Пример #1
0
func (r *restServerAPI) CreateUser(w grest.ResponseWriter, req *grest.Request) {
	currentUser := req.Env["REMOTE_USER_OBJECT"].(*datasource.User)
	if !currentUser.Admin {
		grest.Error(w, "Access denied", http.StatusForbidden)
		return
	}

	var u datasource.User
	err := req.DecodeJsonPayload(&u)
	if err != nil {
		grest.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	// TODO More Validation
	_, err = r.ds.UserByEmail(u.Email)
	if err == nil {
		grest.Error(w, "A user with this email already exists", http.StatusBadRequest)
		return
	}

	_, err = r.ds.GroupByEmail(u.Email)
	if err == nil {
		grest.Error(w, "A group with this email already exists", http.StatusBadRequest)
		return
	}

	u.SetPassword(u.Password, r.ds.ConfigByteArray("PASSWORD_SALT"))

	r.ds.StoreUser(&u)
	w.WriteJson(u)
}
Пример #2
0
func (r *restServerAPI) UpdateUser(w grest.ResponseWriter, req *grest.Request) {
	currentUser := req.Env["REMOTE_USER_OBJECT"].(*datasource.User)

	email := req.PathParam("email")
	var user *datasource.User
	var err error
	if email == currentUser.Email {
		user = currentUser
	} else {
		if !currentUser.Admin {
			grest.Error(w, "Access denied", http.StatusForbidden)
			return
		}
		user, err = r.ds.UserByEmail(email)
		if err != nil {
			grest.Error(w, err.Error(), http.StatusNotFound)
			return
		}
	}

	action := req.FormValue("action")

	switch action {
	case "changePassword":
		salt := r.ds.ConfigByteArray("PASSWORD_SALT")
		var cp ChangePassword
		err = req.DecodeJsonPayload(&cp)
		if err != nil {
			grest.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
		if user.HasPassword() && !user.AcceptsPassword(cp.OldPassword, salt) {
			grest.Error(w, "Old password is incorrect", http.StatusForbidden)
			return
		}
		user.SetPassword(cp.NewPassword, salt)
		// TODO notify

	case "update":
		var uTemp datasource.User
		err = req.DecodeJsonPayload(&uTemp)
		if err != nil {
			grest.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
		user.UIDStr = uTemp.UIDStr
		user.InboxAddr = uTemp.InboxAddr // TODO notify the previous InboxAddr
		user.Active = uTemp.Active
		user.Admin = uTemp.Admin
		user.EnFirstName = uTemp.EnFirstName
		user.EnLastName = uTemp.EnLastName
		user.FaFirstName = uTemp.FaFirstName
		user.FaLastName = uTemp.FaLastName
		user.MobileNum = uTemp.MobileNum
		user.EmergencyNum = uTemp.EmergencyNum
		user.BirthDate = uTemp.BirthDate
		user.EnrolmentDate = uTemp.EnrolmentDate
		user.LeavingDate = uTemp.LeavingDate
	default:
		grest.Error(w, fmt.Sprintf("Unknown action: %s", action), http.StatusNotAcceptable)
		return
	}

	e := r.ds.StoreUser(user)
	if e != nil {
		grest.Error(w, err.Error(), http.StatusInternalServerError)
		return
	} else {
		w.WriteJson(user)
	}
}