2014-06-04 21:25:38 +00:00
|
|
|
package handler
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
|
|
|
"net/http"
|
|
|
|
|
2014-06-12 23:41:04 +00:00
|
|
|
"github.com/drone/drone/server/database"
|
2014-06-04 21:25:38 +00:00
|
|
|
"github.com/drone/drone/server/session"
|
2014-07-09 21:25:11 +00:00
|
|
|
"github.com/drone/drone/shared/model"
|
2014-06-04 21:25:38 +00:00
|
|
|
"github.com/gorilla/pat"
|
|
|
|
)
|
|
|
|
|
|
|
|
type UsersHandler struct {
|
2014-06-12 23:41:04 +00:00
|
|
|
users database.UserManager
|
2014-06-04 21:25:38 +00:00
|
|
|
sess session.Session
|
|
|
|
}
|
|
|
|
|
2014-06-12 23:41:04 +00:00
|
|
|
func NewUsersHandler(users database.UserManager, sess session.Session) *UsersHandler {
|
2014-06-04 21:25:38 +00:00
|
|
|
return &UsersHandler{users, sess}
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetUsers gets all users.
|
|
|
|
// GET /api/users
|
|
|
|
func (h *UsersHandler) GetUsers(w http.ResponseWriter, r *http.Request) error {
|
|
|
|
// get the user form the session
|
|
|
|
user := h.sess.User(r)
|
2014-08-16 20:52:33 +00:00
|
|
|
switch {
|
|
|
|
case user == nil:
|
2014-06-04 21:25:38 +00:00
|
|
|
return notAuthorized{}
|
2014-08-16 20:52:33 +00:00
|
|
|
case user.Admin == false:
|
|
|
|
return forbidden{}
|
2014-06-04 21:25:38 +00:00
|
|
|
}
|
|
|
|
// get all users
|
|
|
|
users, err := h.users.List()
|
|
|
|
if err != nil {
|
|
|
|
return internalServerError{err}
|
|
|
|
}
|
|
|
|
|
|
|
|
return json.NewEncoder(w).Encode(users)
|
|
|
|
}
|
|
|
|
|
2014-07-09 21:25:11 +00:00
|
|
|
// GetUser gets a user by hostname and login.
|
|
|
|
// GET /api/users/:host/:login
|
|
|
|
func (h *UsersHandler) GetUser(w http.ResponseWriter, r *http.Request) error {
|
|
|
|
remote := r.FormValue(":host")
|
|
|
|
login := r.FormValue(":login")
|
|
|
|
|
|
|
|
// get the user form the session
|
|
|
|
user := h.sess.User(r)
|
2014-08-16 20:52:33 +00:00
|
|
|
switch {
|
|
|
|
case user == nil:
|
2014-07-09 21:25:11 +00:00
|
|
|
return notAuthorized{}
|
2014-08-16 20:52:33 +00:00
|
|
|
case user.Admin == false:
|
|
|
|
return forbidden{}
|
2014-07-09 21:25:11 +00:00
|
|
|
}
|
|
|
|
user, err := h.users.FindLogin(remote, login)
|
|
|
|
if err != nil {
|
|
|
|
return notFound{err}
|
|
|
|
}
|
|
|
|
|
|
|
|
return json.NewEncoder(w).Encode(user)
|
|
|
|
}
|
|
|
|
|
|
|
|
// PostUser registers a new user account.
|
|
|
|
// POST /api/users/:host/:login
|
|
|
|
func (h *UsersHandler) PostUser(w http.ResponseWriter, r *http.Request) error {
|
|
|
|
remote := r.FormValue(":host")
|
|
|
|
login := r.FormValue(":login")
|
|
|
|
|
|
|
|
// get the user form the session
|
|
|
|
user := h.sess.User(r)
|
2014-08-16 20:52:33 +00:00
|
|
|
switch {
|
|
|
|
case user == nil:
|
2014-07-09 21:25:11 +00:00
|
|
|
return notAuthorized{}
|
2014-08-16 20:52:33 +00:00
|
|
|
case user.Admin == false:
|
|
|
|
return forbidden{}
|
2014-07-09 21:25:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
account := model.NewUser(remote, login, "")
|
|
|
|
if err := h.users.Insert(account); err != nil {
|
|
|
|
return badRequest{err}
|
|
|
|
}
|
|
|
|
|
|
|
|
return json.NewEncoder(w).Encode(account)
|
|
|
|
}
|
|
|
|
|
|
|
|
// DeleteUser gets a user by hostname and login and deletes
|
|
|
|
// from the system.
|
|
|
|
//
|
|
|
|
// DELETE /api/users/:host/:login
|
|
|
|
func (h *UsersHandler) DeleteUser(w http.ResponseWriter, r *http.Request) error {
|
|
|
|
remote := r.FormValue(":host")
|
|
|
|
login := r.FormValue(":login")
|
|
|
|
|
|
|
|
// get the user form the session
|
|
|
|
user := h.sess.User(r)
|
2014-08-16 20:52:33 +00:00
|
|
|
switch {
|
|
|
|
case user == nil:
|
2014-07-09 21:25:11 +00:00
|
|
|
return notAuthorized{}
|
2014-08-16 20:52:33 +00:00
|
|
|
case user.Admin == false:
|
|
|
|
return forbidden{}
|
2014-07-09 21:25:11 +00:00
|
|
|
}
|
|
|
|
account, err := h.users.FindLogin(remote, login)
|
|
|
|
if err != nil {
|
|
|
|
return notFound{err}
|
|
|
|
}
|
|
|
|
|
|
|
|
// user cannot delete his / her own account
|
|
|
|
if account.ID == user.ID {
|
|
|
|
return badRequest{}
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := h.users.Delete(account); err != nil {
|
|
|
|
return badRequest{err}
|
|
|
|
}
|
|
|
|
|
|
|
|
// return a 200 indicating deletion complete
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2014-06-04 21:25:38 +00:00
|
|
|
func (h *UsersHandler) Register(r *pat.Router) {
|
2014-07-09 21:25:11 +00:00
|
|
|
r.Delete("/v1/users/{host}/{login}", errorHandler(h.DeleteUser))
|
|
|
|
r.Post("/v1/users/{host}/{login}", errorHandler(h.PostUser))
|
|
|
|
r.Get("/v1/users/{host}/{login}", errorHandler(h.GetUser))
|
2014-06-04 21:25:38 +00:00
|
|
|
r.Get("/v1/users", errorHandler(h.GetUsers))
|
|
|
|
}
|