jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Require admin rights for user listing

Browse Source
This commit is contained in:
Johannes Zellner
2016-02-25 13:43:15 +01:00
parent a0d7406b3c
commit b5b0ab7475
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/server.js
+7 -4
View File
@@ -100,15 +100,18 @@ function initializeExpressSync() {
router.get ('/api/v1/profile', profileScope, routes.user.profile);
router.get ('/api/v1/users', usersScope, routes.user.list);
// user routes only for admins
router.get ('/api/v1/users', usersScope, routes.user.requireAdmin, routes.user.list);
router.post('/api/v1/users', usersScope, routes.user.requireAdmin, routes.user.create);
router.get ('/api/v1/users/:userId', usersScope, routes.user.info);
router.put ('/api/v1/users/:userId', usersScope, routes.user.verifyPassword, routes.user.update);
router.del ('/api/v1/users/:userId', usersScope, routes.user.requireAdmin, routes.user.verifyPassword, routes.user.remove);
router.post('/api/v1/users/:userId/password', usersScope, routes.user.changePassword); // changePassword verifies password
router.put ('/api/v1/users/:userId/set_groups', usersScope, routes.user.requireAdmin, routes.user.setGroups);
router.post('/api/v1/users/:userId/invite', usersScope, routes.user.requireAdmin, routes.user.sendInvite);
// user routes for admins and users operating on their own account
router.get ('/api/v1/users/:userId', usersScope, routes.user.info);
router.put ('/api/v1/users/:userId', usersScope, routes.user.verifyPassword, routes.user.update);
router.post('/api/v1/users/:userId/password', usersScope, routes.user.changePassword); // changePassword verifies password
// Group management
router.get ('/api/v1/groups', usersScope, routes.user.requireAdmin, routes.groups.list);
router.post('/api/v1/groups', usersScope, routes.user.requireAdmin, routes.groups.create);