// Handles PUT and POST for a user or a role.
func (h *handler) updatePrincipal(name string, isUser bool) error {
h.assertAdminOnly()
// Unmarshal the request body into a PrincipalConfig struct:
body, _ := h.readBody()
var newInfo db.PrincipalConfig
var err error
if err = json.Unmarshal(body, &newInfo); err != nil {
return err
}
if h.rq.Method == "POST" {
// On POST, take the name from the "name" property in the request body:
if newInfo.Name == nil {
return base.HTTPErrorf(http.StatusBadRequest, "Missing name property")
}
} else {
// ON PUT, verify the name matches, if given:
if newInfo.Name == nil {
newInfo.Name = &name
} else if *newInfo.Name != name {
return base.HTTPErrorf(http.StatusBadRequest, "Name mismatch (can't change name)")
}
}
internalName := internalUserName(*newInfo.Name)
newInfo.Name = &internalName
replaced, err := h.db.UpdatePrincipal(newInfo, isUser, h.rq.Method != "POST")
if err != nil {
return err
} else if replaced {
// on update with a new password, remove previous user sessions
if newInfo.Password != nil {
err = h.db.DeleteUserSessions(*newInfo.Name)
if err != nil {
return err
}
}
h.writeStatus(http.StatusOK, "OK")
} else {
h.writeStatus(http.StatusCreated, "Created")
}
return nil
}
func marshalPrincipal(princ auth.Principal) ([]byte, error) {
name := externalUserName(princ.Name())
info := db.PrincipalConfig{
Name: &name,
ExplicitChannels: princ.ExplicitChannels().AsSet(),
}
if user, ok := princ.(auth.User); ok {
info.Channels = user.InheritedChannels().AsSet()
info.Email = user.Email()
info.Disabled = user.Disabled()
info.ExplicitRoleNames = user.ExplicitRoles().AllChannels()
info.RoleNames = user.RoleNames().AllChannels()
} else {
info.Channels = princ.Channels().AsSet()
}
return json.Marshal(info)
}
