diff options
| -rw-r--r-- | api4/user.go | 32 | ||||
| -rw-r--r-- | api4/user_test.go | 43 | ||||
| -rw-r--r-- | model/client4.go | 13 |
3 files changed, 88 insertions, 0 deletions
diff --git a/api4/user.go b/api4/user.go index 05216ff40..70182c1ab 100644 --- a/api4/user.go +++ b/api4/user.go @@ -32,6 +32,7 @@ func InitUser() { BaseRoutes.User.Handle("/patch", ApiSessionRequired(patchUser)).Methods("PUT") BaseRoutes.User.Handle("", ApiSessionRequired(deleteUser)).Methods("DELETE") BaseRoutes.User.Handle("/roles", ApiSessionRequired(updateUserRoles)).Methods("PUT") + BaseRoutes.User.Handle("/active", ApiSessionRequired(updateUserActive)).Methods("PUT") BaseRoutes.User.Handle("/password", ApiSessionRequired(updatePassword)).Methods("PUT") BaseRoutes.Users.Handle("/password/reset", ApiHandler(resetPassword)).Methods("POST") BaseRoutes.Users.Handle("/password/reset/send", ApiHandler(sendPasswordReset)).Methods("POST") @@ -587,6 +588,37 @@ func updateUserRoles(c *Context, w http.ResponseWriter, r *http.Request) { ReturnStatusOK(w) } +func updateUserActive(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireUserId() + if c.Err != nil { + return + } + + props := model.StringInterfaceFromJson(r.Body) + + active, ok := props["active"].(bool) + if !ok { + c.SetInvalidParam("active") + return + } + + // true when you're trying to de-activate yourself + isSelfDeactive := !active && c.Params.UserId == c.Session.UserId + + if !isSelfDeactive && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.Err = model.NewLocAppError("updateUserActive", "api.user.update_active.permissions.app_error", nil, "userId="+c.Params.UserId) + c.Err.StatusCode = http.StatusForbidden + return + } + + if ruser, err := app.UpdateActiveNoLdap(c.Params.UserId, active); err != nil { + c.Err = err + } else { + c.LogAuditWithUserId(ruser.Id, fmt.Sprintf("active=%v", active)) + ReturnStatusOK(w) + } +} + func checkUserMfa(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJson(r.Body) diff --git a/api4/user_test.go b/api4/user_test.go index 2ff665c8a..95271984c 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -850,6 +850,49 @@ func TestUpdateUserRoles(t *testing.T) { CheckBadRequestStatus(t, resp) } +func TestUpdateUserActive(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + Client := th.Client + SystemAdminClient := th.SystemAdminClient + user := th.BasicUser + + pass, resp := Client.UpdateUserActive(user.Id, false) + CheckNoError(t, resp) + + if !pass { + t.Fatal("should have returned true") + } + + pass, resp = Client.UpdateUserActive(user.Id, false) + CheckUnauthorizedStatus(t, resp) + + if pass { + t.Fatal("should have returned false") + } + + th.LoginBasic2() + + _, resp = Client.UpdateUserActive(user.Id, true) + CheckForbiddenStatus(t, resp) + + _, resp = Client.UpdateUserActive(GenerateTestId(), true) + CheckForbiddenStatus(t, resp) + + _, resp = Client.UpdateUserActive("junk", true) + CheckBadRequestStatus(t, resp) + + Client.Logout() + + _, resp = Client.UpdateUserActive(user.Id, true) + CheckUnauthorizedStatus(t, resp) + + _, resp = SystemAdminClient.UpdateUserActive(user.Id, true) + CheckNoError(t, resp) + + _, resp = SystemAdminClient.UpdateUserActive(user.Id, false) + CheckNoError(t, resp) +} + func TestGetUsers(t *testing.T) { th := Setup().InitBasic() defer TearDown() diff --git a/model/client4.go b/model/client4.go index 9fda40aca..ad3ff51a4 100644 --- a/model/client4.go +++ b/model/client4.go @@ -693,6 +693,19 @@ func (c *Client4) UpdateUserRoles(userId, roles string) (bool, *Response) { } } +// UpdateUserActive updates status of a user whether active or not. +func (c *Client4) UpdateUserActive(userId string, active bool) (bool, *Response) { + requestBody := make(map[string]interface{}) + requestBody["active"] = active + + if r, err := c.DoApiPut(c.GetUserRoute(userId)+"/active", StringInterfaceToJson(requestBody)); err != nil { + return false, &Response{StatusCode: r.StatusCode, Error: err} + } else { + defer closeBody(r) + return CheckStatusOK(r), BuildResponse(r) + } +} + // DeleteUser deactivates a user in the system based on the provided user id string. func (c *Client4) DeleteUser(userId string) (bool, *Response) { if r, err := c.DoApiDelete(c.GetUserRoute(userId)); err != nil { |