Allow making LDAP users admins

2025-07-22 20:41:40 +02:00 · 2022-04-11 12:29:24 +02:00
parent 6e9a916a18
commit e0cc17cfa9
3 changed files with 88 additions and 6 deletions
--- a/api/rest.go
+++ b/api/rest.go
@@ -55,6 +55,7 @@ func (api *RestApi) MountRoutes(r *mux.Router) {
 		r.HandleFunc("/users/", api.createUser).Methods(http.MethodPost, http.MethodPut)
 		r.HandleFunc("/users/", api.getUsers).Methods(http.MethodGet)
 		r.HandleFunc("/users/", api.deleteUser).Methods(http.MethodDelete)
+		r.HandleFunc("/user/{id}", api.updateUser).Methods(http.MethodPost)
 		r.HandleFunc("/configuration/", api.updateConfiguration).Methods(http.MethodPost)
 	}

@@ -555,7 +556,9 @@ func (api *RestApi) getUsers(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

-	users, err := api.Authentication.FetchUsers(r.URL.Query().Get("via-ldap") == "true")
+	users, err := api.Authentication.FetchUsers(
+		r.URL.Query().Get("via-ldap") == "true",
+		r.URL.Query().Get("not-just-user") == "true")
 	if err != nil {
 		http.Error(rw, err.Error(), http.StatusInternalServerError)
 		return
@@ -564,6 +567,22 @@ func (api *RestApi) getUsers(rw http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(rw).Encode(users)
 }

+func (api *RestApi) updateUser(rw http.ResponseWriter, r *http.Request) {
+	if user := auth.GetUser(r.Context()); !user.HasRole(auth.RoleAdmin) {
+		http.Error(rw, "only admins are allowed to update a user", http.StatusForbidden)
+		return
+	}
+
+	// TODO: Handle anything but roles...
+	newrole := r.FormValue("add-role")
+	if err := api.Authentication.AddRole(r.Context(), mux.Vars(r)["id"], newrole); err != nil {
+		http.Error(rw, err.Error(), http.StatusUnprocessableEntity)
+		return
+	}
+
+	rw.Write([]byte("success"))
+}
+
 func (api *RestApi) updateConfiguration(rw http.ResponseWriter, r *http.Request) {
 	rw.Header().Set("Content-Type", "text/plain")
 	key, value := r.FormValue("key"), r.FormValue("value")