2016-05-24 11:55:48 +02:00
|
|
|
package api
|
2016-04-10 20:03:12 +02:00
|
|
|
|
|
|
|
import (
|
2017-03-28 03:38:53 +02:00
|
|
|
log "github.com/Sirupsen/logrus"
|
2020-12-03 14:51:15 +01:00
|
|
|
"github.com/ansible-semaphore/semaphore/api/helpers"
|
|
|
|
"github.com/ansible-semaphore/semaphore/db"
|
2020-12-01 20:06:49 +01:00
|
|
|
"net/http"
|
2019-07-09 19:45:27 +02:00
|
|
|
|
2019-07-09 18:14:06 +02:00
|
|
|
"github.com/ansible-semaphore/semaphore/util"
|
2017-02-22 23:21:52 +01:00
|
|
|
"github.com/gorilla/context"
|
2016-04-10 20:03:12 +02:00
|
|
|
)
|
|
|
|
|
2019-07-09 18:11:01 +02:00
|
|
|
func getUsers(w http.ResponseWriter, r *http.Request) {
|
2020-12-03 14:51:15 +01:00
|
|
|
users, err := helpers.Store(r).GetUsers(db.RetrieveQueryParams{})
|
2020-12-01 20:06:49 +01:00
|
|
|
|
|
|
|
if err != nil {
|
2019-07-09 18:11:01 +02:00
|
|
|
panic(err)
|
|
|
|
}
|
2016-04-29 09:33:08 +02:00
|
|
|
|
2020-12-03 14:51:15 +01:00
|
|
|
helpers.WriteJSON(w, http.StatusOK, users)
|
2019-07-09 14:56:03 +02:00
|
|
|
}
|
2016-04-10 20:03:12 +02:00
|
|
|
|
2019-07-09 18:11:01 +02:00
|
|
|
func addUser(w http.ResponseWriter, r *http.Request) {
|
2021-03-12 22:13:39 +01:00
|
|
|
var user db.UserWithPwd
|
2020-12-03 14:51:15 +01:00
|
|
|
if !helpers.Bind(w, r, &user) {
|
2019-07-09 18:11:01 +02:00
|
|
|
return
|
|
|
|
}
|
2016-04-10 20:03:12 +02:00
|
|
|
|
2020-12-04 23:41:26 +01:00
|
|
|
editor := context.Get(r, "user").(*db.User)
|
2019-07-09 18:11:01 +02:00
|
|
|
if !editor.Admin {
|
|
|
|
log.Warn(editor.Username + " is not permitted to create users")
|
|
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
|
|
return
|
|
|
|
}
|
2019-07-09 14:56:03 +02:00
|
|
|
|
2020-12-03 14:51:15 +01:00
|
|
|
newUser, err := helpers.Store(r).CreateUser(user)
|
2019-07-09 14:56:03 +02:00
|
|
|
|
2020-12-01 20:06:49 +01:00
|
|
|
if err != nil {
|
2020-12-01 18:16:29 +01:00
|
|
|
log.Warn(editor.Username + " is not created: " + err.Error())
|
|
|
|
w.WriteHeader(http.StatusBadRequest)
|
2021-12-15 22:22:52 +01:00
|
|
|
return
|
2019-07-09 18:11:01 +02:00
|
|
|
}
|
2017-07-26 07:55:34 +02:00
|
|
|
|
2020-12-03 14:51:15 +01:00
|
|
|
helpers.WriteJSON(w, http.StatusCreated, newUser)
|
2016-04-10 20:03:12 +02:00
|
|
|
}
|
|
|
|
|
2019-07-09 18:14:06 +02:00
|
|
|
func getUserMiddleware(next http.Handler) http.Handler {
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
2020-12-03 14:51:15 +01:00
|
|
|
userID, err := helpers.GetIntParam("user_id", w, r)
|
2020-12-01 20:06:49 +01:00
|
|
|
|
2019-07-09 18:14:06 +02:00
|
|
|
if err != nil {
|
2019-07-09 14:56:03 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-12-03 14:51:15 +01:00
|
|
|
user, err := helpers.Store(r).GetUser(userID)
|
2020-12-01 20:06:49 +01:00
|
|
|
|
|
|
|
if err != nil {
|
2020-12-17 15:00:05 +01:00
|
|
|
helpers.WriteError(w, err)
|
|
|
|
return
|
2019-07-09 18:14:06 +02:00
|
|
|
}
|
|
|
|
|
2020-12-04 23:41:26 +01:00
|
|
|
editor := context.Get(r, "user").(*db.User)
|
2020-12-01 20:06:49 +01:00
|
|
|
|
2019-07-09 18:14:06 +02:00
|
|
|
if !editor.Admin && editor.ID != user.ID {
|
|
|
|
log.Warn(editor.Username + " is not permitted to edit users")
|
|
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
|
|
return
|
|
|
|
}
|
2019-07-09 14:56:03 +02:00
|
|
|
|
2019-07-09 18:14:06 +02:00
|
|
|
context.Set(r, "_user", user)
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
})
|
2016-04-10 20:03:12 +02:00
|
|
|
}
|
|
|
|
|
2019-07-09 18:11:01 +02:00
|
|
|
func updateUser(w http.ResponseWriter, r *http.Request) {
|
2020-12-04 23:41:26 +01:00
|
|
|
oldUser := context.Get(r, "_user").(db.User)
|
|
|
|
editor := context.Get(r, "user").(*db.User)
|
2019-07-09 18:11:01 +02:00
|
|
|
|
2021-03-12 22:13:39 +01:00
|
|
|
var user db.UserWithPwd
|
2020-12-03 14:51:15 +01:00
|
|
|
if !helpers.Bind(w, r, &user) {
|
2019-07-09 18:11:01 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if !editor.Admin && editor.ID != oldUser.ID {
|
|
|
|
log.Warn(editor.Username + " is not permitted to edit users")
|
|
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if editor.ID == oldUser.ID && oldUser.Admin != user.Admin {
|
|
|
|
log.Warn("User can't edit his own role")
|
|
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if oldUser.External && oldUser.Username != user.Username {
|
|
|
|
log.Warn("Username is not editable for external LDAP users")
|
|
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-12-03 14:51:15 +01:00
|
|
|
user.ID = oldUser.ID
|
|
|
|
if err := helpers.Store(r).UpdateUser(user); err != nil {
|
2020-10-02 22:10:41 +02:00
|
|
|
log.Error(err.Error())
|
|
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
|
|
return
|
2019-07-09 18:11:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
2016-05-23 21:29:38 +02:00
|
|
|
}
|
|
|
|
|
2019-07-09 18:11:01 +02:00
|
|
|
func updateUserPassword(w http.ResponseWriter, r *http.Request) {
|
2020-12-04 23:41:26 +01:00
|
|
|
user := context.Get(r, "_user").(db.User)
|
|
|
|
editor := context.Get(r, "user").(*db.User)
|
2019-07-09 18:11:01 +02:00
|
|
|
|
|
|
|
var pwd struct {
|
|
|
|
Pwd string `json:"password"`
|
|
|
|
}
|
|
|
|
|
|
|
|
if !editor.Admin && editor.ID != user.ID {
|
|
|
|
log.Warn(editor.Username + " is not permitted to edit users")
|
|
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if user.External {
|
|
|
|
log.Warn("Password is not editable for external LDAP users")
|
|
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-12-03 14:51:15 +01:00
|
|
|
if !helpers.Bind(w, r, &pwd) {
|
2019-07-09 18:11:01 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-12-03 14:51:15 +01:00
|
|
|
if err := helpers.Store(r).SetUserPassword(user.ID, pwd.Pwd); err != nil {
|
2020-12-01 20:06:49 +01:00
|
|
|
util.LogWarning(err)
|
|
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
|
|
return
|
2019-07-09 18:11:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
|
|
}
|
2019-07-09 14:56:03 +02:00
|
|
|
|
2019-07-09 18:11:01 +02:00
|
|
|
func deleteUser(w http.ResponseWriter, r *http.Request) {
|
2020-12-04 23:41:26 +01:00
|
|
|
user := context.Get(r, "_user").(db.User)
|
|
|
|
editor := context.Get(r, "user").(*db.User)
|
2017-07-26 07:55:34 +02:00
|
|
|
|
2019-07-09 18:11:01 +02:00
|
|
|
if !editor.Admin && editor.ID != user.ID {
|
|
|
|
log.Warn(editor.Username + " is not permitted to delete users")
|
|
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
|
|
return
|
|
|
|
}
|
2016-05-23 21:29:38 +02:00
|
|
|
|
2020-12-03 14:51:15 +01:00
|
|
|
if err := helpers.Store(r).DeleteUser(user.ID); err != nil {
|
2020-12-01 20:06:49 +01:00
|
|
|
w.WriteHeader(http.StatusInternalServerError)
|
2019-07-09 18:11:01 +02:00
|
|
|
}
|
2016-04-10 20:03:12 +02:00
|
|
|
|
2019-07-09 18:11:01 +02:00
|
|
|
w.WriteHeader(http.StatusNoContent)
|
2016-04-10 20:03:12 +02:00
|
|
|
}
|