This commit is contained in:
37
README.md
37
README.md
@@ -107,20 +107,31 @@ This API call can only be made once after the service has started. Subsequent ca
|
||||
### User Operations
|
||||
|
||||
#### Register User
|
||||
POST `/api/admin/user/register`
|
||||
POST `/api/admin/user/add`
|
||||
|
||||
Data
|
||||
Create a new user record by specifying groupId
|
||||
Body
|
||||
```
|
||||
{
|
||||
"username": "",
|
||||
"password": "",
|
||||
"RoleId": 2
|
||||
"userName": "Test User",
|
||||
"password": "Example Password",
|
||||
"groupId": "1",
|
||||
}
|
||||
```
|
||||
|
||||
OLD: This operation can only be performed by a user with a role that is admin enabled. There are 3 built in roles, which can be viewed via the `/api/admin/roles` endpoint.
|
||||
Create a new user record by specifying groupName
|
||||
Body
|
||||
```
|
||||
{
|
||||
"userName": "Test User",
|
||||
"password": "Example Password",
|
||||
"groupName": "Users",
|
||||
}
|
||||
```
|
||||
|
||||
NEW: This operation can only be performed by a user that is a member of a group with the admin flag enabled.
|
||||
Registering a user requires specifying the group to which the user will belong. There are 2 built-in groups, with groupName of 'Administrators' or 'Users' and corresponding groupId of 1 and 2 respectively. Available groups can be retrieved via the `/api/admin/groups/list`
|
||||
|
||||
This operation can only be performed by a user that is a member of a group with the admin flag enabled, or a user who has the admin flag enabled individually on their database record.
|
||||
|
||||
#### Remove User
|
||||
POST `/api/admin/user/delete`
|
||||
@@ -134,13 +145,21 @@ Data
|
||||
|
||||
This operation can only be performed by a user with a role that is admin enabled. Removes user account corresponding to specified userName.
|
||||
|
||||
|
||||
#### List Users
|
||||
GET `/api/admin/users`
|
||||
|
||||
This operation can only be performed by a user with a role that is admin enabled. Lists currently defined users.
|
||||
|
||||
### Role Operations
|
||||
### Group Operations
|
||||
|
||||
#### List Groups
|
||||
GET `/api/admin/groups/list`
|
||||
|
||||
This operations has not yet been implemented.
|
||||
|
||||
This operation can only be performed by a user with a role that is admin enabled. Lists currently defined groups.
|
||||
|
||||
### Role Operations - Deprecated
|
||||
|
||||
#### List Roles
|
||||
GET `/api/admin/roles`
|
||||
|
||||
@@ -216,38 +216,24 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
func ListSecrets(c *gin.Context) {
|
||||
|
||||
var UserId int
|
||||
var output []ListSecret
|
||||
// TODO implement with new schema
|
||||
/*
|
||||
var results []models.Secret
|
||||
// Get the user and role id of the requestor
|
||||
u, err := models.UserGetRoleFromToken(c)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
// If user is admin then list everything, otherwise only list for current role
|
||||
results, err = models.GetSecrets(&models.Secret{RoleId: u.RoleId}, u.Admin)
|
||||
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
for _, v := range results {
|
||||
output = append(output, ListSecret(v))
|
||||
}
|
||||
*/
|
||||
|
||||
var results []models.Secret
|
||||
s := models.Secret{}
|
||||
user_id := c.GetInt("user-id")
|
||||
|
||||
// Get userId that we stored in the context earlier
|
||||
if val, ok := c.Get("user-id"); !ok {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
|
||||
return
|
||||
} else {
|
||||
UserId = val.(int)
|
||||
}
|
||||
|
||||
// Work out which safe to query for this user if the safe was not specified
|
||||
safeList, err := models.UserGetSafesAllowed(int(user_id))
|
||||
safeList, err := models.UserGetSafesAllowed(int(UserId))
|
||||
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
|
||||
|
||||
3
main.go
3
main.go
@@ -246,6 +246,7 @@ func main() {
|
||||
adminOnly.POST("/user/add", controllers.RegisterUser)
|
||||
// TODO
|
||||
//adminOnly.POST("/user/update", controllers.UpdateUser)
|
||||
//adminOnly.GET("/groups/list", controllers.ListGroups)
|
||||
adminOnly.GET("/users", controllers.GetUsers)
|
||||
adminOnly.POST("/unlock", controllers.Unlock)
|
||||
|
||||
@@ -258,7 +259,7 @@ func main() {
|
||||
protected.Use(middlewares.JwtAuthMiddleware())
|
||||
protected.POST("/retrieve", controllers.RetrieveSecret)
|
||||
protected.GET("/list", controllers.ListSecrets)
|
||||
protected.POST("/retrieveMultiple", controllers.RetrieveMultpleSecrets)
|
||||
protected.POST("/retrieveMultiple", controllers.RetrieveMultpleSecrets) // TODO is this still required?
|
||||
protected.POST("/store", controllers.StoreSecret)
|
||||
protected.POST("/update", controllers.UpdateSecret)
|
||||
// TODO
|
||||
|
||||
Reference in New Issue
Block a user