// FindEntity implements authentication.EntityFinder.FindEntity.
func (f modelUserEntityFinder) FindEntity(tag names.Tag) (state.Entity, error) {
utag, ok := tag.(names.UserTag)
if !ok {
return f.st.FindEntity(tag)
}
modelUser, controllerUser, err := common.UserAccess(f.st, utag)
if err != nil {
return nil, errors.Trace(err)
}
u := &modelUserEntity{
st: f.st,
modelUser: modelUser,
controllerUser: controllerUser,
}
if utag.IsLocal() {
user, err := f.st.User(utag)
if err != nil {
return nil, errors.Trace(err)
}
u.user = user
}
return u, nil
}
// UserInfo returns information on a user.
func (api *UserManagerAPI) UserInfo(request params.UserInfoRequest) (params.UserInfoResults, error) {
var results params.UserInfoResults
isAdmin, err := api.hasControllerAdminAccess()
if err != nil {
return results, errors.Trace(err)
}
var accessForUser = func(userTag names.UserTag, result *params.UserInfoResult) {
// Lookup the access the specified user has to the controller.
_, controllerUserAccess, err := common.UserAccess(api.state, userTag)
if err == nil {
result.Result.Access = string(controllerUserAccess.Access)
} else if err != nil && !errors.IsNotFound(err) {
result.Result = nil
result.Error = common.ServerError(err)
}
}
var infoForUser = func(user *state.User) params.UserInfoResult {
var lastLogin *time.Time
userLastLogin, err := user.LastLogin()
if err != nil {
if !state.IsNeverLoggedInError(err) {
logger.Debugf("error getting last login: %v", err)
}
} else {
lastLogin = &userLastLogin
}
result := params.UserInfoResult{
Result: ¶ms.UserInfo{
Username: user.Name(),
DisplayName: user.DisplayName(),
CreatedBy: user.CreatedBy(),
DateCreated: user.DateCreated(),
LastConnection: lastLogin,
Disabled: user.IsDisabled(),
},
}
accessForUser(user.UserTag(), &result)
return result
}
argCount := len(request.Entities)
if argCount == 0 {
users, err := api.state.AllUsers(request.IncludeDisabled)
if err != nil {
return results, errors.Trace(err)
}
for _, user := range users {
if !isAdmin && !api.authorizer.AuthOwner(user.Tag()) {
continue
}
results.Results = append(results.Results, infoForUser(user))
}
return results, nil
}
// Create the results list to populate.
for _, arg := range request.Entities {
userTag, err := names.ParseUserTag(arg.Tag)
if err != nil {
results.Results = append(results.Results, params.UserInfoResult{Error: common.ServerError(err)})
continue
}
if !isAdmin && !api.authorizer.AuthOwner(userTag) {
results.Results = append(results.Results, params.UserInfoResult{Error: common.ServerError(common.ErrPerm)})
continue
}
if !userTag.IsLocal() {
// TODO(wallyworld) record login information about external users.
result := params.UserInfoResult{
Result: ¶ms.UserInfo{
Username: userTag.Id(),
},
}
accessForUser(userTag, &result)
results.Results = append(results.Results, result)
continue
}
user, err := api.getUser(arg.Tag)
if err != nil {
results.Results = append(results.Results, params.UserInfoResult{Error: common.ServerError(err)})
continue
}
results.Results = append(results.Results, infoForUser(user))
}
return results, nil
}