// AddUser adds a user with a username, and either a password or
// a randomly generated secret key which will be returned.
func (api *UserManagerAPI) AddUser(args params.AddUsers) (params.AddUserResults, error) {
result := params.AddUserResults{
Results: make([]params.AddUserResult, len(args.Users)),
}
if err := api.check.ChangeAllowed(); err != nil {
return result, errors.Trace(err)
}
if len(args.Users) == 0 {
return result, nil
}
loggedInUser, err := api.getLoggedInUser()
if err != nil {
return result, errors.Wrap(err, common.ErrPerm)
}
// TODO(thumper): PERMISSIONS Change this permission check when we have
// real permissions. For now, only the owner of the initial model is
// able to add users.
if err := api.permissionCheck(loggedInUser); err != nil {
return result, errors.Trace(err)
}
for i, arg := range args.Users {
var user *state.User
if arg.Password != "" {
user, err = api.state.AddUser(arg.Username, arg.DisplayName, arg.Password, loggedInUser.Id())
} else {
user, err = api.state.AddUserWithSecretKey(arg.Username, arg.DisplayName, loggedInUser.Id())
}
if err != nil {
err = errors.Annotate(err, "failed to create user")
result.Results[i].Error = common.ServerError(err)
continue
} else {
result.Results[i] = params.AddUserResult{
Tag: user.Tag().String(),
SecretKey: user.SecretKey(),
}
}
if len(arg.SharedModelTags) > 0 {
modelAccess, err := modelmanager.FromModelAccessParam(arg.ModelAccess)
if err != nil {
err = errors.Annotatef(err, "user %q created but models not shared", arg.Username)
result.Results[i].Error = common.ServerError(err)
continue
}
userTag := user.Tag().(names.UserTag)
for _, modelTagStr := range arg.SharedModelTags {
modelTag, err := names.ParseModelTag(modelTagStr)
if err != nil {
err = errors.Annotatef(err, "user %q created but model %q not shared", arg.Username, modelTagStr)
result.Results[i].Error = common.ServerError(err)
break
}
err = modelmanager.ChangeModelAccess(api.state, modelTag, loggedInUser, userTag, params.GrantModelAccess, modelAccess)
if err != nil {
err = errors.Annotatef(err, "user %q created but model %q not shared", arg.Username, modelTagStr)
result.Results[i].Error = common.ServerError(err)
break
}
}
}
}
return result, nil
}
// AddUser adds a user with a username, and either a password or
// a randomly generated secret key which will be returned.
func (api *UserManagerAPI) AddUser(args params.AddUsers) (params.AddUserResults, error) {
result := params.AddUserResults{
Results: make([]params.AddUserResult, len(args.Users)),
}
if err := api.check.ChangeAllowed(); err != nil {
return result, errors.Trace(err)
}
if len(args.Users) == 0 {
return result, nil
}
if !api.isAdmin {
return result, common.ErrPerm
}
for i, arg := range args.Users {
var user *state.User
var err error
if arg.Password != "" {
user, err = api.state.AddUser(arg.Username, arg.DisplayName, arg.Password, api.apiUser.Id())
} else {
user, err = api.state.AddUserWithSecretKey(arg.Username, arg.DisplayName, api.apiUser.Id())
}
if err != nil {
err = errors.Annotate(err, "failed to create user")
result.Results[i].Error = common.ServerError(err)
continue
} else {
result.Results[i] = params.AddUserResult{
Tag: user.Tag().String(),
SecretKey: user.SecretKey(),
}
}
if len(arg.SharedModelTags) > 0 {
modelAccess, err := modelmanager.FromModelAccessParam(arg.ModelAccess)
if err != nil {
err = errors.Annotatef(err, "user %q created but models not shared", arg.Username)
result.Results[i].Error = common.ServerError(err)
continue
}
userTag := user.Tag().(names.UserTag)
for _, modelTagStr := range arg.SharedModelTags {
modelTag, err := names.ParseModelTag(modelTagStr)
if err != nil {
err = errors.Annotatef(err, "user %q created but model %q not shared", arg.Username, modelTagStr)
result.Results[i].Error = common.ServerError(err)
break
}
err = modelmanager.ChangeModelAccess(
modelmanager.NewStateBackend(api.state), modelTag, api.apiUser,
userTag, params.GrantModelAccess, modelAccess, api.isAdmin)
if err != nil {
err = errors.Annotatef(err, "user %q created but model %q not shared", arg.Username, modelTagStr)
result.Results[i].Error = common.ServerError(err)
break
}
}
}
}
return result, nil
}