mirror of https://gitee.com/bigwinds/arangodb
477 lines
15 KiB
JavaScript
477 lines
15 KiB
JavaScript
/*jshint strict: false */
|
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
/// @brief user management
|
|
///
|
|
/// @file
|
|
///
|
|
/// DISCLAIMER
|
|
///
|
|
/// Copyright 2014 ArangoDB GmbH, Cologne, Germany
|
|
///
|
|
/// Licensed under the Apache License, Version 2.0 (the "License");
|
|
/// you may not use this file except in compliance with the License.
|
|
/// You may obtain a copy of the License at
|
|
///
|
|
/// http://www.apache.org/licenses/LICENSE-2.0
|
|
///
|
|
/// Unless required by applicable law or agreed to in writing, software
|
|
/// distributed under the License is distributed on an "AS IS" BASIS,
|
|
/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
/// See the License for the specific language governing permissions and
|
|
/// limitations under the License.
|
|
///
|
|
/// Copyright holder is ArangoDB GmbH, Cologne, Germany
|
|
///
|
|
/// @author Jan Steemann
|
|
/// @author Copyright 2014, ArangoDB GmbH, Cologne, Germany
|
|
/// @author Copyright 2012-2014, triAGENS GmbH, Cologne, Germany
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
var arangodb = require("org/arangodb");
|
|
var actions = require("org/arangodb/actions");
|
|
var users = require("org/arangodb/users");
|
|
|
|
// -----------------------------------------------------------------------------
|
|
// --SECTION-- private functions
|
|
// -----------------------------------------------------------------------------
|
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
/// @startDocuBlock JSF_api_user_fetch
|
|
/// @brief fetch the properties of a user.
|
|
///
|
|
/// @RESTHEADER{GET /_api/user/{user}, Fetch User}
|
|
///
|
|
/// @RESTURLPARAMETERS
|
|
///
|
|
/// @RESTURLPARAM{user,string,optional}
|
|
/// The name of the user
|
|
///
|
|
/// @RESTDESCRIPTION
|
|
///
|
|
/// Fetches data about the specified user.
|
|
///
|
|
/// The call will return a JSON object with at least the following attributes on success:
|
|
///
|
|
/// - *user*: The name of the user as a string.
|
|
/// - *active*: An optional flag that specifies whether the user is active.
|
|
/// - *extra*: An optional JSON object with arbitrary extra data about the user.
|
|
/// - *changePassword*: An optional flag that specifies whether the user must
|
|
/// change the password or not.
|
|
///
|
|
/// @RESTRETURNCODES
|
|
///
|
|
/// @RESTRETURNCODE{200}
|
|
/// The user was found
|
|
///
|
|
/// @RESTRETURNCODE{404}
|
|
/// The user with the specified name does not exist
|
|
///
|
|
/// @endDocuBlock
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
function get_api_user (req, res) {
|
|
if (req.suffix.length === 0) {
|
|
actions.resultOk(req, res, actions.HTTP_OK, { result: users.all() });
|
|
return;
|
|
}
|
|
|
|
if (req.suffix.length !== 1) {
|
|
actions.resultBad(req, res, arangodb.ERROR_HTTP_BAD_PARAMETER);
|
|
return;
|
|
}
|
|
|
|
var user = decodeURIComponent(req.suffix[0]);
|
|
|
|
try {
|
|
actions.resultOk(req, res, actions.HTTP_OK, users.document(user));
|
|
}
|
|
catch (err) {
|
|
if (err.errorNum === arangodb.errors.ERROR_USER_NOT_FOUND.code) {
|
|
actions.resultNotFound(req, res, arangodb.errors.ERROR_USER_NOT_FOUND.code);
|
|
}
|
|
else {
|
|
throw err;
|
|
}
|
|
}
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
/// @startDocuBlock JSF_api_user_create
|
|
/// @brief Create a new user.
|
|
///
|
|
/// @RESTHEADER{POST /_api/user, Create User}
|
|
///
|
|
/// @RESTDESCRIPTION
|
|
///
|
|
/// The following data need to be passed in a JSON representation in the body
|
|
/// of the POST request:
|
|
///
|
|
/// - *user*: The name of the user as a string. This is mandatory
|
|
/// - *passwd*: The user password as a string. If no password is specified,
|
|
/// the empty string will be used
|
|
/// - *active*: An optional flag that specifies whether the user is active.
|
|
/// If not specified, this will default to true
|
|
/// - *extra*: An optional JSON object with arbitrary extra data about the user
|
|
/// - *changePassword*: An optional flag that specifies whethers the user must
|
|
/// change the password or not. If not specified, this will default to false.
|
|
/// If set to true, the only operations allowed are PUT /_api/user or PATCH /_api/user.
|
|
/// All other operations executed by the user will result in an HTTP 403.
|
|
///
|
|
/// If the user can be added by the server, the server will respond with HTTP 201.
|
|
/// In case of success, the returned JSON object has the following properties:
|
|
///
|
|
/// - *error*: Boolean flag to indicate that an error occurred (false in this case)
|
|
/// - *code*: The HTTP status code
|
|
///
|
|
/// In case of error, the body of the response will contain a JSON object with additional error details.
|
|
/// The object has the following attributes:
|
|
///
|
|
/// - *error*: Boolean flag to indicate that an error occurred (true in this case)
|
|
/// - *code*: The HTTP status code
|
|
/// - *errorNum*: The server error number
|
|
/// - *errorMessage*: A descriptive error message
|
|
///
|
|
/// @RESTRETURNCODES
|
|
///
|
|
/// @RESTRETURNCODE{201}
|
|
/// Returned if the user can be added by the server
|
|
///
|
|
/// @RESTRETURNCODE{400}
|
|
/// If the JSON representation is malformed or mandatory data is missing from the request.
|
|
///
|
|
/// @endDocuBlock
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
function post_api_user (req, res) {
|
|
var json = actions.getJsonBody(req, res, actions.HTTP_BAD);
|
|
|
|
if (json === undefined) {
|
|
return;
|
|
}
|
|
|
|
var user;
|
|
|
|
if (req.suffix.length === 1) {
|
|
// validate if a combination or username / password is valid
|
|
user = decodeURIComponent(req.suffix[0]);
|
|
var result = users.isValid(user, json.passwd);
|
|
|
|
if (result) {
|
|
actions.resultOk(req, res, actions.HTTP_OK, { result: true });
|
|
}
|
|
else {
|
|
actions.resultNotFound(req, res, arangodb.errors.ERROR_USER_NOT_FOUND.code);
|
|
}
|
|
return;
|
|
}
|
|
|
|
if (req.suffix.length !== 0) {
|
|
// unexpected URL
|
|
actions.resultBad(req, res, arangodb.ERROR_HTTP_BAD_PARAMETER);
|
|
return;
|
|
}
|
|
|
|
user = json.user;
|
|
|
|
if (user === undefined && json.hasOwnProperty("username")) {
|
|
// deprecated usage
|
|
user = json.username;
|
|
}
|
|
|
|
var doc = users.save(user, json.passwd, json.active, json.extra, json.changePassword);
|
|
|
|
if (json.passwordToken) {
|
|
users.setPasswordToken(user, json.passwordToken);
|
|
}
|
|
users.reload();
|
|
|
|
actions.resultOk(req, res, actions.HTTP_CREATED, doc);
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
/// @startDocuBlock JSF_api_user_replace
|
|
/// @brief replace an existing user with a new one.
|
|
///
|
|
/// @RESTHEADER{PUT /_api/user/{user}, Replace User}
|
|
///
|
|
/// @RESTURLPARAMETERS
|
|
///
|
|
/// @RESTURLPARAM{user,string,optional}
|
|
/// The name of the user
|
|
///
|
|
/// @RESTDESCRIPTION
|
|
///
|
|
/// Replaces the data of an existing user. The name of an existing user must be specified in user.
|
|
///
|
|
/// The following data can to be passed in a JSON representation in the body of the POST request:
|
|
///
|
|
/// - *passwd*: The user password as a string. Specifying a password is mandatory,
|
|
/// but the empty string is allowed for passwords
|
|
/// - *active*: An optional flag that specifies whether the user is active.
|
|
/// If not specified, this will default to true
|
|
/// - *extra*: An optional JSON object with arbitrary extra data about the user
|
|
/// - *changePassword*: An optional flag that specifies whether the user must change
|
|
/// the password or not. If not specified, this will default to false
|
|
///
|
|
/// If the user can be replaced by the server, the server will respond with HTTP 200.
|
|
///
|
|
/// In case of success, the returned JSON object has the following properties:
|
|
///
|
|
/// - *error*: Boolean flag to indicate that an error occurred (false in this case)
|
|
/// - *code*: The HTTP status code
|
|
///
|
|
/// In case of error, the body of the response will contain a JSON object with additional
|
|
/// error details. The object has the following attributes:
|
|
///
|
|
/// - *error*: Boolean flag to indicate that an error occurred (true in this case)
|
|
/// - *code*: The HTTP status code
|
|
/// - *errorNum*: The server error number
|
|
/// - *errorMessage*: A descriptive error message
|
|
///
|
|
/// @RESTRETURNCODES
|
|
///
|
|
/// @RESTRETURNCODE{200}
|
|
/// Is returned if the user data can be replaced by the server
|
|
///
|
|
/// @RESTRETURNCODE{400}
|
|
/// The JSON representation is malformed or mandatory data is missing from the request
|
|
///
|
|
/// @RESTRETURNCODE{404}
|
|
/// The specified user does not exist
|
|
///
|
|
/// @endDocuBlock
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
function put_api_user (req, res) {
|
|
if (req.suffix.length !== 1) {
|
|
actions.resultBad(req, res, arangodb.ERROR_HTTP_BAD_PARAMETER);
|
|
return;
|
|
}
|
|
|
|
var user = decodeURIComponent(req.suffix[0]);
|
|
|
|
var json = actions.getJsonBody(req, res, actions.HTTP_BAD);
|
|
|
|
if (json === undefined) {
|
|
return;
|
|
}
|
|
|
|
try {
|
|
var doc = users.replace(user, json.passwd, json.active, json.extra, json.changePassword);
|
|
users.reload();
|
|
|
|
actions.resultOk(req, res, actions.HTTP_OK, doc);
|
|
}
|
|
catch (err) {
|
|
if (err.errorNum === arangodb.errors.ERROR_USER_NOT_FOUND.code) {
|
|
actions.resultNotFound(req, res, arangodb.errors.ERROR_USER_NOT_FOUND.code);
|
|
}
|
|
else {
|
|
throw err;
|
|
}
|
|
}
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
/// @startDocuBlock JSF_api_user_update
|
|
/// @brief modify attributes of an existing user
|
|
///
|
|
/// @RESTHEADER{PATCH /_api/user/{user}, Update User}
|
|
///
|
|
/// @RESTURLPARAMETERS
|
|
///
|
|
/// @RESTURLPARAM{user,string,optional}
|
|
/// The name of the user
|
|
///
|
|
/// @RESTDESCRIPTION
|
|
///
|
|
/// Partially updates the data of an existing user. The name of an existing
|
|
/// user must be specified in *user*.
|
|
///
|
|
/// The following data can be passed in a JSON representation in the body of the
|
|
/// POST request:
|
|
///
|
|
/// - *passwd*: The user password as a string. Specifying a password is optional.
|
|
/// If not specified, the previously existing value will not be modified.
|
|
/// - *active*: An optional flag that specifies whether the user is active.
|
|
/// If not specified, the previously existing value will not be modified.
|
|
/// - *extra*: An optional JSON object with arbitrary extra data about the user.
|
|
/// If not specified, the previously existing value will not be modified.
|
|
/// - *changePassword*: An optional flag that specifies whether the user must change
|
|
/// the password or not. If not specified, the previously existing value will not be modified.
|
|
///
|
|
/// If the user can be updated by the server, the server will respond with HTTP 200.
|
|
///
|
|
/// In case of success, the returned JSON object has the following properties:
|
|
///
|
|
/// - *error*: Boolean flag to indicate that an error occurred (false in this case)
|
|
/// - *code*: The HTTP status code
|
|
///
|
|
/// In case of error, the body of the response will contain a JSON object with additional error details.
|
|
/// The object has the following attributes:
|
|
///
|
|
/// - *error*: Boolean flag to indicate that an error occurred (true in this case)
|
|
/// - *code*: The HTTP status code
|
|
/// - *errorNum*: The server error number
|
|
/// - *errorMessage*: A descriptive error message
|
|
///
|
|
/// @RESTRETURNCODES
|
|
///
|
|
/// @RESTRETURNCODE{200}
|
|
/// Is returned if the user data can be replaced by the server
|
|
///
|
|
/// @RESTRETURNCODE{400}
|
|
/// The JSON representation is malformed or mandatory data is missing from the request
|
|
///
|
|
/// @RESTRETURNCODE{404}
|
|
/// The specified user does not exist
|
|
///
|
|
/// @endDocuBlock
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
function patch_api_user (req, res) {
|
|
if (req.suffix.length !== 1) {
|
|
actions.resultBad(req, res, arangodb.ERROR_HTTP_BAD_PARAMETER);
|
|
return;
|
|
}
|
|
|
|
var user = decodeURIComponent(req.suffix[0]);
|
|
var json = actions.getJsonBody(req, res, actions.HTTP_BAD);
|
|
|
|
if (json === undefined) {
|
|
return;
|
|
}
|
|
|
|
try {
|
|
var doc = users.update(user, json.passwd, json.active, json.extra, json.changePassword);
|
|
users.reload();
|
|
|
|
actions.resultOk(req, res, actions.HTTP_OK, doc);
|
|
}
|
|
catch (err) {
|
|
if (err.errorNum === arangodb.errors.ERROR_USER_NOT_FOUND.code) {
|
|
actions.resultNotFound(req, res, arangodb.errors.ERROR_USER_NOT_FOUND.code);
|
|
}
|
|
else {
|
|
throw err;
|
|
}
|
|
}
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
/// @startDocuBlock JSF_api_user_delete
|
|
/// @brief delete a user permanently.
|
|
///
|
|
/// @RESTHEADER{DELETE /_api/user/{user}, Remove User}
|
|
///
|
|
/// @RESTURLPARAMETERS
|
|
///
|
|
/// @RESTURLPARAM{user,string,optional}
|
|
/// The name of the user
|
|
///
|
|
/// @RESTDESCRIPTION
|
|
///
|
|
/// Removes an existing user, identified by *user*.
|
|
///
|
|
/// If the user can be removed, the server will respond with HTTP 202.
|
|
/// In case of success, the returned JSON object has the following properties:
|
|
///
|
|
/// - *error*: Boolean flag to indicate that an error occurred (false in this case)
|
|
/// - *code*: The HTTP status code
|
|
///
|
|
/// In case of error, the body of the response will contain a JSON object with additional error details.
|
|
/// The object has the following attributes:
|
|
///
|
|
/// - *error*: Boolean flag to indicate that an error occurred (true in this case)
|
|
/// - *code*: The HTTP status code
|
|
/// - *errorNum*: The server error number
|
|
/// - *errorMessage*: A descriptive error message
|
|
///
|
|
/// @RESTRETURNCODES
|
|
///
|
|
/// @RESTRETURNCODE{202}
|
|
/// Is returned if the user was removed by the server
|
|
///
|
|
/// @RESTRETURNCODE{404}
|
|
/// The specified user does not exist
|
|
///
|
|
/// @endDocuBlock
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
function delete_api_user (req, res) {
|
|
if (req.suffix.length !== 1) {
|
|
actions.resultBad(req, res, arangodb.ERROR_HTTP_BAD_PARAMETER);
|
|
return;
|
|
}
|
|
|
|
var user = decodeURIComponent(req.suffix[0]);
|
|
try {
|
|
users.remove(user);
|
|
users.reload();
|
|
|
|
actions.resultOk(req, res, actions.HTTP_ACCEPTED, {});
|
|
}
|
|
catch (err) {
|
|
if (err.errorNum === arangodb.errors.ERROR_USER_NOT_FOUND.code) {
|
|
actions.resultNotFound(req, res, arangodb.errors.ERROR_USER_NOT_FOUND.code);
|
|
}
|
|
else {
|
|
throw err;
|
|
}
|
|
}
|
|
}
|
|
|
|
// -----------------------------------------------------------------------------
|
|
// --SECTION-- public functions
|
|
// -----------------------------------------------------------------------------
|
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
/// @brief user actions gateway
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
actions.defineHttp({
|
|
url : "_api/user",
|
|
|
|
callback : function (req, res) {
|
|
try {
|
|
switch (req.requestType) {
|
|
case actions.GET:
|
|
get_api_user(req, res);
|
|
break;
|
|
|
|
case actions.POST:
|
|
post_api_user(req, res);
|
|
break;
|
|
|
|
case actions.PUT:
|
|
put_api_user(req, res);
|
|
break;
|
|
|
|
case actions.PATCH:
|
|
patch_api_user(req, res);
|
|
break;
|
|
|
|
case actions.DELETE:
|
|
delete_api_user(req, res);
|
|
break;
|
|
|
|
default:
|
|
actions.resultUnsupported(req, res);
|
|
}
|
|
}
|
|
catch (err) {
|
|
actions.resultException(req, res, err, undefined, false);
|
|
}
|
|
}
|
|
});
|
|
|
|
// -----------------------------------------------------------------------------
|
|
// --SECTION-- END-OF-FILE
|
|
// -----------------------------------------------------------------------------
|
|
|
|
// Local Variables:
|
|
// mode: outline-minor
|
|
// outline-regexp: "/// @brief\\|/// {@inheritDoc}\\|/// @page\\|/// @startDocuBlock\\|// --SECTION--\\|/// @\\}"
|
|
// End:
|