCError(
417 'failed to delete user ID:%s %s' % (user.user_id, user.username))
418 'failed to delete user ID:%s %s' % (user.user_id, user.username))
418
419
419
420
420 @jsonrpc_method()
421 @jsonrpc_method()
421 def get_user_locks(request, apiuser, userid=Optional(OAttr('apiuser'))):
422 def get_user_locks(request, apiuser, userid=Optional(OAttr('apiuser'))):
422 """
423 """
423 Displays all repositories locked by the specified user.
424 Displays all repositories locked by the specified user.
424
425
425 * If this command is run by a non-admin user, it returns
426 * If this command is run by a non-admin user, it returns
426 a list of |repos| locked by that user.
427 a list of |repos| locked by that user.
427
428
428 This command takes the following options:
429 This command takes the following options:
429
430
430 :param apiuser: This is filled automatically from the |authtoken|.
431 :param apiuser: This is filled automatically from the |authtoken|.
431 :type apiuser: AuthUser
432 :type apiuser: AuthUser
432 :param userid: Sets the userid whose list of locked |repos| will be
433 :param userid: Sets the userid whose list of locked |repos| will be
433 displayed.
434 displayed.
434 :type userid: Optional(str or int)
435 :type userid: Optional(str or int)
435
436
436 Example output:
437 Example output:
437
438
438 .. code-block:: bash
439 .. code-block:: bash
439
440
440 id : <id_given_in_input>
441 id : <id_given_in_input>
441 result : {
442 result : {
442 [repo_object, repo_object,...]
443 [repo_object, repo_object,...]
443 }
444 }
444 error : null
445 error : null
445 """
446 """
446
447
447 include_secrets = False
448 include_secrets = False
448 if not has_superadmin_permission(apiuser):
449 if not has_superadmin_permission(apiuser):
449 # make sure normal user does not pass someone else userid,
450 # make sure normal user does not pass someone else userid,
450 # he is not allowed to do that
451 # he is not allowed to do that
451 if not isinstance(userid, Optional) and userid != apiuser.user_id:
452 if not isinstance(userid, Optional) and userid != apiuser.user_id:
452 raise JSONRPCError('userid is not the same as your user')
453 raise JSONRPCError('userid is not the same as your user')
453 else:
454 else:
454 include_secrets = True
455 include_secrets = True
455
456
456 userid = Optional.extract(userid, evaluate_locals=locals())
457 userid = Optional.extract(userid, evaluate_locals=locals())
457 userid = getattr(userid, 'user_id', userid)
458 userid = getattr(userid, 'user_id', userid)
458 user = get_user_or_error(userid)
459 user = get_user_or_error(userid)
459
460
460 ret = []
461 ret = []
461
462
462 # show all locks
463 # show all locks
463 for r in Repository.getAll():
464 for r in Repository.getAll():
464 _user_id, _time, _reason = r.locked
465 _user_id, _time, _reason = r.locked
465 if _user_id and _time:
466 if _user_id and _time:
466 _api_data = r.get_api_data(include_secrets=include_secrets)
467 _api_data = r.get_api_data(include_secrets=include_secrets)
467 # if we use user filter just show the locks for this user
468 # if we use user filter just show the locks for this user
468 if safe_int(_user_id) == user.user_id:
469 if safe_int(_user_id) == user.user_id:
469 ret.append(_api_data)
470 ret.append(_api_data)
470
471
471 return ret
472 return ret
Show file before | Show file after | Hide comments
1 NO CONTENT: modified file
NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
General Comments 0
You need to be logged in to leave comments. Login now