trabajo-afectivo/app/controllers/users_controller.rb

1130 lines
30 KiB
Ruby
Raw Normal View History

2016-10-19 03:11:36 +00:00
# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
2012-04-10 14:06:46 +00:00
class UsersController < ApplicationController
include ChecksUserAttributesByCurrentUserPermission
2017-11-23 08:09:44 +00:00
prepend_before_action :authentication_check, except: %i[create password_reset_send password_reset_verify image]
prepend_before_action :authentication_check_only, only: [:create]
2012-04-10 14:06:46 +00:00
# @path [GET] /users
#
2014-12-18 15:24:09 +00:00
# @summary Returns a list of User records.
# @notes The requester has to be in the role 'Admin' or 'Agent' to
# get a list of all Users. If the requester is in the
# role 'Customer' only just the own User record will be returned.
#
# @response_message 200 [Array<User>] List of matching User records.
# @response_message 401 Invalid session.
2012-04-10 14:06:46 +00:00
def index
offset = 0
per_page = 500
if params[:page] && params[:per_page]
offset = (params[:page].to_i - 1) * params[:per_page].to_i
per_page = params[:per_page].to_i
end
2013-07-19 14:21:44 +00:00
if per_page > 500
per_page = 500
end
2013-07-19 14:21:44 +00:00
# only allow customer to fetch him self
users = if !current_user.permissions?(['admin.user', 'ticket.agent'])
User.where(id: current_user.id).order(id: 'ASC').offset(offset).limit(per_page)
else
User.all.order(id: 'ASC').offset(offset).limit(per_page)
end
if response_expand?
list = []
users.each do |user|
list.push user.attributes_with_association_names
end
render json: list, status: :ok
return
end
if response_full?
assets = {}
item_ids = []
users.each do |item|
item_ids.push item.id
assets = item.assets(assets)
end
render json: {
record_ids: item_ids,
assets: assets,
}, status: :ok
return
end
users_all = []
users.each do |user|
users_all.push User.lookup(id: user.id).attributes_with_association_ids
end
render json: users_all, status: :ok
2012-04-10 14:06:46 +00:00
end
# @path [GET] /users/{id}
#
2014-12-18 15:24:09 +00:00
# @summary Returns the User record with the requested identifier.
# @notes The requester has to be in the role 'Admin' or 'Agent' to
# access all User records. If the requester is in the
# role 'Customer' just the own User record is accessable.
#
# @parameter id(required) [Integer] The identifier matching the requested User.
# @parameter full [Bool] If set a Asset structure with all connected Assets gets returned.
#
# @response_message 200 [User] User record matching the requested identifier.
# @response_message 401 Invalid session.
2012-04-10 14:06:46 +00:00
def show
user = User.find(params[:id])
access!(user, 'read')
if response_expand?
result = user.attributes_with_association_names
result.delete('password')
render json: result
return
end
if response_full?
result = {
id: user.id,
assets: user.assets({}),
}
render json: result
return
end
result = user.attributes_with_association_ids
result.delete('password')
render json: result
2012-04-10 14:06:46 +00:00
end
# @path [POST] /users
#
2014-12-18 15:24:09 +00:00
# @summary Creates a User record with the provided attribute values.
# @notes TODO.
#
2014-12-18 15:24:09 +00:00
# @parameter User(required,body) [User] The attribute value structure needed to create a User record.
#
# @response_message 200 [User] Created User record.
# @response_message 401 Invalid session.
2012-04-10 14:06:46 +00:00
def create
clean_params = User.association_name_to_id_convert(params)
clean_params = User.param_cleanup(clean_params, true)
# check if it's first user, the admin user
# inital admin account
count = User.all.count
admin_account_exists = true
if count <= 2
admin_account_exists = false
end
2012-04-10 14:06:46 +00:00
# if it's a signup, add user to customer role
if !current_user
2012-08-10 07:43:36 +00:00
# check if feature is enabled
if admin_account_exists && !Setting.get('user_create_account')
raise Exceptions::UnprocessableEntity, 'Feature not enabled!'
end
# check signup option only after admin account is created
if admin_account_exists && !params[:signup]
raise Exceptions::UnprocessableEntity, 'Only signup with not authenticate user possible!'
end
# check if user already exists
if clean_params[:email].blank?
raise Exceptions::UnprocessableEntity, 'Attribute \'email\' required!'
end
# check if user already exists
exists = User.find_by(email: clean_params[:email].downcase.strip)
raise Exceptions::UnprocessableEntity, 'Email address is already used for other user.' if exists
user = User.new(clean_params)
user.associations_from_param(params)
user.updated_by_id = 1
user.created_by_id = 1
2012-08-10 07:43:36 +00:00
# add first user as admin/agent and to all groups
group_ids = []
role_ids = []
if count <= 2
2017-11-23 08:09:44 +00:00
Role.where(name: %w[Admin Agent]).each do |role|
role_ids.push role.id
end
Group.all.each do |group|
group_ids.push group.id
end
# everybody else will go as customer per default
else
2016-08-12 17:58:02 +00:00
role_ids = Role.signup_role_ids
end
user.role_ids = role_ids
user.group_ids = group_ids
# remember source (in case show email verify banner)
# if not inital user creation
if admin_account_exists
user.source = 'signup'
end
# else do assignment as defined
else
2014-12-01 07:32:35 +00:00
# permission check
check_attributes_by_current_user_permission(params)
2014-12-01 07:32:35 +00:00
user = User.new(clean_params)
user.associations_from_param(params)
end
2012-11-06 21:43:13 +00:00
user.save!
# if first user was added, set system init done
if !admin_account_exists
Setting.set('system_init_done', true)
# fetch org logo
if user.email.present?
Service::Image.organization_suggest(user.email)
end
2016-07-25 20:13:38 +00:00
# load calendar
Calendar.init_setup(request.remote_ip)
# load text modules
begin
TextModule.load(request.env['HTTP_ACCEPT_LANGUAGE'] || 'en-us')
rescue => e
logger.error "Unable to load text modules #{request.env['HTTP_ACCEPT_LANGUAGE'] || 'en-us'}: #{e.message}"
end
end
2013-01-03 09:39:33 +00:00
# send inviteation if needed / only if session exists
if params[:invite].present? && current_user
sleep 5 if ENV['REMOTE_URL'].present?
token = Token.create(action: 'PasswordReset', user_id: user.id)
NotificationFactory::Mailer.notification(
template: 'user_invite',
user: user,
objects: {
token: token,
user: user,
current_user: current_user,
}
)
end
# send email verify
if params[:signup].present? && !current_user
result = User.signup_new_token(user)
NotificationFactory::Mailer.notification(
template: 'signup',
user: user,
objects: result,
)
end
if response_expand?
user = user.reload.attributes_with_association_names
user.delete('password')
render json: user, status: :created
return
2012-04-10 14:06:46 +00:00
end
if response_full?
result = {
id: user.id,
assets: user.assets({}),
}
render json: result, status: :created
return
end
user = user.reload.attributes_with_association_ids
user.delete('password')
render json: user, status: :created
2012-04-10 14:06:46 +00:00
end
# @path [PUT] /users/{id}
#
2014-12-18 15:24:09 +00:00
# @summary Updates the User record matching the identifier with the provided attribute values.
# @notes TODO.
#
2014-12-18 15:24:09 +00:00
# @parameter id(required) [Integer] The identifier matching the requested User record.
# @parameter User(required,body) [User] The attribute value structure needed to update a User record.
#
# @response_message 200 [User] Updated User record.
# @response_message 401 Invalid session.
2012-04-10 14:06:46 +00:00
def update
2016-01-20 01:48:54 +00:00
user = User.find(params[:id])
access!(user, 'change')
2012-04-10 14:06:46 +00:00
# permission check
check_attributes_by_current_user_permission(params)
user.with_lock do
clean_params = User.association_name_to_id_convert(params)
clean_params = User.param_cleanup(clean_params, true)
user.update!(clean_params)
2013-04-21 23:03:19 +00:00
# presence and permissions were checked via `check_attributes_by_current_user_permission`
privileged_attributes = params.slice(:role_ids, :roles, :group_ids, :groups, :organization_ids, :organizations)
2013-04-21 23:03:19 +00:00
if privileged_attributes.present?
user.associations_from_param(privileged_attributes)
end
end
if response_expand?
user = user.reload.attributes_with_association_names
user.delete('password')
render json: user, status: :ok
return
end
if response_full?
result = {
id: user.id,
assets: user.assets({}),
}
render json: result, status: :ok
return
2012-04-10 14:06:46 +00:00
end
user = user.reload.attributes_with_association_ids
user.delete('password')
render json: user, status: :ok
2012-04-10 14:06:46 +00:00
end
# @path [DELETE] /users/{id}
#
2014-12-18 15:24:09 +00:00
# @summary Deletes the User record matching the given identifier.
# @notes The requester has to be in the role 'Admin' to be able to delete a User record.
#
2014-12-18 15:24:09 +00:00
# @parameter id(required) [User] The identifier matching the requested User record.
#
# @response_message 200 User successfully deleted.
# @response_message 401 Invalid session.
2012-04-10 14:06:46 +00:00
def destroy
user = User.find(params[:id])
access!(user, 'delete')
model_references_check(User, params)
model_destroy_render(User, params)
end
2012-04-10 14:06:46 +00:00
# @path [GET] /users/me
#
# @summary Returns the User record of current user.
# @notes The requestor need to have a valid authentication.
#
# @parameter full [Bool] If set a Asset structure with all connected Assets gets returned.
#
# @response_message 200 [User] User record matching the requested identifier.
# @response_message 401 Invalid session.
def me
if response_expand?
user = current_user.attributes_with_association_names
user.delete('password')
render json: user, status: :ok
return
end
if response_full?
full = User.full(current_user.id)
render json: full
return
end
user = current_user.attributes_with_association_ids
user.delete('password')
render json: user
end
# @path [GET] /users/search
#
# @tag Search
# @tag User
#
# @summary Searches the User matching the given expression(s).
# @notes TODO: It's possible to use the SOLR search syntax.
2014-12-18 15:24:09 +00:00
# The requester has to be in the role 'Admin' or 'Agent' to
# be able to search for User records.
#
2016-09-07 08:39:06 +00:00
# @parameter query [String] The search query.
2014-12-18 15:03:19 +00:00
# @parameter limit [Integer] The limit of search results.
# @parameter role_ids(multi) [Array<String>] A list of Role identifiers to which the Users have to be allocated to.
2014-12-18 15:03:19 +00:00
# @parameter full [Boolean] Defines if the result should be
# true: { user_ids => [1,2,...], assets => {...} }
# or false: [{:id => user.id, :label => "firstname lastname <email>", :value => "firstname lastname <email>"},...].
#
2014-12-18 15:24:09 +00:00
# @response_message 200 [Array<User>] A list of User records matching the search term.
# @response_message 401 Invalid session.
def search
2012-11-14 01:05:53 +00:00
if !current_user.permissions?(['ticket.agent', 'admin.user'])
2013-07-19 14:21:44 +00:00
response_access_deny
return
end
per_page = params[:per_page] || params[:limit] || 100
per_page = per_page.to_i
if per_page > 500
per_page = 500
end
page = params[:page] || 1
page = page.to_i
offset = (page - 1) * per_page
query = params[:query]
if query.respond_to?(:permit!)
query = query.permit!.to_h
end
# build result list
tickets = Ticket.search(
query: query,
condition: params[:condition].to_h,
limit: per_page,
offset: offset,
current_user: current_user,
)
query = params[:query] || params[:term]
2017-11-23 08:09:44 +00:00
if query.respond_to?(:permit!)
query = query.permit!.to_h
end
2014-09-24 23:12:23 +00:00
query_params = {
2017-11-23 08:09:44 +00:00
query: query,
limit: per_page,
offset: offset,
current_user: current_user,
2014-09-24 23:12:23 +00:00
}
2017-11-23 08:09:44 +00:00
%i[role_ids permissions].each do |key|
next if params[key].blank?
query_params[key] = params[key]
2014-09-24 23:12:23 +00:00
end
# do query
user_all = User.search(query_params)
2012-11-14 01:05:53 +00:00
# do pagination if needed
if params[:page] && params[:per_page]
offset = (params[:page].to_i - 1) * params[:per_page].to_i
2017-09-08 08:28:34 +00:00
user_all = user_all[offset, params[:per_page].to_i] || []
end
if response_expand?
list = []
user_all.each do |user|
list.push user.attributes_with_association_names
end
render json: list, status: :ok
return
end
# build result list
if params[:label] || params[:term]
2014-09-24 23:12:23 +00:00
users = []
user_all.each do |user|
realname = user.fullname
if user.email.present? && realname != user.email
realname = "#{realname} <#{user.email}>"
2014-09-24 23:12:23 +00:00
end
a = if params[:term]
{ id: user.id, label: realname, value: user.email }
else
{ id: user.id, label: realname, value: realname }
end
2014-09-24 23:12:23 +00:00
users.push a
end
2014-09-24 23:12:23 +00:00
# return result
render json: users
2014-09-24 23:12:23 +00:00
return
end
if response_full?
2016-09-11 13:24:10 +00:00
user_ids = []
assets = {}
user_all.each do |user|
2016-09-11 13:24:10 +00:00
assets = user.assets(assets)
user_ids.push user.id
end
2016-09-11 13:24:10 +00:00
# return result
render json: {
assets: assets,
user_ids: user_ids.uniq,
}
2016-09-11 14:02:15 +00:00
return
2016-09-11 13:24:10 +00:00
end
2014-09-24 23:12:23 +00:00
2016-09-11 13:24:10 +00:00
list = []
user_all.each do |user|
list.push user.attributes_with_association_ids
end
2016-09-11 13:24:10 +00:00
render json: list, status: :ok
2012-04-10 14:06:46 +00:00
end
2012-04-23 06:55:16 +00:00
# @path [GET] /users/recent
#
# @tag Search
# @tag User
#
# @summary Recent creates Users.
# @notes Recent creates Users.
#
# @parameter limit [Integer] The limit of search results.
# @parameter role_ids(multi) [Array<String>] A list of Role identifiers to which the Users have to be allocated to.
# @parameter full [Boolean] Defines if the result should be
# true: { user_ids => [1,2,...], assets => {...} }
# or false: [{:id => user.id, :label => "firstname lastname <email>", :value => "firstname lastname <email>"},...].
#
# @response_message 200 [Array<User>] A list of User records matching the search term.
# @response_message 401 Invalid session.
def recent
if !current_user.permissions?('admin.user')
response_access_deny
return
end
# do query
user_all = if params[:role_ids].present?
User.joins(:roles).where('roles.id' => params[:role_ids]).where('users.id != 1').order('users.created_at DESC').limit(params[:limit] || 20)
else
User.where('id != 1').order('created_at DESC').limit(params[:limit] || 20)
end
# build result list
if !response_full?
users = []
user_all.each do |user|
realname = user.firstname.to_s + ' ' + user.lastname.to_s
if user.email && user.email.to_s != ''
realname = realname + ' <' + user.email.to_s + '>'
end
a = { id: user.id, label: realname, value: realname }
users.push a
end
# return result
render json: users
return
end
user_ids = []
assets = {}
user_all.each do |user|
assets = user.assets(assets)
user_ids.push user.id
end
# return result
render json: {
assets: assets,
user_ids: user_ids.uniq,
}
end
# @path [GET] /users/history/{id}
#
# @tag History
# @tag User
#
2014-12-18 15:24:09 +00:00
# @summary Returns the History records of a User record matching the given identifier.
# @notes The requester has to be in the role 'Admin' or 'Agent' to
# get the History records of a User record.
#
2014-12-18 15:24:09 +00:00
# @parameter id(required) [Integer] The identifier matching the requested User record.
#
2014-12-18 15:24:09 +00:00
# @response_message 200 [History] The History records of the requested User record.
# @response_message 401 Invalid session.
2013-10-21 19:00:58 +00:00
def history
2016-01-27 18:26:10 +00:00
# permission check
if !current_user.permissions?(['admin.user', 'ticket.agent'])
2013-10-21 19:00:58 +00:00
response_access_deny
return
end
# get user data
2016-01-20 01:48:54 +00:00
user = User.find(params[:id])
2013-10-21 19:00:58 +00:00
# get history of user
history = user.history_get(true)
# return result
render json: history
2013-10-21 19:00:58 +00:00
end
=begin
Resource:
POST /api/v1/users/email_verify
Payload:
{
"token": "SoMeToKeN",
}
Response:
{
:message => 'ok'
}
Test:
curl http://localhost/api/v1/users/email_verify -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"token": "SoMeToKeN"}'
=end
def email_verify
raise Exceptions::UnprocessableEntity, 'No token!' if !params[:token]
user = User.signup_verify_via_token(params[:token], current_user)
raise Exceptions::UnprocessableEntity, 'Invalid token!' if !user
render json: { message: 'ok', user_email: user.email }, status: :ok
end
=begin
Resource:
POST /api/v1/users/email_verify_send
Payload:
{
"email": "some_email@example.com"
}
Response:
{
:message => 'ok'
}
Test:
curl http://localhost/api/v1/users/email_verify_send -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"email": "some_email@example.com"}'
=end
def email_verify_send
raise Exceptions::UnprocessableEntity, 'No email!' if !params[:email]
# check is verify is possible to send
user = User.find_by(email: params[:email].downcase)
raise Exceptions::UnprocessableEntity, 'No such user!' if !user
#if user.verified == true
# render json: { error: 'Already verified!' }, status: :unprocessable_entity
# return
#end
token = Token.create(action: 'Signup', user_id: user.id)
result = User.signup_new_token(user)
if result && result[:token]
user = result[:user]
NotificationFactory::Mailer.notification(
template: 'signup',
user: user,
objects: result
)
# only if system is in develop mode, send token back to browser for browser tests
if Setting.get('developer_mode') == true
render json: { message: 'ok', token: result[:token].name }, status: :ok
return
end
# token sent to user, send ok to browser
render json: { message: 'ok' }, status: :ok
return
end
# unable to generate token
render json: { message: 'failed' }, status: :ok
end
=begin
Resource:
POST /api/v1/users/password_reset
Payload:
{
"username": "some user name"
}
Response:
{
:message => 'ok'
}
Test:
curl http://localhost/api/v1/users/password_reset -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"username": "some_username"}'
=end
2012-04-23 06:55:16 +00:00
def password_reset_send
# check if feature is enabled
raise Exceptions::UnprocessableEntity, 'Feature not enabled!' if !Setting.get('user_lost_password')
result = User.password_reset_new_token(params[:username])
if result && result[:token]
# send mail
user = result[:user]
2016-04-13 23:40:37 +00:00
NotificationFactory::Mailer.notification(
template: 'password_reset',
user: user,
objects: result
)
# only if system is in develop mode, send token back to browser for browser tests
if Setting.get('developer_mode') == true
render json: { message: 'ok', token: result[:token].name }, status: :ok
return
end
# token sent to user, send ok to browser
render json: { message: 'ok' }, status: :ok
return
2012-04-23 06:55:16 +00:00
end
# unable to generate token
render json: { message: 'failed' }, status: :ok
2012-04-23 06:55:16 +00:00
end
=begin
Resource:
POST /api/v1/users/password_reset_verify
Payload:
{
"token": "SoMeToKeN",
"password": "new_password"
}
Response:
{
:message => 'ok'
}
Test:
curl http://localhost/api/v1/users/password_reset_verify -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"token": "SoMeToKeN", "password" "new_password"}'
=end
2012-04-23 06:55:16 +00:00
def password_reset_verify
2012-04-23 16:59:35 +00:00
if params[:password]
# check password policy
result = password_policy(params[:password])
if result != true
render json: { message: 'failed', notice: result }, status: :ok
return
end
# set new password with token
2016-01-20 01:48:54 +00:00
user = User.password_reset_via_token(params[:token], params[:password])
# send mail
if user
2016-04-13 23:40:37 +00:00
NotificationFactory::Mailer.notification(
template: 'password_change',
user: user,
objects: {
user: user,
current_user: current_user,
}
)
end
2012-04-23 16:59:35 +00:00
else
user = User.by_reset_token(params[:token])
2012-04-23 16:59:35 +00:00
end
2013-01-03 12:00:55 +00:00
if user
render json: { message: 'ok', user_login: user.login }, status: :ok
2012-04-23 06:55:16 +00:00
else
render json: { message: 'failed' }, status: :ok
2012-04-23 06:55:16 +00:00
end
end
2013-02-10 21:38:35 +00:00
=begin
Resource:
POST /api/v1/users/password_change
2013-02-10 21:38:35 +00:00
Payload:
{
"password_old": "some_password_old",
2013-02-12 00:56:23 +00:00
"password_new": "some_password_new"
2013-02-10 21:38:35 +00:00
}
Response:
{
:message => 'ok'
}
Test:
curl http://localhost/api/v1/users/password_change -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"password_old": "password_old", "password_new": "password_new"}'
2013-02-10 21:38:35 +00:00
=end
def password_change
# check old password
if !params[:password_old]
render json: { message: 'failed', notice: ['Current password needed!'] }, status: :ok
return
2013-02-10 21:38:35 +00:00
end
user = User.authenticate(current_user.login, params[:password_old])
2013-02-10 21:38:35 +00:00
if !user
render json: { message: 'failed', notice: ['Current password is wrong!'] }, status: :ok
return
2013-02-10 21:38:35 +00:00
end
# set new password
if !params[:password_new]
render json: { message: 'failed', notice: ['Please supply your new password!'] }, status: :ok
return
end
# check password policy
result = password_policy(params[:password_new])
if result != true
render json: { message: 'failed', notice: result }, status: :ok
return
2013-02-10 21:38:35 +00:00
end
user.update!(password: params[:password_new])
2016-04-13 23:40:37 +00:00
NotificationFactory::Mailer.notification(
template: 'password_change',
user: user,
objects: {
user: user,
current_user: current_user,
}
)
render json: { message: 'ok', user_login: user.login }, status: :ok
2013-02-10 21:38:35 +00:00
end
2013-02-12 00:56:23 +00:00
=begin
Resource:
PUT /api/v1/users/preferences
2013-02-12 00:56:23 +00:00
Payload:
{
"language": "de",
"notification": true
}
Response:
{
:message => 'ok'
}
Test:
curl http://localhost/api/v1/users/preferences -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"language": "de", "notifications": true}'
2013-02-12 00:56:23 +00:00
=end
def preferences
raise Exceptions::UnprocessableEntity, 'No current user!' if !current_user
2017-10-24 13:49:02 +00:00
preferences_params = params.except(:controller, :action)
if preferences_params.present?
user = User.find(current_user.id)
user.with_lock do
2017-10-24 13:49:02 +00:00
preferences_params.permit!.to_h.each do |key, value|
user.preferences[key.to_sym] = value
end
user.save!
end
2013-02-12 00:56:23 +00:00
end
render json: { message: 'ok' }, status: :ok
2013-02-12 00:56:23 +00:00
end
=begin
Resource:
PUT /api/v1/users/out_of_office
Payload:
{
"out_of_office": true,
"out_of_office_start_at": true,
"out_of_office_end_at": true,
"out_of_office_replacement_id": 123,
"out_of_office_text": 'honeymoon'
}
Response:
{
:message => 'ok'
}
Test:
curl http://localhost/api/v1/users/out_of_office -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"out_of_office": true, "out_of_office_replacement_id": 123}'
=end
def out_of_office
raise Exceptions::UnprocessableEntity, 'No current user!' if !current_user
user = User.find(current_user.id)
user.with_lock do
user.assign_attributes(
out_of_office: params[:out_of_office],
out_of_office_start_at: params[:out_of_office_start_at],
out_of_office_end_at: params[:out_of_office_end_at],
out_of_office_replacement_id: params[:out_of_office_replacement_id],
)
user.preferences[:out_of_office_text] = params[:out_of_office_text]
user.save!
end
render json: { message: 'ok' }, status: :ok
end
=begin
Resource:
DELETE /api/v1/users/account
Payload:
{
"provider": "twitter",
"uid": 581482342942
}
Response:
{
:message => 'ok'
}
Test:
curl http://localhost/api/v1/users/account -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"provider": "twitter", "uid": 581482342942}'
=end
def account_remove
raise Exceptions::UnprocessableEntity, 'No current user!' if !current_user
# provider + uid to remove
raise Exceptions::UnprocessableEntity, 'provider needed!' if !params[:provider]
raise Exceptions::UnprocessableEntity, 'uid needed!' if !params[:uid]
# remove from database
record = Authorization.where(
user_id: current_user.id,
provider: params[:provider],
uid: params[:uid],
)
raise Exceptions::UnprocessableEntity, 'No record found!' if !record.first
record.destroy_all
render json: { message: 'ok' }, status: :ok
end
=begin
Resource:
GET /api/v1/users/image/8d6cca1c6bdc226cf2ba131e264ca2c7
Response:
<IMAGE>
Test:
curl http://localhost/api/v1/users/image/8d6cca1c6bdc226cf2ba131e264ca2c7 -v -u #{login}:#{password}
=end
def image
# cache image
2014-12-01 07:32:35 +00:00
response.headers['Expires'] = 1.year.from_now.httpdate
response.headers['Cache-Control'] = 'cache, store, max-age=31536000, must-revalidate'
response.headers['Pragma'] = 'cache'
2016-01-20 01:48:54 +00:00
file = Avatar.get_by_hash(params[:hash])
2014-12-01 07:32:35 +00:00
if file
2014-07-27 11:40:42 +00:00
send_data(
2014-12-01 07:32:35 +00:00
file.content,
filename: file.filename,
type: file.preferences['Content-Type'] || file.preferences['Mime-Type'],
disposition: 'inline'
2014-07-27 11:40:42 +00:00
)
return
end
2014-12-01 07:32:35 +00:00
# serve default image
image = 'R0lGODdhMAAwAOMAAMzMzJaWlr6+vqqqqqOjo8XFxbe3t7GxsZycnAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAMAAwAAAEcxDISau9OOvNu/9gKI5kaZ5oqq5s675wLM90bd94ru98TwuAA+KQAQqJK8EAgBAgMEqmkzUgBIeSwWGZtR5XhSqAULACCoGCJGwlm1MGQrq9RqgB8fm4ZTUgDBIEcRR9fz6HiImKi4yNjo+QkZKTlJWWkBEAOw=='
send_data(
Base64.decode64(image),
filename: 'image.gif',
type: 'image/gif',
disposition: 'inline'
2014-12-01 07:32:35 +00:00
)
end
=begin
Resource:
POST /api/v1/users/avatar
Payload:
{
"avatar_full": "base64 url",
}
Response:
{
2016-01-20 01:48:54 +00:00
message: 'ok'
2014-12-01 07:32:35 +00:00
}
Test:
curl http://localhost/api/v1/users/avatar -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"avatar": "base64 url"}'
=end
def avatar_new
return if !valid_session_with_user
# get & validate image
2016-01-20 01:48:54 +00:00
file_full = StaticAssets.data_url_attributes(params[:avatar_full])
file_resize = StaticAssets.data_url_attributes(params[:avatar_resize])
2014-12-01 07:32:35 +00:00
avatar = Avatar.add(
object: 'User',
o_id: current_user.id,
full: {
content: file_full[:content],
mime_type: file_full[:mime_type],
2014-12-01 07:32:35 +00:00
},
resize: {
content: file_resize[:content],
mime_type: file_resize[:mime_type],
2014-12-01 07:32:35 +00:00
},
2015-04-27 20:49:17 +00:00
source: 'upload ' + Time.zone.now.to_s,
deletable: true,
2014-12-01 07:32:35 +00:00
)
# update user link
user = User.find(current_user.id)
user.update!(image: avatar.store_hash)
2014-12-01 07:32:35 +00:00
render json: { avatar: avatar }, status: :ok
2014-12-01 07:32:35 +00:00
end
def avatar_set_default
return if !valid_session_with_user
# get & validate image
raise Exceptions::UnprocessableEntity, 'No id of avatar!' if !params[:id]
2014-12-01 07:32:35 +00:00
# set as default
2016-01-20 01:48:54 +00:00
avatar = Avatar.set_default('User', current_user.id, params[:id])
2014-12-01 07:32:35 +00:00
# update user link
user = User.find(current_user.id)
user.update!(image: avatar.store_hash)
2014-12-01 07:32:35 +00:00
render json: {}, status: :ok
2014-12-01 07:32:35 +00:00
end
def avatar_destroy
return if !valid_session_with_user
# get & validate image
raise Exceptions::UnprocessableEntity, 'No id of avatar!' if !params[:id]
2014-12-01 07:32:35 +00:00
# remove avatar
2016-01-20 01:48:54 +00:00
Avatar.remove_one('User', current_user.id, params[:id])
2014-12-01 07:32:35 +00:00
# update user link
2016-01-20 01:48:54 +00:00
avatar = Avatar.get_default('User', current_user.id)
user = User.find(current_user.id)
user.update!(image: avatar.store_hash)
2014-12-01 07:32:35 +00:00
render json: {}, status: :ok
2014-12-01 07:32:35 +00:00
end
def avatar_list
return if !valid_session_with_user
# list of avatars
2016-01-20 01:48:54 +00:00
result = Avatar.list('User', current_user.id)
render json: { avatars: result }, status: :ok
2014-12-01 07:32:35 +00:00
end
# @path [GET] /users/import_example
#
# @summary Download of example CSV file.
# @notes The requester have 'admin.user' permissions to be able to download it.
# @example curl -u 'me@example.com:test' http://localhost:3000/api/v1/users/import_example
#
# @response_message 200 File download.
# @response_message 401 Invalid session.
def import_example
permission_check('admin.user')
send_data(
User.csv_example,
filename: 'user-example.csv',
type: 'text/csv',
disposition: 'attachment'
)
end
# @path [POST] /users/import
#
# @summary Starts import.
# @notes The requester have 'admin.text_module' permissions to be create a new import.
# @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/users.csv' 'https://your.zammad/api/v1/users/import?try=true'
# @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/users.csv' 'https://your.zammad/api/v1/users/import'
#
# @response_message 201 Import started.
# @response_message 401 Invalid session.
def import_start
permission_check('admin.user')
string = params[:data] || params[:file].read.force_encoding('utf-8')
result = User.csv_import(
string: string,
parse_params: {
col_sep: params[:col_sep] || ',',
},
try: params[:try],
delete: params[:delete],
)
render json: result, status: :ok
end
2014-12-01 07:32:35 +00:00
private
def password_policy(password)
2015-02-09 12:19:52 +00:00
if Setting.get('password_min_size').to_i > password.length
return ["Can\'t update password, it must be at least %s characters long!", Setting.get('password_min_size')]
end
if Setting.get('password_need_digit').to_i == 1 && password !~ /\d/
return ["Can't update password, it must contain at least 1 digit!"]
end
if Setting.get('password_min_2_lower_2_upper_characters').to_i == 1 && ( password !~ /[A-Z].*[A-Z]/ || password !~ /[a-z].*[a-z]/ )
return ["Can't update password, it must contain at least 2 lowercase and 2 uppercase characters!"]
end
true
end
end