PageRenderTime 61ms CodeModel.GetById 27ms RepoModel.GetById 0ms app.codeStats 0ms

/lib/api/users.rb

https://gitlab.com/sbeleidy/gitlab-ee
Ruby | 438 lines | 237 code | 48 blank | 153 comment | 25 complexity | 885b881e56bbf920bc43e984215ab749 MD5 | raw file
  1. module API
  2. # Users API
  3. class Users < Grape::API
  4. before { authenticate! }
  5. resource :users, requirements: { uid: /[0-9]*/, id: /[0-9]*/ } do
  6. # Get a users list
  7. #
  8. # Example Request:
  9. # GET /users
  10. # GET /users?search=Admin
  11. # GET /users?username=root
  12. get do
  13. unless can?(current_user, :read_users_list, nil)
  14. render_api_error!("Not authorized.", 403)
  15. end
  16. if params[:username].present?
  17. @users = User.where(username: params[:username])
  18. else
  19. skip_ldap = params[:skip_ldap].present? && params[:skip_ldap] == 'true'
  20. @users = User.all
  21. @users = @users.active if params[:active].present?
  22. @users = @users.non_ldap if skip_ldap
  23. @users = @users.search(params[:search]) if params[:search].present?
  24. @users = paginate @users
  25. end
  26. if current_user.is_admin?
  27. present @users, with: Entities::UserFull
  28. else
  29. present @users, with: Entities::UserBasic
  30. end
  31. end
  32. # Get a single user
  33. #
  34. # Parameters:
  35. # id (required) - The ID of a user
  36. # Example Request:
  37. # GET /users/:id
  38. get ":id" do
  39. @user = User.find(params[:id])
  40. if current_user && current_user.is_admin?
  41. present @user, with: Entities::UserFull
  42. elsif can?(current_user, :read_user, @user)
  43. present @user, with: Entities::User
  44. else
  45. render_api_error!("User not found.", 404)
  46. end
  47. end
  48. # Create user. Available only for admin
  49. #
  50. # Parameters:
  51. # email (required) - Email
  52. # password (required) - Password
  53. # name (required) - Name
  54. # username (required) - Name
  55. # skype - Skype ID
  56. # linkedin - Linkedin
  57. # twitter - Twitter account
  58. # website_url - Website url
  59. # projects_limit - Number of projects user can create
  60. # extern_uid - External authentication provider UID
  61. # provider - External provider
  62. # bio - Bio
  63. # location - Location of the user
  64. # admin - User is admin - true or false (default)
  65. # can_create_group - User can create groups - true or false
  66. # confirm - Require user confirmation - true (default) or false
  67. # external - Flags the user as external - true or false(default)
  68. # Example Request:
  69. # POST /users
  70. post do
  71. authenticated_as_admin!
  72. required_attributes! [:email, :password, :name, :username]
  73. attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :bio, :location, :can_create_group, :admin, :confirm, :external]
  74. admin = attrs.delete(:admin)
  75. confirm = !(attrs.delete(:confirm) =~ (/(false|f|no|0)$/i))
  76. user = User.build_user(attrs)
  77. user.admin = admin unless admin.nil?
  78. user.skip_confirmation! unless confirm
  79. identity_attrs = attributes_for_keys [:provider, :extern_uid]
  80. if identity_attrs.any?
  81. user.identities.build(identity_attrs)
  82. end
  83. if user.save
  84. present user, with: Entities::UserFull
  85. else
  86. conflict!('Email has already been taken') if User.
  87. where(email: user.email).
  88. count > 0
  89. conflict!('Username has already been taken') if User.
  90. where(username: user.username).
  91. count > 0
  92. render_validation_error!(user)
  93. end
  94. end
  95. # Update user. Available only for admin
  96. #
  97. # Parameters:
  98. # email - Email
  99. # name - Name
  100. # password - Password
  101. # skype - Skype ID
  102. # linkedin - Linkedin
  103. # twitter - Twitter account
  104. # website_url - Website url
  105. # projects_limit - Limit projects each user can create
  106. # bio - Bio
  107. # location - Location of the user
  108. # admin - User is admin - true or false (default)
  109. # can_create_group - User can create groups - true or false
  110. # external - Flags the user as external - true or false(default)
  111. # Example Request:
  112. # PUT /users/:id
  113. put ":id" do
  114. authenticated_as_admin!
  115. attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :website_url, :projects_limit, :username, :bio, :location, :can_create_group, :admin, :external]
  116. user = User.find(params[:id])
  117. not_found!('User') unless user
  118. admin = attrs.delete(:admin)
  119. user.admin = admin unless admin.nil?
  120. conflict!('Email has already been taken') if attrs[:email] &&
  121. User.where(email: attrs[:email]).
  122. where.not(id: user.id).count > 0
  123. conflict!('Username has already been taken') if attrs[:username] &&
  124. User.where(username: attrs[:username]).
  125. where.not(id: user.id).count > 0
  126. identity_attrs = attributes_for_keys [:provider, :extern_uid]
  127. if identity_attrs.any?
  128. identity = user.identities.find_by(provider: identity_attrs[:provider])
  129. if identity
  130. identity.update_attributes(identity_attrs)
  131. else
  132. identity = user.identities.build(identity_attrs)
  133. identity.save
  134. end
  135. end
  136. if user.update_attributes(attrs)
  137. present user, with: Entities::UserFull
  138. else
  139. render_validation_error!(user)
  140. end
  141. end
  142. # Add ssh key to a specified user. Only available to admin users.
  143. #
  144. # Parameters:
  145. # id (required) - The ID of a user
  146. # key (required) - New SSH Key
  147. # title (required) - New SSH Key's title
  148. # Example Request:
  149. # POST /users/:id/keys
  150. post ":id/keys" do
  151. authenticated_as_admin!
  152. required_attributes! [:title, :key]
  153. user = User.find(params[:id])
  154. attrs = attributes_for_keys [:title, :key]
  155. key = user.keys.new attrs
  156. if key.save
  157. present key, with: Entities::SSHKey
  158. else
  159. render_validation_error!(key)
  160. end
  161. end
  162. # Get ssh keys of a specified user. Only available to admin users.
  163. #
  164. # Parameters:
  165. # uid (required) - The ID of a user
  166. # Example Request:
  167. # GET /users/:uid/keys
  168. get ':uid/keys' do
  169. authenticated_as_admin!
  170. user = User.find_by(id: params[:uid])
  171. not_found!('User') unless user
  172. present user.keys, with: Entities::SSHKey
  173. end
  174. # Delete existing ssh key of a specified user. Only available to admin
  175. # users.
  176. #
  177. # Parameters:
  178. # uid (required) - The ID of a user
  179. # id (required) - SSH Key ID
  180. # Example Request:
  181. # DELETE /users/:uid/keys/:id
  182. delete ':uid/keys/:id' do
  183. authenticated_as_admin!
  184. user = User.find_by(id: params[:uid])
  185. not_found!('User') unless user
  186. begin
  187. key = user.keys.find params[:id]
  188. key.destroy
  189. rescue ActiveRecord::RecordNotFound
  190. not_found!('Key')
  191. end
  192. end
  193. # Add email to a specified user. Only available to admin users.
  194. #
  195. # Parameters:
  196. # id (required) - The ID of a user
  197. # email (required) - Email address
  198. # Example Request:
  199. # POST /users/:id/emails
  200. post ":id/emails" do
  201. authenticated_as_admin!
  202. required_attributes! [:email]
  203. user = User.find(params[:id])
  204. attrs = attributes_for_keys [:email]
  205. email = user.emails.new attrs
  206. if email.save
  207. NotificationService.new.new_email(email)
  208. present email, with: Entities::Email
  209. else
  210. render_validation_error!(email)
  211. end
  212. end
  213. # Get emails of a specified user. Only available to admin users.
  214. #
  215. # Parameters:
  216. # uid (required) - The ID of a user
  217. # Example Request:
  218. # GET /users/:uid/emails
  219. get ':uid/emails' do
  220. authenticated_as_admin!
  221. user = User.find_by(id: params[:uid])
  222. not_found!('User') unless user
  223. present user.emails, with: Entities::Email
  224. end
  225. # Delete existing email of a specified user. Only available to admin
  226. # users.
  227. #
  228. # Parameters:
  229. # uid (required) - The ID of a user
  230. # id (required) - Email ID
  231. # Example Request:
  232. # DELETE /users/:uid/emails/:id
  233. delete ':uid/emails/:id' do
  234. authenticated_as_admin!
  235. user = User.find_by(id: params[:uid])
  236. not_found!('User') unless user
  237. begin
  238. email = user.emails.find params[:id]
  239. email.destroy
  240. user.update_secondary_emails!
  241. rescue ActiveRecord::RecordNotFound
  242. not_found!('Email')
  243. end
  244. end
  245. # Delete user. Available only for admin
  246. #
  247. # Example Request:
  248. # DELETE /users/:id
  249. delete ":id" do
  250. authenticated_as_admin!
  251. user = User.find_by(id: params[:id])
  252. if user
  253. DeleteUserService.new(current_user).execute(user)
  254. else
  255. not_found!('User')
  256. end
  257. end
  258. # Block user. Available only for admin
  259. #
  260. # Example Request:
  261. # PUT /users/:id/block
  262. put ':id/block' do
  263. authenticated_as_admin!
  264. user = User.find_by(id: params[:id])
  265. if !user
  266. not_found!('User')
  267. elsif !user.ldap_blocked?
  268. user.block
  269. else
  270. forbidden!('LDAP blocked users cannot be modified by the API')
  271. end
  272. end
  273. # Unblock user. Available only for admin
  274. #
  275. # Example Request:
  276. # PUT /users/:id/unblock
  277. put ':id/unblock' do
  278. authenticated_as_admin!
  279. user = User.find_by(id: params[:id])
  280. if !user
  281. not_found!('User')
  282. elsif user.ldap_blocked?
  283. forbidden!('LDAP blocked users cannot be unblocked by the API')
  284. else
  285. user.activate
  286. end
  287. end
  288. end
  289. resource :user do
  290. # Get currently authenticated user
  291. #
  292. # Example Request:
  293. # GET /user
  294. get do
  295. present @current_user, with: Entities::UserLogin
  296. end
  297. # Get currently authenticated user's keys
  298. #
  299. # Example Request:
  300. # GET /user/keys
  301. get "keys" do
  302. present current_user.keys, with: Entities::SSHKey
  303. end
  304. # Get single key owned by currently authenticated user
  305. #
  306. # Example Request:
  307. # GET /user/keys/:id
  308. get "keys/:id" do
  309. key = current_user.keys.find params[:id]
  310. present key, with: Entities::SSHKey
  311. end
  312. # Add new ssh key to currently authenticated user
  313. #
  314. # Parameters:
  315. # key (required) - New SSH Key
  316. # title (required) - New SSH Key's title
  317. # Example Request:
  318. # POST /user/keys
  319. post "keys" do
  320. required_attributes! [:title, :key]
  321. attrs = attributes_for_keys [:title, :key]
  322. key = current_user.keys.new attrs
  323. if key.save
  324. present key, with: Entities::SSHKey
  325. else
  326. render_validation_error!(key)
  327. end
  328. end
  329. # Delete existing ssh key of currently authenticated user
  330. #
  331. # Parameters:
  332. # id (required) - SSH Key ID
  333. # Example Request:
  334. # DELETE /user/keys/:id
  335. delete "keys/:id" do
  336. begin
  337. key = current_user.keys.find params[:id]
  338. key.destroy
  339. rescue
  340. end
  341. end
  342. # Get currently authenticated user's emails
  343. #
  344. # Example Request:
  345. # GET /user/emails
  346. get "emails" do
  347. present current_user.emails, with: Entities::Email
  348. end
  349. # Get single email owned by currently authenticated user
  350. #
  351. # Example Request:
  352. # GET /user/emails/:id
  353. get "emails/:id" do
  354. email = current_user.emails.find params[:id]
  355. present email, with: Entities::Email
  356. end
  357. # Add new email to currently authenticated user
  358. #
  359. # Parameters:
  360. # email (required) - Email address
  361. # Example Request:
  362. # POST /user/emails
  363. post "emails" do
  364. required_attributes! [:email]
  365. attrs = attributes_for_keys [:email]
  366. email = current_user.emails.new attrs
  367. if email.save
  368. NotificationService.new.new_email(email)
  369. present email, with: Entities::Email
  370. else
  371. render_validation_error!(email)
  372. end
  373. end
  374. # Delete existing email of currently authenticated user
  375. #
  376. # Parameters:
  377. # id (required) - EMail ID
  378. # Example Request:
  379. # DELETE /user/emails/:id
  380. delete "emails/:id" do
  381. begin
  382. email = current_user.emails.find params[:id]
  383. email.destroy
  384. current_user.update_secondary_emails!
  385. rescue
  386. end
  387. end
  388. end
  389. end
  390. end