Changeset - a0a8f38e8fb8
Parent rev.
Child rev.
[Not reviewed]
beta
0 2 0
Marcin Kuzminski - 13 years ago 2013-01-13 23:11:55
marcin@python-works.com
API method get_user can be executed by non-admin users ref #539
2 files changed with 22 insertions and 14 deletions:
docs/api/api.rst
11
10
rhodecode/controllers/api/api.py
11
4
0 comments (0 inline, 0 general)
docs/api/api.rst
Show inline comments
 
@@ -213,23 +213,24 @@ OUTPUT::
 

			




	
	
	
		
 

			




	
	
	
		
 
get_user

			




	
	
	
		
 
--------

			




	
	
	
		
 

			




	
	
	
		
 
Get's an user by username or user_id, Returns empty result if user is not found.

			




	
	
	
		
 
If userid param is skipped it is set to id of user who is calling this method.

			




	
	
	
		
 
This command can be executed only using api_key belonging to user with admin 

			




	
	
	
		
 
rights.

			




	
	
	
		
 
rights, or regular users which cannot specify userid parameter.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
INPUT::

			




	
	
	
		
 

			




	
	
	
		
 
    id : <id_for_response>

			




	
	
	
		
 
    api_key : "<api_key>"

			




	
	
	
		
 
    method :  "get_user"

			




	
	
	
		
 
    args :    { 

			




	
	
	
		
 
                "userid" : "<username or user_id>"

			




	
	
	
		
 
                "userid" : "<username or user_id Optional(=apiuser)>"

			




	
	
	
		
 
              }

			




	
	
	
		
 

			




	
	
	
		
 
OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
    id : <id_given_in_input>

			




	
	
	
		
 
    result: None if user does not exist or 

			




	
	
		
 
@@ -348,20 +349,20 @@ INPUT::

			




	
	
	
		
 

			




	
	
	
		
 
    id : <id_for_response>

			




	
	
	
		
 
    api_key : "<api_key>"

			




	
	
	
		
 
    method :  "update_user"

			




	
	
	
		
 
    args :    {

			




	
	
	
		
 
                "userid" : "<user_id or username>",

			




	
	
	
		
 
                "username" :  "<username> = Optional",

			




	
	
	
		
 
                "email" :     "<useremail> = Optional",

			




	
	
	
		
 
                "password" :  "<password> = Optional",

			




	
	
	
		
 
                "firstname" : "<firstname> = Optional",

			




	
	
	
		
 
                "lastname" :  "<lastname> = Optional",

			




	
	
	
		
 
                "active" :    "<bool> = Optional",

			




	
	
	
		
 
                "admin" :     "<bool> = Optional",

			




	
	
	
		
 
                "ldap_dn" :   "<ldap_dn> = Optional"

			




	
	
	
		
 
                "username" :  "<username> = Optional(None)",

			




	
	
	
		
 
                "email" :     "<useremail> = Optional(None)",

			




	
	
	
		
 
                "password" :  "<password> = Optional(None)",

			




	
	
	
		
 
                "firstname" : "<firstname> = Optional(None)",

			




	
	
	
		
 
                "lastname" :  "<lastname> = Optional(None)",

			




	
	
	
		
 
                "active" :    "<bool> = Optional(None)",

			




	
	
	
		
 
                "admin" :     "<bool> = Optional(None)",

			




	
	
	
		
 
                "ldap_dn" :   "<ldap_dn> = Optional(None)"

			




	
	
	
		
 
              }

			




	
	
	
		
 

			




	
	
	
		
 
OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
    id : <id_given_in_input>

			




	
	
	
		
 
    result: {

			




        

    


    
    

    

        

                

                    rhodecode/controllers/api/api.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -219,13 +219,13 @@ class ApiController(JSONRPCController):

			




	
	
	
		
 
        elif HasRepoPermissionAnyApi('repository.admin',

			




	
	
	
		
 
                                     'repository.write')(user=apiuser,

			




	
	
	
		
 
                                                         repo_name=repo.repo_name):

			




	
	
	
		
 
            #make sure normal user does not pass userid, he is not allowed to do that

			




	
	
	
		
 
            if not isinstance(userid, Optional):

			




	
	
	
		
 
                raise JSONRPCError(

			




	
	
	
		
 
                    'Only RhodeCode admin can specify `userid` params'

			




	
	
	
		
 
                    'Only RhodeCode admin can specify `userid` param'

			




	
	
	
		
 
                )

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            return abort(403)

			




	
	
	
		
 
        if isinstance(userid, Optional):

			




	
	
	
		
 
            userid = apiuser.user_id

			




	
	
	
		
 
        user = get_user_or_error(userid)

			




	
	
		
 
@@ -257,20 +257,27 @@ class ApiController(JSONRPCController):

			




	
	
	
		
 
        ips = UserIpMap.query().filter(UserIpMap.user == user).all()

			




	
	
	
		
 
        return dict(

			




	
	
	
		
 
            ip_addr_server=self.ip_addr,

			




	
	
	
		
 
            user_ips=ips

			




	
	
	
		
 
        )

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAllDecorator('hg.admin')

			




	
	
	
		
 
    def get_user(self, apiuser, userid):

			




	
	
	
		
 
    def get_user(self, apiuser, userid=Optional(OAttr('apiuser'))):

			




	
	
	
		
 
        """"

			




	
	
	
		
 
        Get a user by username

			




	
	
	
		
 
        Get a user by username, or userid, if userid is given

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser:

			




	
	
	
		
 
        :param userid:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        if HasPermissionAnyApi('hg.admin')(user=apiuser):

			




	
	
	
		
 
            pass

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            if not isinstance(userid, Optional):

			




	
	
	
		
 
                raise JSONRPCError(

			




	
	
	
		
 
                    'Only RhodeCode admin can specify `userid` params'

			




	
	
	
		
 
                )

			




	
	
	
		
 
            userid = apiuser.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        user = get_user_or_error(userid)

			




	
	
	
		
 
        data = user.get_api_data()

			




	
	
	
		
 
        data['permissions'] = AuthUser(user_id=user.user_id).permissions

			




	
	
	
		
 
        return data

			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: clio-9518
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.
            – Support