Mercurial > kallithea

changeset 3162:a0a8f38e8fb8 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
API method get_user can be executed by non-admin users ref #539
author Marcin Kuzminski <marcin@python-works.com>
date Sun, 13 Jan 2013 23:11:55 +0100
parents 3563c47e52fd
children 28571535dd61
files docs/api/api.rst rhodecode/controllers/api/api.py
diffstat 2 files changed, 22 insertions(+), 14 deletions(-) [+]
line wrap: on
line diff
--- a/docs/api/api.rst	Sun Jan 13 22:55:56 2013 +0100
+++ b/docs/api/api.rst	Sun Jan 13 23:11:55 2013 +0100
@@ -216,8 +216,9 @@
 --------
 
 Get's an user by username or user_id, Returns empty result if user is not found.
+If userid param is skipped it is set to id of user who is calling this method.
 This command can be executed only using api_key belonging to user with admin 
-rights.
+rights, or regular users which cannot specify userid parameter.
 
 
 INPUT::
@@ -226,7 +227,7 @@
     api_key : "<api_key>"
     method :  "get_user"
     args :    { 
-                "userid" : "<username or user_id>"
+                "userid" : "<username or user_id Optional(=apiuser)>"
               }
 
 OUTPUT::
@@ -351,14 +352,14 @@
     method :  "update_user"
     args :    {
                 "userid" : "<user_id or username>",
-                "username" :  "<username> = Optional",
-                "email" :     "<useremail> = Optional",
-                "password" :  "<password> = Optional",
-                "firstname" : "<firstname> = Optional",
-                "lastname" :  "<lastname> = Optional",
-                "active" :    "<bool> = Optional",
-                "admin" :     "<bool> = Optional",
-                "ldap_dn" :   "<ldap_dn> = Optional"
+                "username" :  "<username> = Optional(None)",
+                "email" :     "<useremail> = Optional(None)",
+                "password" :  "<password> = Optional(None)",
+                "firstname" : "<firstname> = Optional(None)",
+                "lastname" :  "<lastname> = Optional(None)",
+                "active" :    "<bool> = Optional(None)",
+                "admin" :     "<bool> = Optional(None)",
+                "ldap_dn" :   "<ldap_dn> = Optional(None)"
               }
 
 OUTPUT::
--- a/rhodecode/controllers/api/api.py	Sun Jan 13 22:55:56 2013 +0100
+++ b/rhodecode/controllers/api/api.py	Sun Jan 13 23:11:55 2013 +0100
@@ -222,7 +222,7 @@
             #make sure normal user does not pass userid, he is not allowed to do that
             if not isinstance(userid, Optional):
                 raise JSONRPCError(
-                    'Only RhodeCode admin can specify `userid` params'
+                    'Only RhodeCode admin can specify `userid` param'
                 )
         else:
             return abort(403)
@@ -260,14 +260,21 @@
             user_ips=ips
         )
 
-    @HasPermissionAllDecorator('hg.admin')
-    def get_user(self, apiuser, userid):
+    def get_user(self, apiuser, userid=Optional(OAttr('apiuser'))):
         """"
-        Get a user by username
+        Get a user by username, or userid, if userid is given
 
         :param apiuser:
         :param userid:
         """
+        if HasPermissionAnyApi('hg.admin')(user=apiuser):
+            pass
+        else:
+            if not isinstance(userid, Optional):
+                raise JSONRPCError(
+                    'Only RhodeCode admin can specify `userid` params'
+                )
+            userid = apiuser.user_id
 
         user = get_user_or_error(userid)
         data = user.get_api_data()