From 13e710b4c36b99afc22270980de41c235ddd387e Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Fri, 7 Sep 2018 12:16:48 +0300 Subject: [PATCH] Updated REST API User (markdown) --- REST-API-User.md | 159 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 158 insertions(+), 1 deletion(-) diff --git a/REST-API-User.md b/REST-API-User.md index 0d711ad..f89157d 100644 --- a/REST-API-User.md +++ b/REST-API-User.md @@ -324,4 +324,161 @@ curl -H "Authorization: Bearer t7iYB86mXoLfP_XsMegxF41oKT7iiA9lDYiKVtXcctl" \ -X PUT \ http://localhost:3000/api/users/ztKvBTzCqmyJ77on8 \ -d '{ "action": "enableLogin" }' -``` \ No newline at end of file +``` + +# In Wekan code + +wekan/models/users.js +``` + // Middleware which checks that API is enabled. + JsonRoutes.Middleware.use(function (req, res, next) { + const api = req.url.search('api'); + if (api === 1 && process.env.WITH_API === 'true' || api === -1){ + return next(); + } + else { + res.writeHead(301, {Location: '/'}); + return res.end(); + } + }); + + JsonRoutes.add('GET', '/api/user', function(req, res) { + try { + Authentication.checkLoggedIn(req.userId); + const data = Meteor.users.findOne({ _id: req.userId}); + delete data.services; + JsonRoutes.sendResult(res, { + code: 200, + data, + }); + } + catch (error) { + JsonRoutes.sendResult(res, { + code: 200, + data: error, + }); + } + }); + + JsonRoutes.add('GET', '/api/users', function (req, res) { + try { + Authentication.checkUserId(req.userId); + JsonRoutes.sendResult(res, { + code: 200, + data: Meteor.users.find({}).map(function (doc) { + return { _id: doc._id, username: doc.username }; + }), + }); + } + catch (error) { + JsonRoutes.sendResult(res, { + code: 200, + data: error, + }); + } + }); + + JsonRoutes.add('GET', '/api/users/:id', function (req, res) { + try { + Authentication.checkUserId(req.userId); + const id = req.params.id; + JsonRoutes.sendResult(res, { + code: 200, + data: Meteor.users.findOne({ _id: id }), + }); + } + catch (error) { + JsonRoutes.sendResult(res, { + code: 200, + data: error, + }); + } + }); + + JsonRoutes.add('PUT', '/api/users/:id', function (req, res) { + try { + Authentication.checkUserId(req.userId); + const id = req.params.id; + const action = req.body.action; + let data = Meteor.users.findOne({ _id: id }); + if (data !== undefined) { + if (action === 'takeOwnership') { + data = Boards.find({ + 'members.userId': id, + 'members.isAdmin': true, + }).map(function(board) { + if (board.hasMember(req.userId)) { + board.removeMember(req.userId); + } + board.changeOwnership(id, req.userId); + return { + _id: board._id, + title: board.title, + }; + }); + } else { + if ((action === 'disableLogin') && (id !== req.userId)) { + Users.update({ _id: id }, { $set: { loginDisabled: true, 'services.resume.loginTokens': '' } }); + } else if (action === 'enableLogin') { + Users.update({ _id: id }, { $set: { loginDisabled: '' } }); + } + data = Meteor.users.findOne({ _id: id }); + } + } + JsonRoutes.sendResult(res, { + code: 200, + data, + }); + } + catch (error) { + JsonRoutes.sendResult(res, { + code: 200, + data: error, + }); + } + }); + + JsonRoutes.add('POST', '/api/users/', function (req, res) { + try { + Authentication.checkUserId(req.userId); + const id = Accounts.createUser({ + username: req.body.username, + email: req.body.email, + password: req.body.password, + from: 'admin', + }); + JsonRoutes.sendResult(res, { + code: 200, + data: { + _id: id, + }, + }); + } + catch (error) { + JsonRoutes.sendResult(res, { + code: 200, + data: error, + }); + } + }); + + JsonRoutes.add('DELETE', '/api/users/:id', function (req, res) { + try { + Authentication.checkUserId(req.userId); + const id = req.params.id; + Meteor.users.remove({ _id: id }); + JsonRoutes.sendResult(res, { + code: 200, + data: { + _id: id, + }, + }); + } + catch (error) { + JsonRoutes.sendResult(res, { + code: 200, + data: error, + }); + } + }); +```