users.rb 14 KB
Newer Older
1
module API
2 3 4 5
  # Users API
  class Users < Grape::API
    before { authenticate! }

6
    resource :users, requirements: { uid: /[0-9]*/, id: /[0-9]*/ } do
7 8 9 10
      # Get a users list
      #
      # Example Request:
      #  GET /users
11 12
      #  GET /users?search=Admin
      #  GET /users?username=root
13
      get do
14
        unless can?(current_user, :read_users_list, nil)
Felipe Artur's avatar
Felipe Artur committed
15 16 17
          render_api_error!("Not authorized.", 403)
        end

18 19 20 21 22 23 24 25
        if params[:username].present?
          @users = User.where(username: params[:username])
        else
          @users = User.all
          @users = @users.active if params[:active].present?
          @users = @users.search(params[:search]) if params[:search].present?
          @users = paginate @users
        end
26 27 28 29 30 31

        if current_user.is_admin?
          present @users, with: Entities::UserFull
        else
          present @users, with: Entities::UserBasic
        end
32 33 34 35 36 37 38 39 40 41
      end

      # Get a single user
      #
      # Parameters:
      #   id (required) - The ID of a user
      # Example Request:
      #   GET /users/:id
      get ":id" do
        @user = User.find(params[:id])
42

Felipe Artur's avatar
Felipe Artur committed
43
        if current_user && current_user.is_admin?
44
          present @user, with: Entities::UserFull
Felipe Artur's avatar
Felipe Artur committed
45
        elsif can?(current_user, :read_user, @user)
46
          present @user, with: Entities::User
Felipe Artur's avatar
Felipe Artur committed
47 48
        else
          render_api_error!("User not found.", 404)
49
        end
50
      end
51

52 53 54 55 56
      # Create user. Available only for admin
      #
      # Parameters:
      #   email (required)                  - Email
      #   password (required)               - Password
57 58
      #   name (required)                   - Name
      #   username (required)               - Name
59
      #   skype                             - Skype ID
Valeriy Sizov's avatar
Valeriy Sizov committed
60
      #   linkedin                          - Linkedin
61
      #   twitter                           - Twitter account
Jerome Dalbert's avatar
Jerome Dalbert committed
62
      #   website_url                       - Website url
63
      #   organization                      - Organization
64
      #   projects_limit                    - Number of projects user can create
65 66 67
      #   extern_uid                        - External authentication provider UID
      #   provider                          - External provider
      #   bio                               - Bio
68
      #   location                          - Location of the user
69 70
      #   admin                             - User is admin - true or false (default)
      #   can_create_group                  - User can create groups - true or false
71
      #   confirm                           - Require user confirmation - true (default) or false
72
      #   external                          - Flags the user as external - true or false(default)
73 74 75 76
      # Example Request:
      #   POST /users
      post do
        authenticated_as_admin!
77
        required_attributes! [:email, :password, :name, :username]
78
        attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :bio, :location, :can_create_group, :admin, :confirm, :external, :organization]
79
        admin = attrs.delete(:admin)
80
        confirm = !(attrs.delete(:confirm) =~ /(false|f|no|0)$/i)
81 82
        user = User.build_user(attrs)
        user.admin = admin unless admin.nil?
83
        user.skip_confirmation! unless confirm
84
        identity_attrs = attributes_for_keys [:provider, :extern_uid]
Zeger-Jan van de Weg's avatar
Zeger-Jan van de Weg committed
85

86 87 88 89
        if identity_attrs.any?
          user.identities.build(identity_attrs)
        end

90
        if user.save
91
          present user, with: Entities::UserFull
92
        else
93 94 95 96 97 98 99 100 101
          conflict!('Email has already been taken') if User.
              where(email: user.email).
              count > 0

          conflict!('Username has already been taken') if User.
              where(username: user.username).
              count > 0

          render_validation_error!(user)
102 103
        end
      end
104 105 106 107 108 109 110 111 112 113

      # Update user. Available only for admin
      #
      # Parameters:
      #   email                             - Email
      #   name                              - Name
      #   password                          - Password
      #   skype                             - Skype ID
      #   linkedin                          - Linkedin
      #   twitter                           - Twitter account
Jerome Dalbert's avatar
Jerome Dalbert committed
114
      #   website_url                       - Website url
115
      #   organization                      - Organization
Kevin Lyda's avatar
Kevin Lyda committed
116
      #   projects_limit                    - Limit projects each user can create
117
      #   bio                               - Bio
118
      #   location                          - Location of the user
119 120
      #   admin                             - User is admin - true or false (default)
      #   can_create_group                  - User can create groups - true or false
121
      #   external                          - Flags the user as external - true or false(default)
122 123 124 125
      # Example Request:
      #   PUT /users/:id
      put ":id" do
        authenticated_as_admin!
126

127
        attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :website_url, :projects_limit, :username, :bio, :location, :can_create_group, :admin, :external, :organization]
128
        user = User.find(params[:id])
129
        not_found!('User') unless user
130

131 132
        admin = attrs.delete(:admin)
        user.admin = admin unless admin.nil?
133 134 135 136 137 138 139 140 141

        conflict!('Email has already been taken') if attrs[:email] &&
            User.where(email: attrs[:email]).
                where.not(id: user.id).count > 0

        conflict!('Username has already been taken') if attrs[:username] &&
            User.where(username: attrs[:username]).
                where.not(id: user.id).count > 0

142 143 144 145 146 147 148 149 150 151 152
        identity_attrs = attributes_for_keys [:provider, :extern_uid]
        if identity_attrs.any?
          identity = user.identities.find_by(provider: identity_attrs[:provider])
          if identity
            identity.update_attributes(identity_attrs)
          else
            identity = user.identities.build(identity_attrs)
            identity.save
          end
        end

153
        if user.update_attributes(attrs)
154
          present user, with: Entities::UserFull
155
        else
156
          render_validation_error!(user)
157 158 159
        end
      end

Angus MacArthur's avatar
Angus MacArthur committed
160 161 162
      # Add ssh key to a specified user. Only available to admin users.
      #
      # Parameters:
Douwe Maan's avatar
Douwe Maan committed
163 164 165
      #   id (required) - The ID of a user
      #   key (required) - New SSH Key
      #   title (required) - New SSH Key's title
Angus MacArthur's avatar
Angus MacArthur committed
166
      # Example Request:
Douwe Maan's avatar
Douwe Maan committed
167
      #   POST /users/:id/keys
Angus MacArthur's avatar
Angus MacArthur committed
168 169
      post ":id/keys" do
        authenticated_as_admin!
170 171
        required_attributes! [:title, :key]

Angus MacArthur's avatar
Angus MacArthur committed
172 173 174 175 176 177
        user = User.find(params[:id])
        attrs = attributes_for_keys [:title, :key]
        key = user.keys.new attrs
        if key.save
          present key, with: Entities::SSHKey
        else
178
          render_validation_error!(key)
Angus MacArthur's avatar
Angus MacArthur committed
179 180 181
        end
      end

182 183 184
      # Get ssh keys of a specified user. Only available to admin users.
      #
      # Parameters:
Douwe Maan's avatar
Douwe Maan committed
185
      #   uid (required) - The ID of a user
186
      # Example Request:
Douwe Maan's avatar
Douwe Maan committed
187
      #   GET /users/:uid/keys
188 189 190
      get ':uid/keys' do
        authenticated_as_admin!
        user = User.find_by(id: params[:uid])
191 192 193
        not_found!('User') unless user

        present user.keys, with: Entities::SSHKey
194 195 196 197 198 199 200 201 202 203 204 205 206
      end

      # Delete existing ssh key of a specified user. Only available to admin
      # users.
      #
      # Parameters:
      #   uid (required) - The ID of a user
      #   id (required) - SSH Key ID
      # Example Request:
      #   DELETE /users/:uid/keys/:id
      delete ':uid/keys/:id' do
        authenticated_as_admin!
        user = User.find_by(id: params[:uid])
207 208 209 210 211 212 213
        not_found!('User') unless user

        begin
          key = user.keys.find params[:id]
          key.destroy
        rescue ActiveRecord::RecordNotFound
          not_found!('Key')
214 215 216
        end
      end

217 218 219
      # Add email to a specified user. Only available to admin users.
      #
      # Parameters:
Douwe Maan's avatar
Douwe Maan committed
220 221
      #   id (required) - The ID of a user
      #   email (required) - Email address
222
      # Example Request:
Douwe Maan's avatar
Douwe Maan committed
223
      #   POST /users/:id/emails
224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241
      post ":id/emails" do
        authenticated_as_admin!
        required_attributes! [:email]

        user = User.find(params[:id])
        attrs = attributes_for_keys [:email]
        email = user.emails.new attrs
        if email.save
          NotificationService.new.new_email(email)
          present email, with: Entities::Email
        else
          render_validation_error!(email)
        end
      end

      # Get emails of a specified user. Only available to admin users.
      #
      # Parameters:
Douwe Maan's avatar
Douwe Maan committed
242
      #   uid (required) - The ID of a user
243
      # Example Request:
Douwe Maan's avatar
Douwe Maan committed
244
      #   GET /users/:uid/emails
245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275
      get ':uid/emails' do
        authenticated_as_admin!
        user = User.find_by(id: params[:uid])
        not_found!('User') unless user

        present user.emails, with: Entities::Email
      end

      # Delete existing email of a specified user. Only available to admin
      # users.
      #
      # Parameters:
      #   uid (required) - The ID of a user
      #   id (required) - Email ID
      # Example Request:
      #   DELETE /users/:uid/emails/:id
      delete ':uid/emails/:id' do
        authenticated_as_admin!
        user = User.find_by(id: params[:uid])
        not_found!('User') unless user

        begin
          email = user.emails.find params[:id]
          email.destroy

          user.update_secondary_emails!
        rescue ActiveRecord::RecordNotFound
          not_found!('Email')
        end
      end

276 277 278 279 280 281
      # Delete user. Available only for admin
      #
      # Example Request:
      #   DELETE /users/:id
      delete ":id" do
        authenticated_as_admin!
skv's avatar
skv committed
282
        user = User.find_by(id: params[:id])
283 284

        if user
285
          DeleteUserService.new(current_user).execute(user)
286
        else
287
          not_found!('User')
288 289
        end
      end
290 291 292 293 294 295 296 297 298

      # Block user. Available only for admin
      #
      # Example Request:
      #   PUT /users/:id/block
      put ':id/block' do
        authenticated_as_admin!
        user = User.find_by(id: params[:id])

299 300 301
        if !user
          not_found!('User')
        elsif !user.ldap_blocked?
302 303
          user.block
        else
304
          forbidden!('LDAP blocked users cannot be modified by the API')
305 306 307 308 309 310 311 312 313 314 315
        end
      end

      # Unblock user. Available only for admin
      #
      # Example Request:
      #   PUT /users/:id/unblock
      put ':id/unblock' do
        authenticated_as_admin!
        user = User.find_by(id: params[:id])

316 317
        if !user
          not_found!('User')
Gabriel Mazetto's avatar
Gabriel Mazetto committed
318
        elsif user.ldap_blocked?
319
          forbidden!('LDAP blocked users cannot be unblocked by the API')
Gabriel Mazetto's avatar
Gabriel Mazetto committed
320 321
        else
          user.activate
322 323
        end
      end
324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343

      desc 'Get contribution events of a specified user' do
        detail 'This feature was introduced in GitLab 8.13.'
        success Entities::Event
      end
      params do
        requires :id, type: String, desc: 'The user ID'
      end
      get ':id/events' do
        user = User.find_by(id: declared(params).id)
        not_found!('User') unless user

        events = user.recent_events.
          merge(ProjectsFinder.new.execute(current_user)).
          references(:project).
          with_associations.
          page(params[:page])

        present paginate(events), with: Entities::Event
      end
344 345
    end

346 347 348 349 350 351
    resource :user do
      # Get currently authenticated user
      #
      # Example Request:
      #   GET /user
      get do
352
        present @current_user, with: Entities::UserFull
353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379
      end

      # Get currently authenticated user's keys
      #
      # Example Request:
      #   GET /user/keys
      get "keys" do
        present current_user.keys, with: Entities::SSHKey
      end

      # Get single key owned by currently authenticated user
      #
      # Example Request:
      #   GET /user/keys/:id
      get "keys/:id" do
        key = current_user.keys.find params[:id]
        present key, with: Entities::SSHKey
      end

      # Add new ssh key to currently authenticated user
      #
      # Parameters:
      #   key (required) - New SSH Key
      #   title (required) - New SSH Key's title
      # Example Request:
      #   POST /user/keys
      post "keys" do
380
        required_attributes! [:title, :key]
381

382 383 384 385 386
        attrs = attributes_for_keys [:title, :key]
        key = current_user.keys.new attrs
        if key.save
          present key, with: Entities::SSHKey
        else
387
          render_validation_error!(key)
388 389 390
        end
      end

391
      # Delete existing ssh key of currently authenticated user
392 393 394 395 396 397
      #
      # Parameters:
      #   id (required) - SSH Key ID
      # Example Request:
      #   DELETE /user/keys/:id
      delete "keys/:id" do
398 399
        begin
          key = current_user.keys.find params[:id]
400
          key.destroy
401 402
        rescue
        end
403
      end
404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455

      # Get currently authenticated user's emails
      #
      # Example Request:
      #   GET /user/emails
      get "emails" do
        present current_user.emails, with: Entities::Email
      end

      # Get single email owned by currently authenticated user
      #
      # Example Request:
      #   GET /user/emails/:id
      get "emails/:id" do
        email = current_user.emails.find params[:id]
        present email, with: Entities::Email
      end

      # Add new email to currently authenticated user
      #
      # Parameters:
      #   email (required) - Email address
      # Example Request:
      #   POST /user/emails
      post "emails" do
        required_attributes! [:email]

        attrs = attributes_for_keys [:email]
        email = current_user.emails.new attrs
        if email.save
          NotificationService.new.new_email(email)
          present email, with: Entities::Email
        else
          render_validation_error!(email)
        end
      end

      # Delete existing email of currently authenticated user
      #
      # Parameters:
      #   id (required) - EMail ID
      # Example Request:
      #   DELETE /user/emails/:id
      delete "emails/:id" do
        begin
          email = current_user.emails.find params[:id]
          email.destroy

          current_user.update_secondary_emails!
        rescue
        end
      end
456 457 458
    end
  end
end