##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

API method get_user can be executed by non-admin users ref #539
marcink -
r3162:a0a8f38e beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -216,8 +216,9 b' get_user'
216 --------
216 --------
217
217
218 Get's an user by username or user_id, Returns empty result if user is not found.
218 Get's an user by username or user_id, Returns empty result if user is not found.
219 If userid param is skipped it is set to id of user who is calling this method.
219 This command can be executed only using api_key belonging to user with admin
220 This command can be executed only using api_key belonging to user with admin
220 rights.
221 rights, or regular users which cannot specify userid parameter.
221
222
222
223
223 INPUT::
224 INPUT::
@@ -226,7 +227,7 b' INPUT::'
226 api_key : "<api_key>"
227 api_key : "<api_key>"
227 method : "get_user"
228 method : "get_user"
228 args : {
229 args : {
229 "userid" : "<username or user_id>"
230 "userid" : "<username or user_id Optional(=apiuser)>"
230 }
231 }
231
232
232 OUTPUT::
233 OUTPUT::
@@ -351,14 +352,14 b' INPUT::'
351 method : "update_user"
352 method : "update_user"
352 args : {
353 args : {
353 "userid" : "<user_id or username>",
354 "userid" : "<user_id or username>",
354 "username" : "<username> = Optional",
355 "username" : "<username> = Optional(None)",
355 "email" : "<useremail> = Optional",
356 "email" : "<useremail> = Optional(None)",
356 "password" : "<password> = Optional",
357 "password" : "<password> = Optional(None)",
357 "firstname" : "<firstname> = Optional",
358 "firstname" : "<firstname> = Optional(None)",
358 "lastname" : "<lastname> = Optional",
359 "lastname" : "<lastname> = Optional(None)",
359 "active" : "<bool> = Optional",
360 "active" : "<bool> = Optional(None)",
360 "admin" : "<bool> = Optional",
361 "admin" : "<bool> = Optional(None)",
361 "ldap_dn" : "<ldap_dn> = Optional"
362 "ldap_dn" : "<ldap_dn> = Optional(None)"
362 }
363 }
363
364
364 OUTPUT::
365 OUTPUT::
Show file before | Show file after | Hide comments
@@ -222,7 +222,7 b' class ApiController(JSONRPCController):'
222 #make sure normal user does not pass userid, he is not allowed to do that
222 #make sure normal user does not pass userid, he is not allowed to do that
223 if not isinstance(userid, Optional):
223 if not isinstance(userid, Optional):
224 raise JSONRPCError(
224 raise JSONRPCError(
225 'Only RhodeCode admin can specify `userid` params'
225 'Only RhodeCode admin can specify `userid` param'
226 )
226 )
227 else:
227 else:
228 return abort(403)
228 return abort(403)
@@ -260,14 +260,21 b' class ApiController(JSONRPCController):'
260 user_ips=ips
260 user_ips=ips
261 )
261 )
262
262
263 @HasPermissionAllDecorator('hg.admin')
263 def get_user(self, apiuser, userid=Optional(OAttr('apiuser'))):
264 def get_user(self, apiuser, userid):
265 """"
264 """"
266 Get a user by username
265 Get a user by username, or userid, if userid is given
267
266
268 :param apiuser:
267 :param apiuser:
269 :param userid:
268 :param userid:
270 """
269 """
270 if HasPermissionAnyApi('hg.admin')(user=apiuser):
271 pass
272 else:
273 if not isinstance(userid, Optional):
274 raise JSONRPCError(
275 'Only RhodeCode admin can specify `userid` params'
276 )
277 userid = apiuser.user_id
271
278
272 user = get_user_or_error(userid)
279 user = get_user_or_error(userid)
273 data = user.get_api_data()
280 data = user.get_api_data()
General Comments 0
You need to be logged in to leave comments. Login now