github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/user_local.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 "strconv" 9 10 "github.com/masterhung0112/hk_server/v5/audit" 11 "github.com/masterhung0112/hk_server/v5/model" 12 "github.com/masterhung0112/hk_server/v5/store" 13 ) 14 15 func (api *API) InitUserLocal() { 16 api.BaseRoutes.Users.Handle("", api.ApiLocal(localGetUsers)).Methods("GET") 17 api.BaseRoutes.Users.Handle("", api.ApiLocal(localPermanentDeleteAllUsers)).Methods("DELETE") 18 api.BaseRoutes.Users.Handle("", api.ApiLocal(createUser)).Methods("POST") 19 api.BaseRoutes.Users.Handle("/password/reset/send", api.ApiLocal(sendPasswordReset)).Methods("POST") 20 api.BaseRoutes.Users.Handle("/ids", api.ApiLocal(localGetUsersByIds)).Methods("POST") 21 22 api.BaseRoutes.User.Handle("", api.ApiLocal(localGetUser)).Methods("GET") 23 api.BaseRoutes.User.Handle("", api.ApiLocal(updateUser)).Methods("PUT") 24 api.BaseRoutes.User.Handle("", api.ApiLocal(localDeleteUser)).Methods("DELETE") 25 api.BaseRoutes.User.Handle("/roles", api.ApiLocal(updateUserRoles)).Methods("PUT") 26 api.BaseRoutes.User.Handle("/mfa", api.ApiLocal(updateUserMfa)).Methods("PUT") 27 api.BaseRoutes.User.Handle("/active", api.ApiLocal(updateUserActive)).Methods("PUT") 28 api.BaseRoutes.User.Handle("/password", api.ApiLocal(updatePassword)).Methods("PUT") 29 api.BaseRoutes.User.Handle("/convert_to_bot", api.ApiLocal(convertUserToBot)).Methods("POST") 30 api.BaseRoutes.User.Handle("/email/verify/member", api.ApiLocal(verifyUserEmailWithoutToken)).Methods("POST") 31 api.BaseRoutes.User.Handle("/promote", api.ApiLocal(promoteGuestToUser)).Methods("POST") 32 api.BaseRoutes.User.Handle("/demote", api.ApiLocal(demoteUserToGuest)).Methods("POST") 33 34 api.BaseRoutes.UserByUsername.Handle("", api.ApiLocal(localGetUserByUsername)).Methods("GET") 35 api.BaseRoutes.UserByEmail.Handle("", api.ApiLocal(localGetUserByEmail)).Methods("GET") 36 37 api.BaseRoutes.Users.Handle("/tokens/revoke", api.ApiLocal(revokeUserAccessToken)).Methods("POST") 38 api.BaseRoutes.User.Handle("/tokens", api.ApiLocal(getUserAccessTokensForUser)).Methods("GET") 39 api.BaseRoutes.User.Handle("/tokens", api.ApiLocal(createUserAccessToken)).Methods("POST") 40 41 api.BaseRoutes.Users.Handle("/migrate_auth/ldap", api.ApiLocal(migrateAuthToLDAP)).Methods("POST") 42 api.BaseRoutes.Users.Handle("/migrate_auth/saml", api.ApiLocal(migrateAuthToSaml)).Methods("POST") 43 44 api.BaseRoutes.User.Handle("/uploads", api.ApiLocal(localGetUploadsForUser)).Methods("GET") 45 } 46 47 func localGetUsers(c *Context, w http.ResponseWriter, r *http.Request) { 48 inTeamId := r.URL.Query().Get("in_team") 49 notInTeamId := r.URL.Query().Get("not_in_team") 50 inChannelId := r.URL.Query().Get("in_channel") 51 notInChannelId := r.URL.Query().Get("not_in_channel") 52 groupConstrained := r.URL.Query().Get("group_constrained") 53 withoutTeam := r.URL.Query().Get("without_team") 54 active := r.URL.Query().Get("active") 55 inactive := r.URL.Query().Get("inactive") 56 role := r.URL.Query().Get("role") 57 sort := r.URL.Query().Get("sort") 58 59 if notInChannelId != "" && inTeamId == "" { 60 c.SetInvalidUrlParam("team_id") 61 return 62 } 63 64 if sort != "" && sort != "last_activity_at" && sort != "create_at" && sort != "status" { 65 c.SetInvalidUrlParam("sort") 66 return 67 } 68 69 // Currently only supports sorting on a team 70 // or sort="status" on inChannelId 71 if (sort == "last_activity_at" || sort == "create_at") && (inTeamId == "" || notInTeamId != "" || inChannelId != "" || notInChannelId != "" || withoutTeam != "") { 72 c.SetInvalidUrlParam("sort") 73 return 74 } 75 if sort == "status" && inChannelId == "" { 76 c.SetInvalidUrlParam("sort") 77 return 78 } 79 80 withoutTeamBool, _ := strconv.ParseBool(withoutTeam) 81 groupConstrainedBool, _ := strconv.ParseBool(groupConstrained) 82 activeBool, _ := strconv.ParseBool(active) 83 inactiveBool, _ := strconv.ParseBool(inactive) 84 85 userGetOptions := &model.UserGetOptions{ 86 InTeamId: inTeamId, 87 InChannelId: inChannelId, 88 NotInTeamId: notInTeamId, 89 NotInChannelId: notInChannelId, 90 GroupConstrained: groupConstrainedBool, 91 WithoutTeam: withoutTeamBool, 92 Active: activeBool, 93 Inactive: inactiveBool, 94 Role: role, 95 Sort: sort, 96 Page: c.Params.Page, 97 PerPage: c.Params.PerPage, 98 ViewRestrictions: nil, 99 } 100 101 var err *model.AppError 102 var profiles []*model.User 103 etag := "" 104 105 if withoutTeamBool, _ := strconv.ParseBool(withoutTeam); withoutTeamBool { 106 profiles, err = c.App.GetUsersWithoutTeamPage(userGetOptions, c.IsSystemAdmin()) 107 } else if notInChannelId != "" { 108 profiles, err = c.App.GetUsersNotInChannelPage(inTeamId, notInChannelId, groupConstrainedBool, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin(), nil) 109 } else if notInTeamId != "" { 110 etag = c.App.GetUsersNotInTeamEtag(inTeamId, "") 111 if c.HandleEtag(etag, "Get Users Not in Team", w, r) { 112 return 113 } 114 115 profiles, err = c.App.GetUsersNotInTeamPage(notInTeamId, groupConstrainedBool, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin(), nil) 116 } else if inTeamId != "" { 117 if sort == "last_activity_at" { 118 profiles, err = c.App.GetRecentlyActiveUsersForTeamPage(inTeamId, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin(), nil) 119 } else if sort == "create_at" { 120 profiles, err = c.App.GetNewUsersForTeamPage(inTeamId, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin(), nil) 121 } else { 122 etag = c.App.GetUsersInTeamEtag(inTeamId, "") 123 if c.HandleEtag(etag, "Get Users in Team", w, r) { 124 return 125 } 126 profiles, err = c.App.GetUsersInTeamPage(userGetOptions, c.IsSystemAdmin()) 127 } 128 } else if inChannelId != "" { 129 if sort == "status" { 130 profiles, err = c.App.GetUsersInChannelPageByStatus(userGetOptions, c.IsSystemAdmin()) 131 } else { 132 profiles, err = c.App.GetUsersInChannelPage(userGetOptions, c.IsSystemAdmin()) 133 } 134 } else { 135 profiles, err = c.App.GetUsersPage(userGetOptions, c.IsSystemAdmin()) 136 } 137 138 if err != nil { 139 c.Err = err 140 return 141 } 142 143 if etag != "" { 144 w.Header().Set(model.HEADER_ETAG_SERVER, etag) 145 } 146 w.Write([]byte(model.UserListToJson(profiles))) 147 } 148 149 func localGetUsersByIds(c *Context, w http.ResponseWriter, r *http.Request) { 150 userIds := model.ArrayFromJson(r.Body) 151 152 if len(userIds) == 0 { 153 c.SetInvalidParam("user_ids") 154 return 155 } 156 157 sinceString := r.URL.Query().Get("since") 158 159 options := &store.UserGetByIdsOpts{ 160 IsAdmin: c.IsSystemAdmin(), 161 } 162 163 if sinceString != "" { 164 since, parseError := strconv.ParseInt(sinceString, 10, 64) 165 if parseError != nil { 166 c.SetInvalidParam("since") 167 return 168 } 169 options.Since = since 170 } 171 172 users, err := c.App.GetUsersByIds(userIds, options) 173 if err != nil { 174 c.Err = err 175 return 176 } 177 178 w.Write([]byte(model.UserListToJson(users))) 179 } 180 181 func localGetUser(c *Context, w http.ResponseWriter, r *http.Request) { 182 c.RequireUserId() 183 if c.Err != nil { 184 return 185 } 186 187 user, err := c.App.GetUser(c.Params.UserId) 188 if err != nil { 189 c.Err = err 190 return 191 } 192 193 userTermsOfService, err := c.App.GetUserTermsOfService(user.Id) 194 if err != nil && err.StatusCode != http.StatusNotFound { 195 c.Err = err 196 return 197 } 198 199 if userTermsOfService != nil { 200 user.TermsOfServiceId = userTermsOfService.TermsOfServiceId 201 user.TermsOfServiceCreateAt = userTermsOfService.CreateAt 202 } 203 204 etag := user.Etag(*c.App.Config().PrivacySettings.ShowFullName, *c.App.Config().PrivacySettings.ShowEmailAddress) 205 206 if c.HandleEtag(etag, "Get User", w, r) { 207 return 208 } 209 210 c.App.SanitizeProfile(user, c.IsSystemAdmin()) 211 w.Header().Set(model.HEADER_ETAG_SERVER, etag) 212 w.Write([]byte(user.ToJson())) 213 } 214 215 func localDeleteUser(c *Context, w http.ResponseWriter, r *http.Request) { 216 c.RequireUserId() 217 if c.Err != nil { 218 return 219 } 220 221 userId := c.Params.UserId 222 223 auditRec := c.MakeAuditRecord("localDeleteUser", audit.Fail) 224 defer c.LogAuditRec(auditRec) 225 226 user, err := c.App.GetUser(userId) 227 if err != nil { 228 c.Err = err 229 return 230 } 231 auditRec.AddMeta("user", user) 232 233 if c.Params.Permanent { 234 err = c.App.PermanentDeleteUser(c.AppContext, user) 235 } else { 236 _, err = c.App.UpdateActive(c.AppContext, user, false) 237 } 238 if err != nil { 239 c.Err = err 240 return 241 } 242 243 auditRec.Success() 244 ReturnStatusOK(w) 245 } 246 247 func localPermanentDeleteAllUsers(c *Context, w http.ResponseWriter, r *http.Request) { 248 auditRec := c.MakeAuditRecord("localPermanentDeleteAllUsers", audit.Fail) 249 defer c.LogAuditRec(auditRec) 250 251 if err := c.App.PermanentDeleteAllUsers(c.AppContext); err != nil { 252 c.Err = err 253 return 254 } 255 256 auditRec.Success() 257 ReturnStatusOK(w) 258 } 259 260 func localGetUserByUsername(c *Context, w http.ResponseWriter, r *http.Request) { 261 c.RequireUsername() 262 if c.Err != nil { 263 return 264 } 265 266 user, err := c.App.GetUserByUsername(c.Params.Username) 267 if err != nil { 268 c.Err = err 269 return 270 } 271 272 userTermsOfService, err := c.App.GetUserTermsOfService(user.Id) 273 if err != nil && err.StatusCode != http.StatusNotFound { 274 c.Err = err 275 return 276 } 277 278 if userTermsOfService != nil { 279 user.TermsOfServiceId = userTermsOfService.TermsOfServiceId 280 user.TermsOfServiceCreateAt = userTermsOfService.CreateAt 281 } 282 283 etag := user.Etag(*c.App.Config().PrivacySettings.ShowFullName, *c.App.Config().PrivacySettings.ShowEmailAddress) 284 285 if c.HandleEtag(etag, "Get User", w, r) { 286 return 287 } 288 289 c.App.SanitizeProfile(user, c.IsSystemAdmin()) 290 w.Header().Set(model.HEADER_ETAG_SERVER, etag) 291 w.Write([]byte(user.ToJson())) 292 } 293 294 func localGetUserByEmail(c *Context, w http.ResponseWriter, r *http.Request) { 295 c.SanitizeEmail() 296 if c.Err != nil { 297 return 298 } 299 300 sanitizeOptions := c.App.GetSanitizeOptions(c.IsSystemAdmin()) 301 if !sanitizeOptions["email"] { 302 c.Err = model.NewAppError("getUserByEmail", "api.user.get_user_by_email.permissions.app_error", nil, "userId="+c.AppContext.Session().UserId, http.StatusForbidden) 303 return 304 } 305 306 user, err := c.App.GetUserByEmail(c.Params.Email) 307 if err != nil { 308 c.Err = err 309 return 310 } 311 312 etag := user.Etag(*c.App.Config().PrivacySettings.ShowFullName, *c.App.Config().PrivacySettings.ShowEmailAddress) 313 314 if c.HandleEtag(etag, "Get User", w, r) { 315 return 316 } 317 318 c.App.SanitizeProfile(user, c.IsSystemAdmin()) 319 w.Header().Set(model.HEADER_ETAG_SERVER, etag) 320 w.Write([]byte(user.ToJson())) 321 } 322 323 func localGetUploadsForUser(c *Context, w http.ResponseWriter, r *http.Request) { 324 uss, err := c.App.GetUploadSessionsForUser(c.Params.UserId) 325 if err != nil { 326 c.Err = err 327 return 328 } 329 330 w.Write([]byte(model.UploadSessionsToJson(uss))) 331 }