miniflux/api/user.go

186 lines
4.3 KiB
Go
Raw Normal View History

2017-11-20 06:10:04 +01:00
// Copyright 2017 Frédéric Guillot. All rights reserved.
// Use of this source code is governed by the Apache 2.0
// license that can be found in the LICENSE file.
package api
import (
"errors"
2017-11-28 06:30:04 +01:00
"github.com/miniflux/miniflux/http/handler"
2017-11-20 06:10:04 +01:00
)
// CreateUser is the API handler to create a new user.
func (c *Controller) CreateUser(ctx *handler.Context, request *handler.Request, response *handler.Response) {
2017-11-20 06:10:04 +01:00
if !ctx.IsAdminUser() {
2017-11-22 03:30:16 +01:00
response.JSON().Forbidden()
2017-11-20 06:10:04 +01:00
return
}
user, err := decodeUserPayload(request.Body())
2017-11-20 06:10:04 +01:00
if err != nil {
2017-11-22 03:30:16 +01:00
response.JSON().BadRequest(err)
2017-11-20 06:10:04 +01:00
return
}
if err := user.ValidateUserCreation(); err != nil {
2017-11-22 03:30:16 +01:00
response.JSON().BadRequest(err)
2017-11-20 06:10:04 +01:00
return
}
if c.store.UserExists(user.Username) {
2017-11-22 03:30:16 +01:00
response.JSON().BadRequest(errors.New("This user already exists"))
2017-11-20 06:10:04 +01:00
return
}
err = c.store.CreateUser(user)
if err != nil {
2017-11-22 03:30:16 +01:00
response.JSON().ServerError(errors.New("Unable to create this user"))
2017-11-20 06:10:04 +01:00
return
}
user.Password = ""
2017-11-22 03:30:16 +01:00
response.JSON().Created(user)
2017-11-20 06:10:04 +01:00
}
// UpdateUser is the API handler to update the given user.
func (c *Controller) UpdateUser(ctx *handler.Context, request *handler.Request, response *handler.Response) {
2017-11-20 06:10:04 +01:00
if !ctx.IsAdminUser() {
2017-11-22 03:30:16 +01:00
response.JSON().Forbidden()
2017-11-20 06:10:04 +01:00
return
}
2017-11-22 03:14:45 +01:00
userID, err := request.IntegerParam("userID")
2017-11-20 06:10:04 +01:00
if err != nil {
2017-11-22 03:30:16 +01:00
response.JSON().BadRequest(err)
2017-11-20 06:10:04 +01:00
return
}
user, err := decodeUserPayload(request.Body())
2017-11-20 06:10:04 +01:00
if err != nil {
2017-11-22 03:30:16 +01:00
response.JSON().BadRequest(err)
2017-11-20 06:10:04 +01:00
return
}
if err := user.ValidateUserModification(); err != nil {
2017-11-22 03:30:16 +01:00
response.JSON().BadRequest(err)
2017-11-20 06:10:04 +01:00
return
}
2017-11-28 06:30:04 +01:00
originalUser, err := c.store.UserByID(userID)
2017-11-20 06:10:04 +01:00
if err != nil {
2017-11-22 03:30:16 +01:00
response.JSON().BadRequest(errors.New("Unable to fetch this user from the database"))
2017-11-20 06:10:04 +01:00
return
}
if originalUser == nil {
2017-11-22 03:30:16 +01:00
response.JSON().NotFound(errors.New("User not found"))
2017-11-20 06:10:04 +01:00
return
}
originalUser.Merge(user)
if err = c.store.UpdateUser(originalUser); err != nil {
2017-11-22 03:30:16 +01:00
response.JSON().ServerError(errors.New("Unable to update this user"))
2017-11-20 06:10:04 +01:00
return
}
2017-11-22 03:30:16 +01:00
response.JSON().Created(originalUser)
2017-11-20 06:10:04 +01:00
}
// Users is the API handler to get the list of users.
func (c *Controller) Users(ctx *handler.Context, request *handler.Request, response *handler.Response) {
2017-11-20 06:10:04 +01:00
if !ctx.IsAdminUser() {
2017-11-22 03:30:16 +01:00
response.JSON().Forbidden()
2017-11-20 06:10:04 +01:00
return
}
2017-11-28 06:30:04 +01:00
users, err := c.store.Users()
2017-11-20 06:10:04 +01:00
if err != nil {
2017-11-22 03:30:16 +01:00
response.JSON().ServerError(errors.New("Unable to fetch the list of users"))
2017-11-20 06:10:04 +01:00
return
}
2017-11-22 03:30:16 +01:00
response.JSON().Standard(users)
2017-11-20 06:10:04 +01:00
}
// UserByID is the API handler to fetch the given user by the ID.
func (c *Controller) UserByID(ctx *handler.Context, request *handler.Request, response *handler.Response) {
2017-11-20 06:10:04 +01:00
if !ctx.IsAdminUser() {
2017-11-22 03:30:16 +01:00
response.JSON().Forbidden()
2017-11-20 06:10:04 +01:00
return
}
2017-11-22 03:14:45 +01:00
userID, err := request.IntegerParam("userID")
2017-11-20 06:10:04 +01:00
if err != nil {
2017-11-22 03:30:16 +01:00
response.JSON().BadRequest(err)
2017-11-20 06:10:04 +01:00
return
}
2017-11-28 06:30:04 +01:00
user, err := c.store.UserByID(userID)
2017-11-20 06:10:04 +01:00
if err != nil {
2017-11-22 03:30:16 +01:00
response.JSON().BadRequest(errors.New("Unable to fetch this user from the database"))
2017-11-20 06:10:04 +01:00
return
}
if user == nil {
2017-11-22 03:30:16 +01:00
response.JSON().NotFound(errors.New("User not found"))
2017-11-20 06:10:04 +01:00
return
}
2017-11-22 03:30:16 +01:00
response.JSON().Standard(user)
2017-11-20 06:10:04 +01:00
}
// UserByUsername is the API handler to fetch the given user by the username.
func (c *Controller) UserByUsername(ctx *handler.Context, request *handler.Request, response *handler.Response) {
if !ctx.IsAdminUser() {
response.JSON().Forbidden()
return
}
username := request.StringParam("username", "")
user, err := c.store.UserByUsername(username)
if err != nil {
response.JSON().BadRequest(errors.New("Unable to fetch this user from the database"))
return
}
if user == nil {
response.JSON().NotFound(errors.New("User not found"))
return
}
response.JSON().Standard(user)
}
2017-11-20 06:10:04 +01:00
// RemoveUser is the API handler to remove an existing user.
func (c *Controller) RemoveUser(ctx *handler.Context, request *handler.Request, response *handler.Response) {
2017-11-20 06:10:04 +01:00
if !ctx.IsAdminUser() {
2017-11-22 03:30:16 +01:00
response.JSON().Forbidden()
2017-11-20 06:10:04 +01:00
return
}
2017-11-22 03:14:45 +01:00
userID, err := request.IntegerParam("userID")
2017-11-20 06:10:04 +01:00
if err != nil {
2017-11-22 03:30:16 +01:00
response.JSON().BadRequest(err)
2017-11-20 06:10:04 +01:00
return
}
2017-11-28 06:30:04 +01:00
user, err := c.store.UserByID(userID)
2017-11-20 06:10:04 +01:00
if err != nil {
2017-11-22 03:30:16 +01:00
response.JSON().ServerError(errors.New("Unable to fetch this user from the database"))
2017-11-20 06:10:04 +01:00
return
}
if user == nil {
2017-11-22 03:30:16 +01:00
response.JSON().NotFound(errors.New("User not found"))
2017-11-20 06:10:04 +01:00
return
}
if err := c.store.RemoveUser(user.ID); err != nil {
2017-11-22 03:30:16 +01:00
response.JSON().BadRequest(errors.New("Unable to remove this user from the database"))
2017-11-20 06:10:04 +01:00
return
}
2017-11-22 03:30:16 +01:00
response.JSON().NoContent()
2017-11-20 06:10:04 +01:00
}