2013-05-14 12:33:31 +00:00
|
|
|
module API
|
2012-06-29 10:46:01 +00:00
|
|
|
class Users < Grape::API
|
2016-12-04 17:11:19 +00:00
|
|
|
include PaginationParams
|
|
|
|
|
|
2016-11-22 09:04:23 +00:00
|
|
|
before do
|
|
|
|
|
allow_access_with_scope :read_user if request.get?
|
|
|
|
|
authenticate!
|
|
|
|
|
end
|
2012-06-29 10:46:01 +00:00
|
|
|
|
2015-08-13 13:35:42 +00:00
|
|
|
resource :users, requirements: { uid: /[0-9]*/, id: /[0-9]*/ } do
|
2016-10-27 08:20:06 +00:00
|
|
|
helpers do
|
2017-02-23 17:47:06 +00:00
|
|
|
def find_user(params)
|
|
|
|
|
user = User.find_by(id: params[:id])
|
|
|
|
|
user ? user : not_found!('User')
|
|
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
params :optional_attributes do
|
|
|
|
|
optional :skype, type: String, desc: 'The Skype username'
|
|
|
|
|
optional :linkedin, type: String, desc: 'The LinkedIn username'
|
|
|
|
|
optional :twitter, type: String, desc: 'The Twitter username'
|
|
|
|
|
optional :website_url, type: String, desc: 'The website of the user'
|
|
|
|
|
optional :organization, type: String, desc: 'The organization of the user'
|
|
|
|
|
optional :projects_limit, type: Integer, desc: 'The number of projects a user can create'
|
2017-01-03 07:44:33 +00:00
|
|
|
optional :extern_uid, type: String, desc: 'The external authentication provider UID'
|
2016-10-27 08:20:06 +00:00
|
|
|
optional :provider, type: String, desc: 'The external provider'
|
|
|
|
|
optional :bio, type: String, desc: 'The biography of the user'
|
|
|
|
|
optional :location, type: String, desc: 'The location of the user'
|
|
|
|
|
optional :admin, type: Boolean, desc: 'Flag indicating the user is an administrator'
|
|
|
|
|
optional :can_create_group, type: Boolean, desc: 'Flag indicating the user can create groups'
|
|
|
|
|
optional :confirm, type: Boolean, desc: 'Flag indicating the account needs to be confirmed'
|
|
|
|
|
optional :external, type: Boolean, desc: 'Flag indicating the user is an external user'
|
|
|
|
|
all_or_none_of :extern_uid, :provider
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
desc 'Get the list of users' do
|
|
|
|
|
success Entities::UserBasic
|
|
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
optional :username, type: String, desc: 'Get a single user with a specific username'
|
|
|
|
|
optional :search, type: String, desc: 'Search for a username'
|
|
|
|
|
optional :active, type: Boolean, default: false, desc: 'Filters only active users'
|
|
|
|
|
optional :external, type: Boolean, default: false, desc: 'Filters only external users'
|
|
|
|
|
optional :blocked, type: Boolean, default: false, desc: 'Filters only blocked users'
|
2016-12-04 17:11:19 +00:00
|
|
|
use :pagination
|
2016-10-27 08:20:06 +00:00
|
|
|
end
|
2012-06-29 10:46:01 +00:00
|
|
|
get do
|
2016-04-12 15:04:33 +00:00
|
|
|
unless can?(current_user, :read_users_list, nil)
|
2016-04-06 21:09:24 +00:00
|
|
|
render_api_error!("Not authorized.", 403)
|
|
|
|
|
end
|
|
|
|
|
|
2015-12-13 06:02:05 +00:00
|
|
|
if params[:username].present?
|
2016-10-27 08:20:06 +00:00
|
|
|
users = User.where(username: params[:username])
|
2015-12-13 06:02:05 +00:00
|
|
|
else
|
2016-10-27 08:20:06 +00:00
|
|
|
users = User.all
|
|
|
|
|
users = users.active if params[:active]
|
|
|
|
|
users = users.search(params[:search]) if params[:search].present?
|
|
|
|
|
users = users.blocked if params[:blocked]
|
|
|
|
|
users = users.external if params[:external] && current_user.is_admin?
|
2015-12-13 06:02:05 +00:00
|
|
|
end
|
2014-06-13 14:46:48 +00:00
|
|
|
|
2016-11-21 12:59:37 +00:00
|
|
|
entity = current_user.is_admin? ? Entities::UserPublic : Entities::UserBasic
|
2016-10-27 08:20:06 +00:00
|
|
|
present paginate(users), with: entity
|
2012-06-29 10:46:01 +00:00
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Get a single user' do
|
|
|
|
|
success Entities::UserBasic
|
|
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
|
end
|
2012-06-29 10:46:01 +00:00
|
|
|
get ":id" do
|
2016-10-27 08:20:06 +00:00
|
|
|
user = User.find_by(id: params[:id])
|
|
|
|
|
not_found!('User') unless user
|
2014-06-13 14:46:48 +00:00
|
|
|
|
2016-04-13 18:37:17 +00:00
|
|
|
if current_user && current_user.is_admin?
|
2016-11-21 12:59:37 +00:00
|
|
|
present user, with: Entities::UserPublic
|
2016-10-27 08:20:06 +00:00
|
|
|
elsif can?(current_user, :read_user, user)
|
|
|
|
|
present user, with: Entities::User
|
2016-04-06 21:09:24 +00:00
|
|
|
else
|
|
|
|
|
render_api_error!("User not found.", 404)
|
2014-06-13 14:46:48 +00:00
|
|
|
end
|
2012-06-29 10:46:01 +00:00
|
|
|
end
|
2012-10-19 10:23:10 +00:00
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Create a user. Available only for admins.' do
|
2016-11-21 12:59:37 +00:00
|
|
|
success Entities::UserPublic
|
2016-10-27 08:20:06 +00:00
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :email, type: String, desc: 'The email of the user'
|
2017-02-03 14:49:27 +00:00
|
|
|
optional :password, type: String, desc: 'The password of the new user'
|
|
|
|
|
optional :reset_password, type: Boolean, desc: 'Flag indicating the user will be sent a password reset token'
|
|
|
|
|
at_least_one_of :password, :reset_password
|
2016-10-27 08:20:06 +00:00
|
|
|
requires :name, type: String, desc: 'The name of the user'
|
|
|
|
|
requires :username, type: String, desc: 'The username of the user'
|
|
|
|
|
use :optional_attributes
|
|
|
|
|
end
|
2012-10-02 09:46:01 +00:00
|
|
|
post do
|
|
|
|
|
authenticated_as_admin!
|
2016-10-27 08:20:06 +00:00
|
|
|
|
|
|
|
|
# Filter out params which are used later
|
2017-01-04 16:35:59 +00:00
|
|
|
user_params = declared_params(include_missing: false)
|
|
|
|
|
identity_attrs = user_params.slice(:provider, :extern_uid)
|
2017-01-11 14:38:41 +00:00
|
|
|
confirm = user_params.delete(:confirm)
|
2017-02-03 14:49:27 +00:00
|
|
|
user = User.new(user_params.except(:extern_uid, :provider, :reset_password))
|
|
|
|
|
|
|
|
|
|
if user_params.delete(:reset_password)
|
|
|
|
|
user.attributes = {
|
|
|
|
|
force_random_password: true,
|
|
|
|
|
password_expires_at: nil,
|
|
|
|
|
created_by_id: current_user.id
|
|
|
|
|
}
|
|
|
|
|
user.generate_password
|
|
|
|
|
user.generate_reset_token
|
|
|
|
|
end
|
2016-10-27 08:20:06 +00:00
|
|
|
|
2014-06-18 17:49:39 +00:00
|
|
|
user.skip_confirmation! unless confirm
|
2016-03-10 21:08:11 +00:00
|
|
|
|
2014-11-27 11:34:39 +00:00
|
|
|
if identity_attrs.any?
|
|
|
|
|
user.identities.build(identity_attrs)
|
|
|
|
|
end
|
|
|
|
|
|
2012-10-02 09:46:01 +00:00
|
|
|
if user.save
|
2016-11-21 12:59:37 +00:00
|
|
|
present user, with: Entities::UserPublic
|
2012-10-02 09:46:01 +00:00
|
|
|
else
|
2017-02-22 22:50:15 +00:00
|
|
|
conflict!('Email has already been taken') if User.
|
|
|
|
|
where(email: user.email).
|
|
|
|
|
count > 0
|
2014-08-18 18:09:09 +00:00
|
|
|
|
2017-02-22 22:50:15 +00:00
|
|
|
conflict!('Username has already been taken') if User.
|
|
|
|
|
where(username: user.username).
|
|
|
|
|
count > 0
|
2014-08-18 18:09:09 +00:00
|
|
|
|
|
|
|
|
render_validation_error!(user)
|
2012-10-02 09:46:01 +00:00
|
|
|
end
|
|
|
|
|
end
|
2012-12-18 19:24:31 +00:00
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Update a user. Available only for admins.' do
|
2016-11-21 12:59:37 +00:00
|
|
|
success Entities::UserPublic
|
2016-10-27 08:20:06 +00:00
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
|
optional :email, type: String, desc: 'The email of the user'
|
|
|
|
|
optional :password, type: String, desc: 'The password of the new user'
|
|
|
|
|
optional :name, type: String, desc: 'The name of the user'
|
|
|
|
|
optional :username, type: String, desc: 'The username of the user'
|
|
|
|
|
use :optional_attributes
|
|
|
|
|
at_least_one_of :email, :password, :name, :username, :skype, :linkedin,
|
|
|
|
|
:twitter, :website_url, :organization, :projects_limit,
|
|
|
|
|
:extern_uid, :provider, :bio, :location, :admin,
|
|
|
|
|
:can_create_group, :confirm, :external
|
|
|
|
|
end
|
2012-12-18 19:24:31 +00:00
|
|
|
put ":id" do
|
|
|
|
|
authenticated_as_admin!
|
2013-02-20 11:10:51 +00:00
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
user = User.find_by(id: params.delete(:id))
|
2014-08-18 18:09:09 +00:00
|
|
|
not_found!('User') unless user
|
2012-12-18 19:24:31 +00:00
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
conflict!('Email has already been taken') if params[:email] &&
|
2017-02-22 22:50:15 +00:00
|
|
|
User.where(email: params[:email]).
|
|
|
|
|
where.not(id: user.id).count > 0
|
2014-08-18 18:09:09 +00:00
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
conflict!('Username has already been taken') if params[:username] &&
|
2017-02-22 22:50:15 +00:00
|
|
|
User.where(username: params[:username]).
|
|
|
|
|
where.not(id: user.id).count > 0
|
2014-08-18 18:09:09 +00:00
|
|
|
|
2016-11-21 16:44:24 +00:00
|
|
|
user_params = declared_params(include_missing: false)
|
|
|
|
|
identity_attrs = user_params.slice(:provider, :extern_uid)
|
2016-10-27 08:20:06 +00:00
|
|
|
|
2015-09-22 21:26:59 +00:00
|
|
|
if identity_attrs.any?
|
|
|
|
|
identity = user.identities.find_by(provider: identity_attrs[:provider])
|
2016-10-27 08:20:06 +00:00
|
|
|
|
2015-09-22 21:26:59 +00:00
|
|
|
if identity
|
|
|
|
|
identity.update_attributes(identity_attrs)
|
|
|
|
|
else
|
|
|
|
|
identity = user.identities.build(identity_attrs)
|
|
|
|
|
identity.save
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2017-02-21 23:50:22 +00:00
|
|
|
user_params[:password_expires_at] = Time.now if user_params[:password].present?
|
2017-02-02 10:46:14 +00:00
|
|
|
|
2017-01-04 16:35:59 +00:00
|
|
|
if user.update_attributes(user_params.except(:extern_uid, :provider))
|
2016-11-21 12:59:37 +00:00
|
|
|
present user, with: Entities::UserPublic
|
2012-12-18 19:24:31 +00:00
|
|
|
else
|
2014-08-18 18:09:09 +00:00
|
|
|
render_validation_error!(user)
|
2012-12-18 19:24:31 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Add an SSH key to a specified user. Available only for admins.' do
|
|
|
|
|
success Entities::SSHKey
|
|
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
|
requires :key, type: String, desc: 'The new SSH key'
|
|
|
|
|
requires :title, type: String, desc: 'The title of the new SSH key'
|
|
|
|
|
end
|
2012-11-14 20:37:52 +00:00
|
|
|
post ":id/keys" do
|
|
|
|
|
authenticated_as_admin!
|
2014-08-18 18:09:09 +00:00
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
user = User.find_by(id: params.delete(:id))
|
|
|
|
|
not_found!('User') unless user
|
|
|
|
|
|
|
|
|
|
key = user.keys.new(declared_params(include_missing: false))
|
|
|
|
|
|
2012-11-14 20:37:52 +00:00
|
|
|
if key.save
|
|
|
|
|
present key, with: Entities::SSHKey
|
|
|
|
|
else
|
2014-08-18 18:09:09 +00:00
|
|
|
render_validation_error!(key)
|
2012-11-14 20:37:52 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Get the SSH keys of a specified user. Available only for admins.' do
|
|
|
|
|
success Entities::SSHKey
|
|
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
2017-01-17 04:45:07 +00:00
|
|
|
use :pagination
|
2016-10-27 08:20:06 +00:00
|
|
|
end
|
|
|
|
|
get ':id/keys' do
|
2014-04-15 14:39:46 +00:00
|
|
|
authenticated_as_admin!
|
2016-10-27 08:20:06 +00:00
|
|
|
|
|
|
|
|
user = User.find_by(id: params[:id])
|
2014-08-18 18:09:09 +00:00
|
|
|
not_found!('User') unless user
|
|
|
|
|
|
2017-01-17 04:45:07 +00:00
|
|
|
present paginate(user.keys), with: Entities::SSHKey
|
2014-04-15 14:39:46 +00:00
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Delete an existing SSH key from a specified user. Available only for admins.' do
|
|
|
|
|
success Entities::SSHKey
|
|
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
|
requires :key_id, type: Integer, desc: 'The ID of the SSH key'
|
|
|
|
|
end
|
|
|
|
|
delete ':id/keys/:key_id' do
|
2014-04-15 14:39:46 +00:00
|
|
|
authenticated_as_admin!
|
2016-10-27 08:20:06 +00:00
|
|
|
|
|
|
|
|
user = User.find_by(id: params[:id])
|
2014-08-18 18:09:09 +00:00
|
|
|
not_found!('User') unless user
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
key = user.keys.find_by(id: params[:key_id])
|
|
|
|
|
not_found!('Key') unless key
|
|
|
|
|
|
2017-02-20 18:18:12 +00:00
|
|
|
key.destroy
|
2014-04-15 14:39:46 +00:00
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Add an email address to a specified user. Available only for admins.' do
|
|
|
|
|
success Entities::Email
|
|
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
|
requires :email, type: String, desc: 'The email of the user'
|
|
|
|
|
end
|
2015-07-29 13:40:08 +00:00
|
|
|
post ":id/emails" do
|
|
|
|
|
authenticated_as_admin!
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
user = User.find_by(id: params.delete(:id))
|
|
|
|
|
not_found!('User') unless user
|
|
|
|
|
|
|
|
|
|
email = user.emails.new(declared_params(include_missing: false))
|
|
|
|
|
|
2015-07-29 13:40:08 +00:00
|
|
|
if email.save
|
|
|
|
|
NotificationService.new.new_email(email)
|
|
|
|
|
present email, with: Entities::Email
|
|
|
|
|
else
|
|
|
|
|
render_validation_error!(email)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Get the emails addresses of a specified user. Available only for admins.' do
|
|
|
|
|
success Entities::Email
|
|
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
2017-01-17 04:45:07 +00:00
|
|
|
use :pagination
|
2016-10-27 08:20:06 +00:00
|
|
|
end
|
|
|
|
|
get ':id/emails' do
|
2015-07-29 13:40:08 +00:00
|
|
|
authenticated_as_admin!
|
2016-10-27 08:20:06 +00:00
|
|
|
user = User.find_by(id: params[:id])
|
2015-07-29 13:40:08 +00:00
|
|
|
not_found!('User') unless user
|
|
|
|
|
|
2017-01-17 04:45:07 +00:00
|
|
|
present paginate(user.emails), with: Entities::Email
|
2015-07-29 13:40:08 +00:00
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Delete an email address of a specified user. Available only for admins.' do
|
|
|
|
|
success Entities::Email
|
|
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
|
requires :email_id, type: Integer, desc: 'The ID of the email'
|
|
|
|
|
end
|
|
|
|
|
delete ':id/emails/:email_id' do
|
2015-07-29 13:40:08 +00:00
|
|
|
authenticated_as_admin!
|
2016-10-27 08:20:06 +00:00
|
|
|
user = User.find_by(id: params[:id])
|
2015-07-29 13:40:08 +00:00
|
|
|
not_found!('User') unless user
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
email = user.emails.find_by(id: params[:email_id])
|
|
|
|
|
not_found!('Email') unless email
|
2015-07-29 13:40:08 +00:00
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
email.destroy
|
|
|
|
|
user.update_secondary_emails!
|
2015-07-29 13:40:08 +00:00
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Delete a user. Available only for admins.' do
|
|
|
|
|
success Entities::Email
|
|
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
|
end
|
2012-12-18 19:24:31 +00:00
|
|
|
delete ":id" do
|
|
|
|
|
authenticated_as_admin!
|
2014-01-19 18:55:59 +00:00
|
|
|
user = User.find_by(id: params[:id])
|
2016-10-27 08:20:06 +00:00
|
|
|
not_found!('User') unless user
|
2012-12-18 19:24:31 +00:00
|
|
|
|
2016-08-13 12:45:31 +00:00
|
|
|
::Users::DestroyService.new(current_user).execute(user)
|
2012-12-18 19:24:31 +00:00
|
|
|
end
|
2015-04-28 16:02:44 +00:00
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Block a user. Available only for admins.'
|
|
|
|
|
params do
|
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
|
end
|
2017-02-20 12:31:11 +00:00
|
|
|
post ':id/block' do
|
2015-04-28 16:02:44 +00:00
|
|
|
authenticated_as_admin!
|
|
|
|
|
user = User.find_by(id: params[:id])
|
2016-10-27 08:20:06 +00:00
|
|
|
not_found!('User') unless user
|
2015-04-28 16:02:44 +00:00
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
if !user.ldap_blocked?
|
2015-04-28 16:02:44 +00:00
|
|
|
user.block
|
|
|
|
|
else
|
2015-12-30 18:52:02 +00:00
|
|
|
forbidden!('LDAP blocked users cannot be modified by the API')
|
2015-04-28 16:02:44 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Unblock a user. Available only for admins.'
|
|
|
|
|
params do
|
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
|
end
|
2017-02-20 12:31:11 +00:00
|
|
|
post ':id/unblock' do
|
2015-04-28 16:02:44 +00:00
|
|
|
authenticated_as_admin!
|
|
|
|
|
user = User.find_by(id: params[:id])
|
2016-10-27 08:20:06 +00:00
|
|
|
not_found!('User') unless user
|
2015-04-28 16:02:44 +00:00
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
if user.ldap_blocked?
|
2015-12-30 18:52:02 +00:00
|
|
|
forbidden!('LDAP blocked users cannot be unblocked by the API')
|
2016-01-12 14:29:10 +00:00
|
|
|
else
|
|
|
|
|
user.activate
|
2015-04-28 16:02:44 +00:00
|
|
|
end
|
|
|
|
|
end
|
2016-10-10 11:35:26 +00:00
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Get the contribution events of a specified user' do
|
2016-10-10 11:35:26 +00:00
|
|
|
detail 'This feature was introduced in GitLab 8.13.'
|
|
|
|
|
success Entities::Event
|
|
|
|
|
end
|
|
|
|
|
params do
|
2016-10-27 08:20:06 +00:00
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
2016-12-04 17:11:19 +00:00
|
|
|
use :pagination
|
2016-10-10 11:35:26 +00:00
|
|
|
end
|
|
|
|
|
get ':id/events' do
|
2016-10-27 08:20:06 +00:00
|
|
|
user = User.find_by(id: params[:id])
|
2016-10-10 11:35:26 +00:00
|
|
|
not_found!('User') unless user
|
|
|
|
|
|
2017-02-22 22:50:15 +00:00
|
|
|
events = user.events.
|
|
|
|
|
merge(ProjectsFinder.new.execute(current_user)).
|
|
|
|
|
references(:project).
|
|
|
|
|
with_associations.
|
|
|
|
|
recent
|
2016-10-10 11:35:26 +00:00
|
|
|
|
|
|
|
|
present paginate(events), with: Entities::Event
|
|
|
|
|
end
|
2016-12-27 16:26:57 +00:00
|
|
|
|
|
|
|
|
params do
|
2017-02-23 17:47:06 +00:00
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
2016-12-27 16:26:57 +00:00
|
|
|
end
|
2017-02-23 17:47:06 +00:00
|
|
|
segment ':id' do
|
2017-02-09 15:21:09 +00:00
|
|
|
resource :personal_access_tokens do
|
|
|
|
|
before { authenticated_as_admin! }
|
2016-12-27 16:26:57 +00:00
|
|
|
|
2017-02-09 15:21:09 +00:00
|
|
|
desc 'Retrieve personal access tokens. Available only for admins.' do
|
|
|
|
|
detail 'This feature was introduced in GitLab 9.0'
|
2017-02-23 17:47:06 +00:00
|
|
|
success Entities::ImpersonationToken
|
2017-02-09 15:21:09 +00:00
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
optional :state, type: String, default: 'all', values: %w[all active inactive], desc: 'Filters (all|active|inactive) personal_access_tokens'
|
|
|
|
|
optional :impersonation, type: Boolean, default: false, desc: 'Filters only impersonation personal_access_tokens'
|
|
|
|
|
end
|
|
|
|
|
get do
|
2017-02-23 17:47:06 +00:00
|
|
|
user = find_user(params)
|
|
|
|
|
present PersonalAccessTokensFinder.new(user, params).execute, with: Entities::ImpersonationToken
|
2017-02-09 15:21:09 +00:00
|
|
|
end
|
2016-12-27 16:26:57 +00:00
|
|
|
|
2017-02-09 15:21:09 +00:00
|
|
|
desc 'Create a personal access token. Available only for admins.' do
|
|
|
|
|
detail 'This feature was introduced in GitLab 9.0'
|
2017-02-23 17:47:06 +00:00
|
|
|
success Entities::ImpersonationToken
|
2017-02-09 15:21:09 +00:00
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :name, type: String, desc: 'The name of the personal access token'
|
|
|
|
|
optional :expires_at, type: Date, desc: 'The expiration date in the format YEAR-MONTH-DAY of the personal access token'
|
|
|
|
|
optional :scopes, type: Array, desc: 'The array of scopes of the personal access token'
|
|
|
|
|
optional :impersonation, type: Boolean, default: false, desc: 'The impersonation flag of the personal access token'
|
|
|
|
|
end
|
|
|
|
|
post do
|
2017-02-23 17:47:06 +00:00
|
|
|
user = find_user(params)
|
|
|
|
|
personal_access_token = PersonalAccessTokensFinder.new(user).execute.build(declared_params(include_missing: false))
|
2017-02-09 15:21:09 +00:00
|
|
|
|
|
|
|
|
if personal_access_token.save
|
2017-02-23 17:47:06 +00:00
|
|
|
present personal_access_token, with: Entities::ImpersonationToken
|
2017-02-09 15:21:09 +00:00
|
|
|
else
|
|
|
|
|
render_validation_error!(personal_access_token)
|
|
|
|
|
end
|
|
|
|
|
end
|
2016-12-27 16:26:57 +00:00
|
|
|
|
2017-02-09 15:21:09 +00:00
|
|
|
desc 'Retrieve personal access token. Available only for admins.' do
|
|
|
|
|
detail 'This feature was introduced in GitLab 9.0'
|
2017-02-23 17:47:06 +00:00
|
|
|
success Entities::ImpersonationToken
|
2017-02-09 15:21:09 +00:00
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :personal_access_token_id, type: Integer, desc: 'The ID of the personal access token'
|
2017-02-23 17:47:06 +00:00
|
|
|
optional :impersonation, type: Boolean, default: false, desc: 'The impersonation flag of the personal access token'
|
2017-02-09 15:21:09 +00:00
|
|
|
end
|
2017-02-23 17:47:06 +00:00
|
|
|
get ':personal_access_token_id' do
|
|
|
|
|
user = find_user(params)
|
2016-12-27 16:26:57 +00:00
|
|
|
|
2017-02-23 17:47:06 +00:00
|
|
|
personal_access_token = PersonalAccessTokensFinder.new(user, declared_params(include_missing: false)).execute
|
|
|
|
|
not_found!('Personal Access Token') unless personal_access_token
|
2016-12-27 16:26:57 +00:00
|
|
|
|
2017-02-23 17:47:06 +00:00
|
|
|
present personal_access_token, with: Entities::ImpersonationToken
|
2017-02-09 15:21:09 +00:00
|
|
|
end
|
2016-12-27 16:26:57 +00:00
|
|
|
|
2017-02-09 15:21:09 +00:00
|
|
|
desc 'Revoke a personal access token. Available only for admins.' do
|
|
|
|
|
detail 'This feature was introduced in GitLab 9.0'
|
|
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :personal_access_token_id, type: Integer, desc: 'The ID of the personal access token'
|
2017-02-23 17:47:06 +00:00
|
|
|
optional :impersonation, type: Boolean, default: false, desc: 'The impersonation flag of the personal access token'
|
2017-02-09 15:21:09 +00:00
|
|
|
end
|
2017-02-23 17:47:06 +00:00
|
|
|
delete ':personal_access_token_id' do
|
|
|
|
|
user = find_user(params)
|
2016-12-27 16:26:57 +00:00
|
|
|
|
2017-02-23 17:47:06 +00:00
|
|
|
personal_access_token = PersonalAccessTokensFinder.new(user, declared_params(include_missing: false)).execute
|
|
|
|
|
not_found!('Personal Access Token') unless personal_access_token
|
2016-12-27 16:26:57 +00:00
|
|
|
|
2017-02-09 15:21:09 +00:00
|
|
|
personal_access_token.revoke!
|
2016-12-27 16:26:57 +00:00
|
|
|
|
2017-02-09 15:21:09 +00:00
|
|
|
no_content!
|
|
|
|
|
end
|
|
|
|
|
end
|
2016-12-27 16:26:57 +00:00
|
|
|
end
|
2012-06-29 10:46:01 +00:00
|
|
|
end
|
|
|
|
|
|
2012-09-21 11:49:28 +00:00
|
|
|
resource :user do
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Get the currently authenticated user' do
|
2016-11-21 12:59:37 +00:00
|
|
|
success Entities::UserPublic
|
2016-10-27 08:20:06 +00:00
|
|
|
end
|
2012-09-21 11:49:28 +00:00
|
|
|
get do
|
2016-12-09 17:48:20 +00:00
|
|
|
present current_user, with: sudo? ? Entities::UserWithPrivateToken : Entities::UserPublic
|
2012-09-21 11:49:28 +00:00
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc "Get the currently authenticated user's SSH keys" do
|
|
|
|
|
success Entities::SSHKey
|
|
|
|
|
end
|
2017-01-17 04:45:07 +00:00
|
|
|
params do
|
|
|
|
|
use :pagination
|
|
|
|
|
end
|
2012-09-21 11:49:28 +00:00
|
|
|
get "keys" do
|
2017-01-17 04:45:07 +00:00
|
|
|
present paginate(current_user.keys), with: Entities::SSHKey
|
2012-09-21 11:49:28 +00:00
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Get a single key owned by currently authenticated user' do
|
|
|
|
|
success Entities::SSHKey
|
|
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :key_id, type: Integer, desc: 'The ID of the SSH key'
|
|
|
|
|
end
|
|
|
|
|
get "keys/:key_id" do
|
|
|
|
|
key = current_user.keys.find_by(id: params[:key_id])
|
|
|
|
|
not_found!('Key') unless key
|
|
|
|
|
|
2012-09-21 11:49:28 +00:00
|
|
|
present key, with: Entities::SSHKey
|
|
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Add a new SSH key to the currently authenticated user' do
|
|
|
|
|
success Entities::SSHKey
|
|
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :key, type: String, desc: 'The new SSH key'
|
|
|
|
|
requires :title, type: String, desc: 'The title of the new SSH key'
|
|
|
|
|
end
|
2012-09-21 11:49:28 +00:00
|
|
|
post "keys" do
|
2016-10-27 08:20:06 +00:00
|
|
|
key = current_user.keys.new(declared_params)
|
2013-02-20 11:10:51 +00:00
|
|
|
|
2012-09-21 11:49:28 +00:00
|
|
|
if key.save
|
|
|
|
|
present key, with: Entities::SSHKey
|
|
|
|
|
else
|
2014-08-18 18:09:09 +00:00
|
|
|
render_validation_error!(key)
|
2012-09-21 11:49:28 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Delete an SSH key from the currently authenticated user' do
|
|
|
|
|
success Entities::SSHKey
|
|
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :key_id, type: Integer, desc: 'The ID of the SSH key'
|
|
|
|
|
end
|
|
|
|
|
delete "keys/:key_id" do
|
|
|
|
|
key = current_user.keys.find_by(id: params[:key_id])
|
|
|
|
|
not_found!('Key') unless key
|
|
|
|
|
|
2017-02-20 18:18:12 +00:00
|
|
|
key.destroy
|
2012-09-21 11:49:28 +00:00
|
|
|
end
|
2015-07-29 13:40:08 +00:00
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc "Get the currently authenticated user's email addresses" do
|
|
|
|
|
success Entities::Email
|
|
|
|
|
end
|
2017-01-17 04:45:07 +00:00
|
|
|
params do
|
|
|
|
|
use :pagination
|
|
|
|
|
end
|
2015-07-29 13:40:08 +00:00
|
|
|
get "emails" do
|
2017-01-17 04:45:07 +00:00
|
|
|
present paginate(current_user.emails), with: Entities::Email
|
2015-07-29 13:40:08 +00:00
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Get a single email address owned by the currently authenticated user' do
|
|
|
|
|
success Entities::Email
|
|
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :email_id, type: Integer, desc: 'The ID of the email'
|
|
|
|
|
end
|
|
|
|
|
get "emails/:email_id" do
|
|
|
|
|
email = current_user.emails.find_by(id: params[:email_id])
|
|
|
|
|
not_found!('Email') unless email
|
|
|
|
|
|
2015-07-29 13:40:08 +00:00
|
|
|
present email, with: Entities::Email
|
|
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Add new email address to the currently authenticated user' do
|
|
|
|
|
success Entities::Email
|
|
|
|
|
end
|
|
|
|
|
params do
|
|
|
|
|
requires :email, type: String, desc: 'The new email'
|
|
|
|
|
end
|
2015-07-29 13:40:08 +00:00
|
|
|
post "emails" do
|
2016-10-27 08:20:06 +00:00
|
|
|
email = current_user.emails.new(declared_params)
|
2015-07-29 13:40:08 +00:00
|
|
|
|
|
|
|
|
if email.save
|
|
|
|
|
NotificationService.new.new_email(email)
|
|
|
|
|
present email, with: Entities::Email
|
|
|
|
|
else
|
|
|
|
|
render_validation_error!(email)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
desc 'Delete an email address from the currently authenticated user'
|
|
|
|
|
params do
|
|
|
|
|
requires :email_id, type: Integer, desc: 'The ID of the email'
|
|
|
|
|
end
|
|
|
|
|
delete "emails/:email_id" do
|
|
|
|
|
email = current_user.emails.find_by(id: params[:email_id])
|
|
|
|
|
not_found!('Email') unless email
|
2015-07-29 13:40:08 +00:00
|
|
|
|
2016-10-27 08:20:06 +00:00
|
|
|
email.destroy
|
|
|
|
|
current_user.update_secondary_emails!
|
2015-07-29 13:40:08 +00:00
|
|
|
end
|
2012-06-29 10:46:01 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
