diff options
Diffstat (limited to 'api4/user.go')
| -rw-r--r-- | api4/user.go | 153 |
1 files changed, 151 insertions, 2 deletions
diff --git a/api4/user.go b/api4/user.go index d2cc1034a..b22bc75f6 100644 --- a/api4/user.go +++ b/api4/user.go @@ -11,6 +11,7 @@ import ( l4g "github.com/alecthomas/log4go" "github.com/mattermost/platform/app" "github.com/mattermost/platform/model" + "github.com/mattermost/platform/store" "github.com/mattermost/platform/utils" ) @@ -20,12 +21,15 @@ func InitUser() { BaseRoutes.Users.Handle("", ApiHandler(createUser)).Methods("POST") BaseRoutes.Users.Handle("", ApiSessionRequired(getUsers)).Methods("GET") BaseRoutes.Users.Handle("/ids", ApiSessionRequired(getUsersByIds)).Methods("POST") + BaseRoutes.Users.Handle("/search", ApiSessionRequired(searchUsers)).Methods("POST") + BaseRoutes.Users.Handle("/autocomplete", ApiSessionRequired(autocompleteUsers)).Methods("GET") BaseRoutes.User.Handle("", ApiSessionRequired(getUser)).Methods("GET") BaseRoutes.User.Handle("/image", ApiSessionRequired(getProfileImage)).Methods("GET") BaseRoutes.User.Handle("/image", ApiSessionRequired(setProfileImage)).Methods("POST") BaseRoutes.User.Handle("", ApiSessionRequired(updateUser)).Methods("PUT") BaseRoutes.User.Handle("/patch", ApiSessionRequired(patchUser)).Methods("PUT") + BaseRoutes.User.Handle("/mfa", ApiSessionRequired(updateUserMfa)).Methods("PUT") BaseRoutes.User.Handle("", ApiSessionRequired(deleteUser)).Methods("DELETE") BaseRoutes.User.Handle("/roles", ApiSessionRequired(updateUserRoles)).Methods("PUT") BaseRoutes.User.Handle("/password", ApiSessionRequired(updatePassword)).Methods("PUT") @@ -41,7 +45,7 @@ func InitUser() { BaseRoutes.User.Handle("/sessions", ApiSessionRequired(getSessions)).Methods("GET") BaseRoutes.User.Handle("/sessions/revoke", ApiSessionRequired(revokeSession)).Methods("POST") - BaseRoutes.User.Handle("/audits", ApiSessionRequired(getAudits)).Methods("GET") + BaseRoutes.User.Handle("/audits", ApiSessionRequired(getUserAudits)).Methods("GET") } func createUser(c *Context, w http.ResponseWriter, r *http.Request) { @@ -331,6 +335,112 @@ func getUsersByIds(c *Context, w http.ResponseWriter, r *http.Request) { } } +func searchUsers(c *Context, w http.ResponseWriter, r *http.Request) { + props := model.UserSearchFromJson(r.Body) + if props == nil { + c.SetInvalidParam("") + return + } + + if len(props.Term) == 0 { + c.SetInvalidParam("term") + return + } + + if props.TeamId == "" && props.NotInChannelId != "" { + c.SetInvalidParam("team_id") + return + } + + if props.InChannelId != "" && !app.SessionHasPermissionToChannel(c.Session, props.InChannelId, model.PERMISSION_READ_CHANNEL) { + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } + + if props.NotInChannelId != "" && !app.SessionHasPermissionToChannel(c.Session, props.NotInChannelId, model.PERMISSION_READ_CHANNEL) { + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } + + if props.TeamId != "" && !app.SessionHasPermissionToTeam(c.Session, props.TeamId, model.PERMISSION_VIEW_TEAM) { + c.SetPermissionError(model.PERMISSION_VIEW_TEAM) + return + } + + searchOptions := map[string]bool{} + searchOptions[store.USER_SEARCH_OPTION_ALLOW_INACTIVE] = props.AllowInactive + + if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + hideFullName := !utils.Cfg.PrivacySettings.ShowFullName + hideEmail := !utils.Cfg.PrivacySettings.ShowEmailAddress + + if hideFullName && hideEmail { + searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true + } else if hideFullName { + searchOptions[store.USER_SEARCH_OPTION_ALL_NO_FULL_NAME] = true + } else if hideEmail { + searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY] = true + } + } + + if profiles, err := app.SearchUsers(props, searchOptions, c.IsSystemAdmin()); err != nil { + c.Err = err + return + } else { + w.Write([]byte(model.UserListToJson(profiles))) + } +} + +func autocompleteUsers(c *Context, w http.ResponseWriter, r *http.Request) { + channelId := r.URL.Query().Get("in_channel") + teamId := r.URL.Query().Get("in_team") + name := r.URL.Query().Get("name") + + autocomplete := new(model.UserAutocomplete) + var err *model.AppError + + searchOptions := map[string]bool{} + + hideFullName := !utils.Cfg.PrivacySettings.ShowFullName + if hideFullName && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true + } else { + searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY] = true + } + + if len(teamId) > 0 { + if len(channelId) > 0 { + if !app.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_READ_CHANNEL) { + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } + + result, _ := app.AutocompleteUsersInChannel(teamId, channelId, name, searchOptions, c.IsSystemAdmin()) + autocomplete.Users = result.InChannel + autocomplete.OutOfChannel = result.OutOfChannel + } else { + if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_VIEW_TEAM) { + c.SetPermissionError(model.PERMISSION_VIEW_TEAM) + return + } + + result, _ := app.AutocompleteUsersInTeam(teamId, name, searchOptions, c.IsSystemAdmin()) + autocomplete.Users = result.InTeam + } + } else { + // No permission check required + result, _ := app.SearchUsersInTeam("", name, searchOptions, c.IsSystemAdmin()) + autocomplete.Users = result + } + + if err != nil { + c.Err = err + return + } else { + w.Write([]byte((autocomplete.ToJson()))) + } +} + func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { c.RequireUserId() if c.Err != nil { @@ -441,6 +551,45 @@ func updateUserRoles(c *Context, w http.ResponseWriter, r *http.Request) { ReturnStatusOK(w) } +func updateUserMfa(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireUserId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + props := model.StringInterfaceFromJson(r.Body) + + activate, ok := props["activate"].(bool) + if !ok { + c.SetInvalidParam("activate") + return + } + + code := "" + if activate { + code, ok = props["code"].(string) + if !ok || len(code) == 0 { + c.SetInvalidParam("code") + return + } + } + + c.LogAudit("attempt") + + if err := app.UpdateMfa(activate, c.Params.UserId, code, c.GetSiteURL()); err != nil { + c.Err = err + return + } + + c.LogAudit("success - mfa updated") + ReturnStatusOK(w) +} + func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) { c.RequireUserId() if c.Err != nil { @@ -628,7 +777,7 @@ func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) { ReturnStatusOK(w) } -func getAudits(c *Context, w http.ResponseWriter, r *http.Request) { +func getUserAudits(c *Context, w http.ResponseWriter, r *http.Request) { c.RequireUserId() if c.Err != nil { return |