diff options
Diffstat (limited to 'api4')
| -rw-r--r-- | api4/user.go | 27 | ||||
| -rw-r--r-- | api4/user_test.go | 67 |
2 files changed, 94 insertions, 0 deletions
diff --git a/api4/user.go b/api4/user.go index d8d071cd2..e394b9661 100644 --- a/api4/user.go +++ b/api4/user.go @@ -21,6 +21,7 @@ func InitUser() { BaseRoutes.User.Handle("", ApiSessionRequired(getUser)).Methods("GET") BaseRoutes.User.Handle("", ApiSessionRequired(updateUser)).Methods("PUT") + BaseRoutes.User.Handle("/patch", ApiSessionRequired(patchUser)).Methods("PUT") BaseRoutes.User.Handle("", ApiSessionRequired(deleteUser)).Methods("DELETE") BaseRoutes.User.Handle("/roles", ApiSessionRequired(updateUserRoles)).Methods("PUT") BaseRoutes.User.Handle("/password", ApiSessionRequired(updatePassword)).Methods("PUT") @@ -255,6 +256,32 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { } } +func patchUser(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireUserId() + if c.Err != nil { + return + } + + patch := model.UserPatchFromJson(r.Body) + if patch == nil { + c.SetInvalidParam("user") + return + } + + if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + if ruser, err := app.PatchUser(c.Params.UserId, patch, c.GetSiteURL(), c.IsSystemAdmin()); err != nil { + c.Err = err + return + } else { + c.LogAudit("") + w.Write([]byte(ruser.ToJson())) + } +} + func deleteUser(c *Context, w http.ResponseWriter, r *http.Request) { c.RequireUserId() if c.Err != nil { diff --git a/api4/user_test.go b/api4/user_test.go index 79589bdad..771a53cbe 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -349,6 +349,73 @@ func TestUpdateUser(t *testing.T) { CheckNoError(t, resp) } +func TestPatchUser(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + user := th.CreateUser() + Client.Login(user.Email, user.Password) + + patch := &model.UserPatch{} + + patch.Nickname = new(string) + *patch.Nickname = "Joram Wilander" + patch.FirstName = new(string) + *patch.FirstName = "Joram" + patch.LastName = new(string) + *patch.LastName = "Wilander" + patch.Position = new(string) + + ruser, resp := Client.PatchUser(user.Id, patch) + CheckNoError(t, resp) + CheckUserSanitization(t, ruser) + + if ruser.Nickname != "Joram Wilander" { + t.Fatal("Nickname did not update properly") + } + if ruser.FirstName != "Joram" { + t.Fatal("FirstName did not update properly") + } + if ruser.LastName != "Wilander" { + t.Fatal("LastName did not update properly") + } + if ruser.Position != "" { + t.Fatal("Position did not update properly") + } + if ruser.Username != user.Username { + t.Fatal("Username should not have updated") + } + + _, resp = Client.PatchUser("junk", patch) + CheckBadRequestStatus(t, resp) + + ruser.Id = model.NewId() + _, resp = Client.PatchUser(model.NewId(), patch) + CheckForbiddenStatus(t, resp) + + if r, err := Client.DoApiPut("/users/"+user.Id+"/patch", "garbage"); err == nil { + t.Fatal("should have errored") + } else { + if r.StatusCode != http.StatusBadRequest { + t.Log("actual: " + strconv.Itoa(r.StatusCode)) + t.Log("expected: " + strconv.Itoa(http.StatusBadRequest)) + t.Fatal("wrong status code") + } + } + + Client.Logout() + _, resp = Client.PatchUser(user.Id, patch) + CheckUnauthorizedStatus(t, resp) + + th.LoginBasic() + _, resp = Client.PatchUser(user.Id, patch) + CheckForbiddenStatus(t, resp) + + _, resp = th.SystemAdminClient.PatchUser(user.Id, patch) + CheckNoError(t, resp) +} + func TestDeleteUser(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() Client := th.Client |