diff options
author | Nick Frazier <nrflaw@gmail.com> | 2017-10-19 08:10:29 -0400 |
---|---|---|
committer | Joram Wilander <jwawilander@gmail.com> | 2017-10-19 08:10:29 -0400 |
commit | 7fa4913f902457dadb1a4806ce194eb122dbc090 (patch) | |
tree | ea340ad55f6dfa1e6ee647e0a87af69ac406e25d /api4/user.go | |
parent | 8e19ba029f889519d93cf272960dce858971106c (diff) | |
download | chat-7fa4913f902457dadb1a4806ce194eb122dbc090.tar.gz chat-7fa4913f902457dadb1a4806ce194eb122dbc090.tar.bz2 chat-7fa4913f902457dadb1a4806ce194eb122dbc090.zip |
[PLT-7794] Add user access token enable/disable endpoints (#7630)
* Add column to UserAccessTokens table
* PLT-7794 Add user access token enable/disable endpoints
* replaced eliminated global variable
* updates to user_access_token_store and upgrade.go
* style fix and cleanup
Diffstat (limited to 'api4/user.go')
-rw-r--r-- | api4/user.go | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/api4/user.go b/api4/user.go index d17591afa..889681b54 100644 --- a/api4/user.go +++ b/api4/user.go @@ -61,6 +61,8 @@ func (api *API) InitUser() { api.BaseRoutes.User.Handle("/tokens", api.ApiSessionRequired(getUserAccessTokens)).Methods("GET") api.BaseRoutes.Users.Handle("/tokens/{token_id:[A-Za-z0-9]+}", api.ApiSessionRequired(getUserAccessToken)).Methods("GET") api.BaseRoutes.Users.Handle("/tokens/revoke", api.ApiSessionRequired(revokeUserAccessToken)).Methods("POST") + api.BaseRoutes.Users.Handle("/tokens/disable", api.ApiSessionRequired(disableUserAccessToken)).Methods("POST") + api.BaseRoutes.Users.Handle("/tokens/enable", api.ApiSessionRequired(enableUserAccessToken)).Methods("POST") } func createUser(c *Context, w http.ResponseWriter, r *http.Request) { @@ -1290,3 +1292,77 @@ func revokeUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("success - token_id=" + accessToken.Id) ReturnStatusOK(w) } + +func disableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { + props := model.MapFromJson(r.Body) + tokenId := props["token_id"] + + if tokenId == "" { + c.SetInvalidParam("token_id") + } + + c.LogAudit("") + + // No separate permission for this action for now + if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_REVOKE_USER_ACCESS_TOKEN) { + c.SetPermissionError(model.PERMISSION_REVOKE_USER_ACCESS_TOKEN) + return + } + + accessToken, err := c.App.GetUserAccessToken(tokenId, false) + if err != nil { + c.Err = err + return + } + + if !app.SessionHasPermissionToUser(c.Session, accessToken.UserId) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + err = c.App.DisableUserAccessToken(accessToken) + if err != nil { + c.Err = err + return + } + + c.LogAudit("success - token_id=" + accessToken.Id) + ReturnStatusOK(w) +} + +func enableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { + props := model.MapFromJson(r.Body) + tokenId := props["token_id"] + + if tokenId == "" { + c.SetInvalidParam("token_id") + } + + c.LogAudit("") + + // No separate permission for this action for now + if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_USER_ACCESS_TOKEN) { + c.SetPermissionError(model.PERMISSION_CREATE_USER_ACCESS_TOKEN) + return + } + + accessToken, err := c.App.GetUserAccessToken(tokenId, false) + if err != nil { + c.Err = err + return + } + + if !app.SessionHasPermissionToUser(c.Session, accessToken.UserId) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + err = c.App.EnableUserAccessToken(accessToken) + if err != nil { + c.Err = err + return + } + + c.LogAudit("success - token_id=" + accessToken.Id) + ReturnStatusOK(w) +} |