From fd3fa8f8dcfa5de42a16db9b62e1d6628f43b0fd Mon Sep 17 00:00:00 2001
From: Adrian Carolli <adrian.caarolli@gmail.com>
Date: Fri, 5 Jan 2018 14:46:48 -0500
Subject: [PLT-7793] Added /users/tokens endpoint (#8038)

* Added /users/tokens/all endpoint

- UserAccessStore now has getAll method
- Added tests
- Added route
- Added handler

* Remove space fix check-style

* Remove blank space check-style

* Fixes for make check-style

* Remove extra code that is un-needed in user_test.go

* Rename endpoint + grammar

- Renamed /users/tokens/all to /users/tokens
- Renamed getUserAccessTokens to getUserAccessTokensForUser
- Renamed getAllUserAccessTokens to getUserAccessTokens
- Minor Grammar changes

* Add localization for sql_user_access_token.get_all

* Fix minor plural spelling
---
 api4/user.go | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'api4/user.go')

diff --git a/api4/user.go b/api4/user.go
index 0b07f8dc7..cd26b00e3 100644
--- a/api4/user.go
+++ b/api4/user.go
@@ -58,7 +58,8 @@ func (api *API) InitUser() {
 	api.BaseRoutes.User.Handle("/audits", api.ApiSessionRequired(getUserAudits)).Methods("GET")
 
 	api.BaseRoutes.User.Handle("/tokens", api.ApiSessionRequired(createUserAccessToken)).Methods("POST")
-	api.BaseRoutes.User.Handle("/tokens", api.ApiSessionRequired(getUserAccessTokens)).Methods("GET")
+	api.BaseRoutes.User.Handle("/tokens", api.ApiSessionRequired(getUserAccessTokensForUser)).Methods("GET")
+	api.BaseRoutes.Users.Handle("/tokens", api.ApiSessionRequired(getUserAccessTokens)).Methods("GET")
 	api.BaseRoutes.Users.Handle("/tokens/{token_id:[A-Za-z0-9]+}", api.ApiSessionRequired(getUserAccessToken)).Methods("GET")
 	api.BaseRoutes.Users.Handle("/tokens/revoke", api.ApiSessionRequired(revokeUserAccessToken)).Methods("POST")
 	api.BaseRoutes.Users.Handle("/tokens/disable", api.ApiSessionRequired(disableUserAccessToken)).Methods("POST")
@@ -1241,6 +1242,21 @@ func createUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
 }
 
 func getUserAccessTokens(c *Context, w http.ResponseWriter, r *http.Request) {
+	if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+		return
+	}
+
+	accessTokens, err := c.App.GetUserAccessTokens(c.Params.Page, c.Params.PerPage)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	w.Write([]byte(model.UserAccessTokenListToJson(accessTokens)))
+}
+
+func getUserAccessTokensForUser(c *Context, w http.ResponseWriter, r *http.Request) {
 	c.RequireUserId()
 	if c.Err != nil {
 		return
-- 
cgit v1.2.3-1-g7c22