func cmdAssignRole() { if flagCmdAssignRole { if len(flagEmail) == 0 { fmt.Fprintln(os.Stderr, "flag needs an argument: -email") flag.Usage() os.Exit(1) } if !model.IsValidUserRoles(flagRole) { fmt.Fprintln(os.Stderr, "flag invalid argument: -role") flag.Usage() os.Exit(1) } c := getMockContext() var user *model.User if result := <-api.Srv.Store.User().GetByEmail(flagEmail); result.Err != nil { l4g.Error("%v", result.Err) flushLogAndExit(1) } else { user = result.Data.(*model.User) } if !user.IsInRole(flagRole) { api.UpdateUserRoles(c, user, flagRole) } os.Exit(0) } }
func PermanentDeleteUser(c *Context, user *model.User) *model.AppError { l4g.Warn("Attempting to permanently delete account %v id=%v", user.Email, user.Id) c.Path = "/users/permanent_delete" c.LogAuditWithUserId(user.Id, fmt.Sprintf("attempt userId=%v", user.Id)) c.LogAuditWithUserId("", fmt.Sprintf("attempt userId=%v", user.Id)) if user.IsInRole(model.ROLE_SYSTEM_ADMIN) { l4g.Warn("You are deleting %v that is a system administrator. You may need to set another account as the system administrator using the command line tools.", user.Email) } UpdateActive(c, user, false) if result := <-Srv.Store.Session().PermanentDeleteSessionsByUser(user.Id); result.Err != nil { return result.Err } if result := <-Srv.Store.OAuth().PermanentDeleteAuthDataByUser(user.Id); result.Err != nil { return result.Err } if result := <-Srv.Store.Webhook().PermanentDeleteIncomingByUser(user.Id); result.Err != nil { return result.Err } if result := <-Srv.Store.Webhook().PermanentDeleteOutgoingByUser(user.Id); result.Err != nil { return result.Err } if result := <-Srv.Store.Preference().PermanentDeleteByUser(user.Id); result.Err != nil { return result.Err } if result := <-Srv.Store.Channel().PermanentDeleteMembersByUser(user.Id); result.Err != nil { return result.Err } if result := <-Srv.Store.Post().PermanentDeleteByUser(user.Id); result.Err != nil { return result.Err } if result := <-Srv.Store.User().PermanentDelete(user.Id); result.Err != nil { return result.Err } if result := <-Srv.Store.Audit().PermanentDeleteByUser(user.Id); result.Err != nil { return result.Err } l4g.Warn("Permanently deleted account %v id=%v", user.Email, user.Id) c.LogAuditWithUserId("", fmt.Sprintf("success userId=%v", user.Id)) return nil }
func cmdAssignRole() { if flagCmdAssignRole { if len(flagTeamName) == 0 { fmt.Fprintln(os.Stderr, "flag needs an argument: -team_name") flag.Usage() os.Exit(1) } if len(flagEmail) == 0 { fmt.Fprintln(os.Stderr, "flag needs an argument: -email") flag.Usage() os.Exit(1) } if !model.IsValidRoles(flagRole) { fmt.Fprintln(os.Stderr, "flag invalid argument: -role") flag.Usage() os.Exit(1) } c := &api.Context{} c.RequestId = model.NewId() c.IpAddress = "cmd_line" var team *model.Team if result := <-api.Srv.Store.Team().GetByName(flagTeamName); result.Err != nil { l4g.Error("%v", result.Err) flushLogAndExit(1) } else { team = result.Data.(*model.Team) } var user *model.User if result := <-api.Srv.Store.User().GetByEmail(team.Id, flagEmail); result.Err != nil { l4g.Error("%v", result.Err) flushLogAndExit(1) } else { user = result.Data.(*model.User) } if !user.IsInRole(flagRole) { api.UpdateRoles(c, user, flagRole) } os.Exit(0) } }
func cmdAssignRole() { if flagCmdAssignRole { if len(flagEmail) == 0 { fmt.Fprintln(os.Stderr, "flag needs an argument: -email") os.Exit(1) } // Do some conversions if flagRole == "system_admin" { flagRole = "system_user system_admin" } if flagRole == "" { flagRole = "system_user" } if !model.IsValidUserRoles(flagRole) { fmt.Fprintln(os.Stderr, "flag invalid argument: -role") os.Exit(1) } var user *model.User if result := <-app.Srv.Store.User().GetByEmail(flagEmail); result.Err != nil { l4g.Error("%v", result.Err) flushLogAndExit(1) } else { user = result.Data.(*model.User) } if !user.IsInRole(flagRole) { api.UpdateUserRoles(user, flagRole) } os.Exit(0) } }
func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJson(r.Body) user_id := props["user_id"] if len(user_id) != 26 { c.SetInvalidParam("updateRoles", "user_id") return } new_roles := props["new_roles"] if !model.IsValidRoles(new_roles) { c.SetInvalidParam("updateRoles", "new_roles") return } if model.IsInRole(new_roles, model.ROLE_SYSTEM_ADMIN) && !c.IsSystemAdmin() { c.Err = model.NewAppError("updateRoles", "The system admin role can only be set by another system admin", "") c.Err.StatusCode = http.StatusForbidden return } var user *model.User if result := <-Srv.Store.User().Get(user_id); result.Err != nil { c.Err = result.Err return } else { user = result.Data.(*model.User) } if !c.HasPermissionsToTeam(user.TeamId, "updateRoles") { return } if !c.IsTeamAdmin() { c.Err = model.NewAppError("updateRoles", "You do not have the appropriate permissions", "userId="+user_id) c.Err.StatusCode = http.StatusForbidden return } if user.IsInRole(model.ROLE_SYSTEM_ADMIN) && !c.IsSystemAdmin() { c.Err = model.NewAppError("updateRoles", "The system admin role can only by modified by another system admin", "") c.Err.StatusCode = http.StatusForbidden return } ruser := UpdateRoles(c, user, new_roles) if c.Err != nil { return } uchan := Srv.Store.Session().UpdateRoles(user.Id, new_roles) gchan := Srv.Store.Session().GetSessions(user.Id) if result := <-uchan; result.Err != nil { // soft error since the user roles were still updated l4g.Error(result.Err) } if result := <-gchan; result.Err != nil { // soft error since the user roles were still updated l4g.Error(result.Err) } else { sessions := result.Data.([]*model.Session) for _, s := range sessions { sessionCache.Remove(s.Token) } } options := utils.SanitizeOptions options["passwordupdate"] = false ruser.Sanitize(options) w.Write([]byte(ruser.ToJson())) }