| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208 |
- // Copyright 2017 Frédéric Guillot. All rights reserved.
- // Use of this source code is governed by the Apache 2.0
- // license that can be found in the LICENSE file.
- package api
- import (
- "errors"
- "net/http"
- "github.com/miniflux/miniflux/http/context"
- "github.com/miniflux/miniflux/http/request"
- "github.com/miniflux/miniflux/http/response/json"
- )
- // CurrentUser is the API handler to retrieve the authenticated user.
- func (c *Controller) CurrentUser(w http.ResponseWriter, r *http.Request) {
- ctx := context.New(r)
- user, err := c.store.UserByID(ctx.UserID())
- if err != nil {
- json.ServerError(w, err)
- return
- }
- json.OK(w, r, user)
- }
- // CreateUser is the API handler to create a new user.
- func (c *Controller) CreateUser(w http.ResponseWriter, r *http.Request) {
- ctx := context.New(r)
- if !ctx.IsAdminUser() {
- json.Forbidden(w)
- return
- }
- user, err := decodeUserCreationPayload(r.Body)
- if err != nil {
- json.BadRequest(w, err)
- return
- }
- if err := user.ValidateUserCreation(); err != nil {
- json.BadRequest(w, err)
- return
- }
- if c.store.UserExists(user.Username) {
- json.BadRequest(w, errors.New("This user already exists"))
- return
- }
- err = c.store.CreateUser(user)
- if err != nil {
- json.ServerError(w, errors.New("Unable to create this user"))
- return
- }
- user.Password = ""
- json.Created(w, user)
- }
- // UpdateUser is the API handler to update the given user.
- func (c *Controller) UpdateUser(w http.ResponseWriter, r *http.Request) {
- ctx := context.New(r)
- if !ctx.IsAdminUser() {
- json.Forbidden(w)
- return
- }
- userID, err := request.IntParam(r, "userID")
- if err != nil {
- json.BadRequest(w, err)
- return
- }
- userChanges, err := decodeUserModificationPayload(r.Body)
- if err != nil {
- json.BadRequest(w, err)
- return
- }
- originalUser, err := c.store.UserByID(userID)
- if err != nil {
- json.BadRequest(w, errors.New("Unable to fetch this user from the database"))
- return
- }
- if originalUser == nil {
- json.NotFound(w, errors.New("User not found"))
- return
- }
- userChanges.Update(originalUser)
- if err := originalUser.ValidateUserModification(); err != nil {
- json.BadRequest(w, err)
- return
- }
- if err = c.store.UpdateUser(originalUser); err != nil {
- json.ServerError(w, errors.New("Unable to update this user"))
- return
- }
- json.Created(w, originalUser)
- }
- // Users is the API handler to get the list of users.
- func (c *Controller) Users(w http.ResponseWriter, r *http.Request) {
- ctx := context.New(r)
- if !ctx.IsAdminUser() {
- json.Forbidden(w)
- return
- }
- users, err := c.store.Users()
- if err != nil {
- json.ServerError(w, errors.New("Unable to fetch the list of users"))
- return
- }
- users.UseTimezone(ctx.UserTimezone())
- json.OK(w, r, users)
- }
- // UserByID is the API handler to fetch the given user by the ID.
- func (c *Controller) UserByID(w http.ResponseWriter, r *http.Request) {
- ctx := context.New(r)
- if !ctx.IsAdminUser() {
- json.Forbidden(w)
- return
- }
- userID, err := request.IntParam(r, "userID")
- if err != nil {
- json.BadRequest(w, err)
- return
- }
- user, err := c.store.UserByID(userID)
- if err != nil {
- json.BadRequest(w, errors.New("Unable to fetch this user from the database"))
- return
- }
- if user == nil {
- json.NotFound(w, errors.New("User not found"))
- return
- }
- user.UseTimezone(ctx.UserTimezone())
- json.OK(w, r, user)
- }
- // UserByUsername is the API handler to fetch the given user by the username.
- func (c *Controller) UserByUsername(w http.ResponseWriter, r *http.Request) {
- ctx := context.New(r)
- if !ctx.IsAdminUser() {
- json.Forbidden(w)
- return
- }
- username := request.Param(r, "username", "")
- user, err := c.store.UserByUsername(username)
- if err != nil {
- json.BadRequest(w, errors.New("Unable to fetch this user from the database"))
- return
- }
- if user == nil {
- json.NotFound(w, errors.New("User not found"))
- return
- }
- json.OK(w, r, user)
- }
- // RemoveUser is the API handler to remove an existing user.
- func (c *Controller) RemoveUser(w http.ResponseWriter, r *http.Request) {
- ctx := context.New(r)
- if !ctx.IsAdminUser() {
- json.Forbidden(w)
- return
- }
- userID, err := request.IntParam(r, "userID")
- if err != nil {
- json.BadRequest(w, err)
- return
- }
- user, err := c.store.UserByID(userID)
- if err != nil {
- json.ServerError(w, errors.New("Unable to fetch this user from the database"))
- return
- }
- if user == nil {
- json.NotFound(w, errors.New("User not found"))
- return
- }
- if err := c.store.RemoveUser(user.ID); err != nil {
- json.BadRequest(w, errors.New("Unable to remove this user from the database"))
- return
- }
- json.NoContent(w)
- }
|
