diff options
author | Azul <azul@riseup.net> | 2016-10-20 14:39:33 +0200 |
---|---|---|
committer | Azul <azul@riseup.net> | 2016-10-20 14:39:33 +0200 |
commit | b97daaed9b513006ace7e8eb5232a2211e965e77 (patch) | |
tree | e27002e8368e92410e5d4af2a945260c2ea6e2d1 /app/controllers/api/users_controller.rb | |
parent | c6c4d9fd10b8ca8e24889112727e44c9bf68dd60 (diff) | |
parent | 6eb2dae802e5453e2a4361ab28f614cce9294f4c (diff) |
Merge remote-tracking branch 'origin/develop'
We'll only use the master branch for development from now on.
Diffstat (limited to 'app/controllers/api/users_controller.rb')
-rw-r--r-- | app/controllers/api/users_controller.rb | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb new file mode 100644 index 0000000..709e076 --- /dev/null +++ b/app/controllers/api/users_controller.rb @@ -0,0 +1,94 @@ +module Api + class UsersController < ApiController + include ControllerExtension::FetchUser + + # allow optional access to this controller using API auth tokens: + before_filter :token_authenticate + + before_filter :fetch_user, :only => [:update, :destroy] + before_filter :require_monitor, :only => [:index, :show] + before_filter :require_login, :only => [:index, :update, :destroy] + + respond_to :json + + # used for autocomplete for admins in the web ui + def index + if params[:query] + @users = User.login_starts_with(params[:query]) + respond_with @users.map(&:login).sort + else + render :json => {'error' => 'query required', 'status' => :unprocessable_entity} + end + end + + def show + if params[:login] + @user = User.find_by_login(params[:login]) + elsif params[:id] + @user = User.find(params[:id]) + end + if @user + respond_with user_response + else + not_found + end + end + + def user_response + @user.to_hash.tap do |user_hash| + if @user == current_user + user_hash['is_admin'] = @user.is_admin? + end + end + end + + def create + if current_user.is_monitor? + create_test_account + elsif APP_CONFIG[:allow_registration] + create_account + else + head :forbidden + end + end + + def update + @user.account.update params[:user] + respond_with @user + end + + def destroy + @user.account.destroy(release_handles) + if @user == current_user + logout + end + render :json => {'success' => 'user deleted'} + end + + private + + def release_handles + current_user.is_monitor? || params[:identities] == "destroy" + end + + # tester auth can only create test users. + def create_test_account + if User::is_test?(params[:user][:login]) + @user = Account.create(params[:user], :invite_required => false) + respond_with @user + else + head :forbidden + end + end + + def create_account + if APP_CONFIG[:allow_registration] + @user = Account.create(params[:user]) + respond_with @user # return ID instead? + else + head :forbidden + end + end + + end +end |