diff options
Diffstat (limited to 'api4')
-rw-r--r-- | api4/user.go | 111 | ||||
-rw-r--r-- | api4/user_test.go | 27 |
2 files changed, 92 insertions, 46 deletions
diff --git a/api4/user.go b/api4/user.go index 5337cedf0..4c40ef4b4 100644 --- a/api4/user.go +++ b/api4/user.go @@ -36,6 +36,7 @@ func InitUser() { BaseRoutes.User.Handle("/sessions", ApiSessionRequired(getSessions)).Methods("GET") BaseRoutes.User.Handle("/sessions/revoke", ApiSessionRequired(revokeSession)).Methods("POST") + BaseRoutes.User.Handle("/audits", ApiSessionRequired(getAudits)).Methods("GET") } @@ -481,51 +482,71 @@ func Logout(c *Context, w http.ResponseWriter, r *http.Request) { } func getSessions(c *Context, w http.ResponseWriter, r *http.Request) { - c.RequireUserId() - if c.Err != nil { - return - } - - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { - c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) - return - } - - if sessions, err := app.GetSessions(c.Params.UserId); err != nil { - c.Err = err - return - } else { - for _, session := range sessions { - session.Sanitize() - } - - w.Write([]byte(model.SessionsToJson(sessions))) - return - } + c.RequireUserId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + if sessions, err := app.GetSessions(c.Params.UserId); err != nil { + c.Err = err + return + } else { + for _, session := range sessions { + session.Sanitize() + } + + w.Write([]byte(model.SessionsToJson(sessions))) + return + } } func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) { - c.RequireUserId() - if c.Err != nil { - return - } - - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { - c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) - return - } - - props := model.MapFromJson(r.Body) - sessionId := props["session_id"] - - if sessionId == "" { - c.SetInvalidParam("session_id") - } - - if err := app.RevokeSessionById(sessionId); err != nil { - c.Err = err - return - } - - ReturnStatusOK(w) -}
\ No newline at end of file + c.RequireUserId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + props := model.MapFromJson(r.Body) + sessionId := props["session_id"] + + if sessionId == "" { + c.SetInvalidParam("session_id") + } + + if err := app.RevokeSessionById(sessionId); err != nil { + c.Err = err + return + } + + ReturnStatusOK(w) +} + +func getAudits(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireUserId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + if audits, err := app.GetAuditsPage(c.Params.UserId, c.Params.Page, c.Params.PerPage); err != nil { + c.Err = err + return + } else { + w.Write([]byte(audits.ToJson())) + return + } +} diff --git a/api4/user_test.go b/api4/user_test.go index 5fe497d90..07b9745c6 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -811,7 +811,7 @@ func TestGetSessions(t *testing.T) { user := th.BasicUser Client.Login(user.Email, user.Password) - + sessions, resp := Client.GetSessions(user.Id, "") for _, session := range sessions { if session.UserId != user.Id { @@ -899,3 +899,28 @@ func TestRevokeSessions(t *testing.T) { CheckNoError(t, resp) } + +func TestGetAudits(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + user := th.BasicUser + + audits, resp := Client.GetAudits(user.Id, 0, 100, "") + for _, audit := range audits { + if audit.UserId != user.Id { + t.Fatal("user id does not match audit user id") + } + } + CheckNoError(t, resp) + + _, resp = Client.GetAudits(th.BasicUser2.Id, 0, 100, "") + CheckForbiddenStatus(t, resp) + + Client.Logout() + _, resp = Client.GetAudits(user.Id, 0, 100, "") + CheckUnauthorizedStatus(t, resp) + + _, resp = th.SystemAdminClient.GetAudits(user.Id, 0, 100, "") + CheckNoError(t, resp) +} |