func lastLoginPointer(c *gc.C, user *state.User) *time.Time { lastLogin, err := user.LastLogin() if err != nil { if state.IsNeverLoggedInError(err) { return nil } c.Fatal(err) } return &lastLogin }
// AddUser adds a user with a username, and either a password or // a randomly generated secret key which will be returned. func (api *UserManagerAPI) AddUser(args params.AddUsers) (params.AddUserResults, error) { var result params.AddUserResults if err := api.check.ChangeAllowed(); err != nil { return result, errors.Trace(err) } if len(args.Users) == 0 { return result, nil } // Create the results list to populate. result.Results = make([]params.AddUserResult, len(args.Users)) isSuperUser, err := api.hasControllerAdminAccess() if err != nil { return result, errors.Trace(err) } if !isSuperUser { return result, common.ErrPerm } for i, arg := range args.Users { var user *state.User var err error if arg.Password != "" { user, err = api.state.AddUser(arg.Username, arg.DisplayName, arg.Password, api.apiUser.Id()) } else { user, err = api.state.AddUserWithSecretKey(arg.Username, arg.DisplayName, api.apiUser.Id()) } if err != nil { err = errors.Annotate(err, "failed to create user") result.Results[i].Error = common.ServerError(err) continue } else { result.Results[i] = params.AddUserResult{ Tag: user.Tag().String(), SecretKey: user.SecretKey(), } } } return result, nil }
// AddUser adds a user with a username, and either a password or // a randomly generated secret key which will be returned. func (api *UserManagerAPI) AddUser(args params.AddUsers) (params.AddUserResults, error) { result := params.AddUserResults{ Results: make([]params.AddUserResult, len(args.Users)), } if err := api.check.ChangeAllowed(); err != nil { return result, errors.Trace(err) } if len(args.Users) == 0 { return result, nil } loggedInUser, err := api.getLoggedInUser() if err != nil { return result, errors.Wrap(err, common.ErrPerm) } // TODO(thumper): PERMISSIONS Change this permission check when we have // real permissions. For now, only the owner of the initial model is // able to add users. if err := api.permissionCheck(loggedInUser); err != nil { return result, errors.Trace(err) } for i, arg := range args.Users { var user *state.User if arg.Password != "" { user, err = api.state.AddUser(arg.Username, arg.DisplayName, arg.Password, loggedInUser.Id()) } else { user, err = api.state.AddUserWithSecretKey(arg.Username, arg.DisplayName, loggedInUser.Id()) } if err != nil { err = errors.Annotate(err, "failed to create user") result.Results[i].Error = common.ServerError(err) continue } else { result.Results[i] = params.AddUserResult{ Tag: user.Tag().String(), SecretKey: user.SecretKey(), } } if len(arg.SharedModelTags) > 0 { modelAccess, err := modelmanager.FromModelAccessParam(arg.ModelAccess) if err != nil { err = errors.Annotatef(err, "user %q created but models not shared", arg.Username) result.Results[i].Error = common.ServerError(err) continue } userTag := user.Tag().(names.UserTag) for _, modelTagStr := range arg.SharedModelTags { modelTag, err := names.ParseModelTag(modelTagStr) if err != nil { err = errors.Annotatef(err, "user %q created but model %q not shared", arg.Username, modelTagStr) result.Results[i].Error = common.ServerError(err) break } err = modelmanager.ChangeModelAccess(api.state, modelTag, loggedInUser, userTag, params.GrantModelAccess, modelAccess) if err != nil { err = errors.Annotatef(err, "user %q created but model %q not shared", arg.Username, modelTagStr) result.Results[i].Error = common.ServerError(err) break } } } } return result, nil }
// AddUser adds a user with a username, and either a password or // a randomly generated secret key which will be returned. func (api *UserManagerAPI) AddUser(args params.AddUsers) (params.AddUserResults, error) { result := params.AddUserResults{ Results: make([]params.AddUserResult, len(args.Users)), } if err := api.check.ChangeAllowed(); err != nil { return result, errors.Trace(err) } if len(args.Users) == 0 { return result, nil } if !api.isAdmin { return result, common.ErrPerm } for i, arg := range args.Users { var user *state.User var err error if arg.Password != "" { user, err = api.state.AddUser(arg.Username, arg.DisplayName, arg.Password, api.apiUser.Id()) } else { user, err = api.state.AddUserWithSecretKey(arg.Username, arg.DisplayName, api.apiUser.Id()) } if err != nil { err = errors.Annotate(err, "failed to create user") result.Results[i].Error = common.ServerError(err) continue } else { result.Results[i] = params.AddUserResult{ Tag: user.Tag().String(), SecretKey: user.SecretKey(), } } if len(arg.SharedModelTags) > 0 { modelAccess, err := modelmanager.FromModelAccessParam(arg.ModelAccess) if err != nil { err = errors.Annotatef(err, "user %q created but models not shared", arg.Username) result.Results[i].Error = common.ServerError(err) continue } userTag := user.Tag().(names.UserTag) for _, modelTagStr := range arg.SharedModelTags { modelTag, err := names.ParseModelTag(modelTagStr) if err != nil { err = errors.Annotatef(err, "user %q created but model %q not shared", arg.Username, modelTagStr) result.Results[i].Error = common.ServerError(err) break } err = modelmanager.ChangeModelAccess( modelmanager.NewStateBackend(api.state), modelTag, api.apiUser, userTag, params.GrantModelAccess, modelAccess, api.isAdmin) if err != nil { err = errors.Annotatef(err, "user %q created but model %q not shared", arg.Username, modelTagStr) result.Results[i].Error = common.ServerError(err) break } } } } return result, nil }