@@ -207,35 +207,36 @@ OUTPUT::
},
...
]
}
error : null
get_user
--------
Get's an user by username or user_id, Returns empty result if user is not found.
If userid param is skipped it is set to id of user who is calling this method.
This command can be executed only using api_key belonging to user with admin
rights.
rights, or regular users which cannot specify userid parameter.
INPUT::
id : <id_for_response>
api_key : "<api_key>"
method : "get_user"
args : {
"userid" : "<username or user_id>"
"userid" : "<username or user_id Optional(=apiuser)>"
OUTPUT::
id : <id_given_in_input>
result: None if user does not exist or
{
"user_id" : "<user_id>",
"username" : "<username>",
"firstname": "<firstname>",
"lastname" : "<lastname>",
"email" : "<email>",
@@ -342,32 +343,32 @@ update_user
updates given user if such user exists. This command can
be executed only using api_key belonging to user with admin rights.
method : "update_user"
"userid" : "<user_id or username>",
"username" : "<username> = Optional",
"email" : "<useremail> = Optional",
"password" : "<password> = Optional",
"firstname" : "<firstname> = Optional",
"lastname" : "<lastname> = Optional",
"active" : "<bool> = Optional",
"admin" : "<bool> = Optional",
"ldap_dn" : "<ldap_dn> = Optional"
"username" : "<username> = Optional(None)",
"email" : "<useremail> = Optional(None)",
"password" : "<password> = Optional(None)",
"firstname" : "<firstname> = Optional(None)",
"lastname" : "<lastname> = Optional(None)",
"active" : "<bool> = Optional(None)",
"admin" : "<bool> = Optional(None)",
"ldap_dn" : "<ldap_dn> = Optional(None)"
result: {
"msg" : "updated user ID:<userid> <username>",
"user": {
@@ -213,25 +213,25 @@ class ApiController(JSONRPCController):
:param userid:
:param locked:
"""
repo = get_repo_or_error(repoid)
if HasPermissionAnyApi('hg.admin')(user=apiuser):
pass
elif HasRepoPermissionAnyApi('repository.admin',
'repository.write')(user=apiuser,
repo_name=repo.repo_name):
#make sure normal user does not pass userid, he is not allowed to do that
if not isinstance(userid, Optional):
raise JSONRPCError(
'Only RhodeCode admin can specify `userid` params'
'Only RhodeCode admin can specify `userid` param'
)
else:
return abort(403)
if isinstance(userid, Optional):
userid = apiuser.user_id
user = get_user_or_error(userid)
locked = bool(locked)
try:
if locked:
Repository.lock(repo, user.user_id)
Repository.unlock(repo)
@@ -251,32 +251,39 @@ class ApiController(JSONRPCController):
defined IP addresses for given user
:param apiuser:
ips = UserIpMap.query().filter(UserIpMap.user == user).all()
return dict(
ip_addr_server=self.ip_addr,
user_ips=ips
@HasPermissionAllDecorator('hg.admin')
def get_user(self, apiuser, userid):
def get_user(self, apiuser, userid=Optional(OAttr('apiuser'))):
""""
Get a user by username
Get a user by username, or userid, if userid is given
data = user.get_api_data()
data['permissions'] = AuthUser(user_id=user.user_id).permissions
return data
def get_users(self, apiuser):
Get all users
Status change: