github.com/adacta-ru/mattermost-server/v6@v6.0.0/api4/user_local.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 "strconv" 9 10 "github.com/adacta-ru/mattermost-server/v6/audit" 11 "github.com/adacta-ru/mattermost-server/v6/model" 12 "github.com/adacta-ru/mattermost-server/v6/store" 13 ) 14 15 func (api *API) InitUserLocal() { 16 api.BaseRoutes.Users.Handle("", api.ApiLocal(localGetUsers)).Methods("GET") 17 api.BaseRoutes.Users.Handle("", api.ApiLocal(localPermanentDeleteAllUsers)).Methods("DELETE") 18 api.BaseRoutes.Users.Handle("", api.ApiLocal(createUser)).Methods("POST") 19 api.BaseRoutes.Users.Handle("/password/reset/send", api.ApiLocal(sendPasswordReset)).Methods("POST") 20 api.BaseRoutes.Users.Handle("/ids", api.ApiLocal(localGetUsersByIds)).Methods("POST") 21 22 api.BaseRoutes.User.Handle("", api.ApiLocal(localGetUser)).Methods("GET") 23 api.BaseRoutes.User.Handle("", api.ApiLocal(updateUser)).Methods("PUT") 24 api.BaseRoutes.User.Handle("", api.ApiLocal(localDeleteUser)).Methods("DELETE") 25 api.BaseRoutes.User.Handle("/roles", api.ApiLocal(updateUserRoles)).Methods("PUT") 26 api.BaseRoutes.User.Handle("/mfa", api.ApiLocal(updateUserMfa)).Methods("PUT") 27 api.BaseRoutes.User.Handle("/active", api.ApiLocal(updateUserActive)).Methods("PUT") 28 api.BaseRoutes.User.Handle("/password", api.ApiLocal(updatePassword)).Methods("PUT") 29 api.BaseRoutes.User.Handle("/convert_to_bot", api.ApiLocal(convertUserToBot)).Methods("POST") 30 api.BaseRoutes.User.Handle("/email/verify/member", api.ApiLocal(verifyUserEmailWithoutToken)).Methods("POST") 31 32 api.BaseRoutes.UserByUsername.Handle("", api.ApiLocal(localGetUserByUsername)).Methods("GET") 33 api.BaseRoutes.UserByEmail.Handle("", api.ApiLocal(localGetUserByEmail)).Methods("GET") 34 35 api.BaseRoutes.Users.Handle("/tokens/revoke", api.ApiLocal(revokeUserAccessToken)).Methods("POST") 36 api.BaseRoutes.User.Handle("/tokens", api.ApiLocal(getUserAccessTokensForUser)).Methods("GET") 37 api.BaseRoutes.User.Handle("/tokens", api.ApiLocal(createUserAccessToken)).Methods("POST") 38 39 api.BaseRoutes.Users.Handle("/migrate_auth/ldap", api.ApiLocal(migrateAuthToLDAP)).Methods("POST") 40 api.BaseRoutes.Users.Handle("/migrate_auth/saml", api.ApiLocal(migrateAuthToSaml)).Methods("POST") 41 42 api.BaseRoutes.User.Handle("/uploads", api.ApiLocal(localGetUploadsForUser)).Methods("GET") 43 } 44 45 func localGetUsers(c *Context, w http.ResponseWriter, r *http.Request) { 46 inTeamId := r.URL.Query().Get("in_team") 47 notInTeamId := r.URL.Query().Get("not_in_team") 48 inChannelId := r.URL.Query().Get("in_channel") 49 notInChannelId := r.URL.Query().Get("not_in_channel") 50 groupConstrained := r.URL.Query().Get("group_constrained") 51 withoutTeam := r.URL.Query().Get("without_team") 52 active := r.URL.Query().Get("active") 53 inactive := r.URL.Query().Get("inactive") 54 role := r.URL.Query().Get("role") 55 sort := r.URL.Query().Get("sort") 56 57 if len(notInChannelId) > 0 && len(inTeamId) == 0 { 58 c.SetInvalidUrlParam("team_id") 59 return 60 } 61 62 if sort != "" && sort != "last_activity_at" && sort != "create_at" && sort != "status" { 63 c.SetInvalidUrlParam("sort") 64 return 65 } 66 67 // Currently only supports sorting on a team 68 // or sort="status" on inChannelId 69 if (sort == "last_activity_at" || sort == "create_at") && (inTeamId == "" || notInTeamId != "" || inChannelId != "" || notInChannelId != "" || withoutTeam != "") { 70 c.SetInvalidUrlParam("sort") 71 return 72 } 73 if sort == "status" && inChannelId == "" { 74 c.SetInvalidUrlParam("sort") 75 return 76 } 77 78 withoutTeamBool, _ := strconv.ParseBool(withoutTeam) 79 groupConstrainedBool, _ := strconv.ParseBool(groupConstrained) 80 activeBool, _ := strconv.ParseBool(active) 81 inactiveBool, _ := strconv.ParseBool(inactive) 82 83 userGetOptions := &model.UserGetOptions{ 84 InTeamId: inTeamId, 85 InChannelId: inChannelId, 86 NotInTeamId: notInTeamId, 87 NotInChannelId: notInChannelId, 88 GroupConstrained: groupConstrainedBool, 89 WithoutTeam: withoutTeamBool, 90 Active: activeBool, 91 Inactive: inactiveBool, 92 Role: role, 93 Sort: sort, 94 Page: c.Params.Page, 95 PerPage: c.Params.PerPage, 96 ViewRestrictions: nil, 97 } 98 99 var err *model.AppError 100 var profiles []*model.User 101 etag := "" 102 103 if withoutTeamBool, _ := strconv.ParseBool(withoutTeam); withoutTeamBool { 104 profiles, err = c.App.GetUsersWithoutTeamPage(userGetOptions, c.IsSystemAdmin()) 105 } else if len(notInChannelId) > 0 { 106 profiles, err = c.App.GetUsersNotInChannelPage(inTeamId, notInChannelId, groupConstrainedBool, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin(), nil) 107 } else if len(notInTeamId) > 0 { 108 etag = c.App.GetUsersNotInTeamEtag(inTeamId, "") 109 if c.HandleEtag(etag, "Get Users Not in Team", w, r) { 110 return 111 } 112 113 profiles, err = c.App.GetUsersNotInTeamPage(notInTeamId, groupConstrainedBool, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin(), nil) 114 } else if len(inTeamId) > 0 { 115 if sort == "last_activity_at" { 116 profiles, err = c.App.GetRecentlyActiveUsersForTeamPage(inTeamId, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin(), nil) 117 } else if sort == "create_at" { 118 profiles, err = c.App.GetNewUsersForTeamPage(inTeamId, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin(), nil) 119 } else { 120 etag = c.App.GetUsersInTeamEtag(inTeamId, "") 121 if c.HandleEtag(etag, "Get Users in Team", w, r) { 122 return 123 } 124 profiles, err = c.App.GetUsersInTeamPage(userGetOptions, c.IsSystemAdmin()) 125 } 126 } else if len(inChannelId) > 0 { 127 if sort == "status" { 128 profiles, err = c.App.GetUsersInChannelPageByStatus(userGetOptions, c.IsSystemAdmin()) 129 } else { 130 profiles, err = c.App.GetUsersInChannelPage(userGetOptions, c.IsSystemAdmin()) 131 } 132 } else { 133 profiles, err = c.App.GetUsersPage(userGetOptions, c.IsSystemAdmin()) 134 } 135 136 if err != nil { 137 c.Err = err 138 return 139 } 140 141 if len(etag) > 0 { 142 w.Header().Set(model.HEADER_ETAG_SERVER, etag) 143 } 144 w.Write([]byte(model.UserListToJson(profiles))) 145 } 146 147 func localGetUsersByIds(c *Context, w http.ResponseWriter, r *http.Request) { 148 userIds := model.ArrayFromJson(r.Body) 149 150 if len(userIds) == 0 { 151 c.SetInvalidParam("user_ids") 152 return 153 } 154 155 sinceString := r.URL.Query().Get("since") 156 157 options := &store.UserGetByIdsOpts{ 158 IsAdmin: c.IsSystemAdmin(), 159 } 160 161 if len(sinceString) > 0 { 162 since, parseError := strconv.ParseInt(sinceString, 10, 64) 163 if parseError != nil { 164 c.SetInvalidParam("since") 165 return 166 } 167 options.Since = since 168 } 169 170 users, err := c.App.GetUsersByIds(userIds, options) 171 if err != nil { 172 c.Err = err 173 return 174 } 175 176 w.Write([]byte(model.UserListToJson(users))) 177 } 178 179 func localGetUser(c *Context, w http.ResponseWriter, r *http.Request) { 180 c.RequireUserId() 181 if c.Err != nil { 182 return 183 } 184 185 user, err := c.App.GetUser(c.Params.UserId) 186 if err != nil { 187 c.Err = err 188 return 189 } 190 191 userTermsOfService, err := c.App.GetUserTermsOfService(user.Id) 192 if err != nil && err.StatusCode != http.StatusNotFound { 193 c.Err = err 194 return 195 } 196 197 if userTermsOfService != nil { 198 user.TermsOfServiceId = userTermsOfService.TermsOfServiceId 199 user.TermsOfServiceCreateAt = userTermsOfService.CreateAt 200 } 201 202 etag := user.Etag(*c.App.Config().PrivacySettings.ShowFullName, *c.App.Config().PrivacySettings.ShowEmailAddress) 203 204 if c.HandleEtag(etag, "Get User", w, r) { 205 return 206 } 207 208 c.App.SanitizeProfile(user, c.IsSystemAdmin()) 209 w.Header().Set(model.HEADER_ETAG_SERVER, etag) 210 w.Write([]byte(user.ToJson())) 211 } 212 213 func localDeleteUser(c *Context, w http.ResponseWriter, r *http.Request) { 214 c.RequireUserId() 215 if c.Err != nil { 216 return 217 } 218 219 userId := c.Params.UserId 220 221 auditRec := c.MakeAuditRecord("localDeleteUser", audit.Fail) 222 defer c.LogAuditRec(auditRec) 223 224 user, err := c.App.GetUser(userId) 225 if err != nil { 226 c.Err = err 227 return 228 } 229 auditRec.AddMeta("user", user) 230 231 if c.Params.Permanent { 232 err = c.App.PermanentDeleteUser(user) 233 } else { 234 _, err = c.App.UpdateActive(user, false) 235 } 236 if err != nil { 237 c.Err = err 238 return 239 } 240 241 auditRec.Success() 242 ReturnStatusOK(w) 243 } 244 245 func localPermanentDeleteAllUsers(c *Context, w http.ResponseWriter, r *http.Request) { 246 auditRec := c.MakeAuditRecord("localPermanentDeleteAllUsers", audit.Fail) 247 defer c.LogAuditRec(auditRec) 248 249 if err := c.App.PermanentDeleteAllUsers(); err != nil { 250 c.Err = err 251 return 252 } 253 254 auditRec.Success() 255 ReturnStatusOK(w) 256 } 257 258 func localGetUserByUsername(c *Context, w http.ResponseWriter, r *http.Request) { 259 c.RequireUsername() 260 if c.Err != nil { 261 return 262 } 263 264 user, err := c.App.GetUserByUsername(c.Params.Username) 265 if err != nil { 266 c.Err = err 267 return 268 } 269 270 userTermsOfService, err := c.App.GetUserTermsOfService(user.Id) 271 if err != nil && err.StatusCode != http.StatusNotFound { 272 c.Err = err 273 return 274 } 275 276 if userTermsOfService != nil { 277 user.TermsOfServiceId = userTermsOfService.TermsOfServiceId 278 user.TermsOfServiceCreateAt = userTermsOfService.CreateAt 279 } 280 281 etag := user.Etag(*c.App.Config().PrivacySettings.ShowFullName, *c.App.Config().PrivacySettings.ShowEmailAddress) 282 283 if c.HandleEtag(etag, "Get User", w, r) { 284 return 285 } 286 287 c.App.SanitizeProfile(user, c.IsSystemAdmin()) 288 w.Header().Set(model.HEADER_ETAG_SERVER, etag) 289 w.Write([]byte(user.ToJson())) 290 } 291 292 func localGetUserByEmail(c *Context, w http.ResponseWriter, r *http.Request) { 293 c.SanitizeEmail() 294 if c.Err != nil { 295 return 296 } 297 298 sanitizeOptions := c.App.GetSanitizeOptions(c.IsSystemAdmin()) 299 if !sanitizeOptions["email"] { 300 c.Err = model.NewAppError("getUserByEmail", "api.user.get_user_by_email.permissions.app_error", nil, "userId="+c.App.Session().UserId, http.StatusForbidden) 301 return 302 } 303 304 user, err := c.App.GetUserByEmail(c.Params.Email) 305 if err != nil { 306 c.Err = err 307 return 308 } 309 310 etag := user.Etag(*c.App.Config().PrivacySettings.ShowFullName, *c.App.Config().PrivacySettings.ShowEmailAddress) 311 312 if c.HandleEtag(etag, "Get User", w, r) { 313 return 314 } 315 316 c.App.SanitizeProfile(user, c.IsSystemAdmin()) 317 w.Header().Set(model.HEADER_ETAG_SERVER, etag) 318 w.Write([]byte(user.ToJson())) 319 } 320 321 func localGetUploadsForUser(c *Context, w http.ResponseWriter, r *http.Request) { 322 uss, err := c.App.GetUploadSessionsForUser(c.Params.UserId) 323 if err != nil { 324 c.Err = err 325 return 326 } 327 328 w.Write([]byte(model.UploadSessionsToJson(uss))) 329 }