add manage user permission
This commit is contained in:
Girish Ramakrishnan
19
src/users.js
19
src/users.js
@@ -40,7 +40,8 @@ exports = module.exports = {
|
||||
delAppPassword: delAppPassword
|
||||
};
|
||||
|
||||
let assert = require('assert'),
|
||||
let accesscontrol = require('./accesscontrol.js'),
|
||||
assert = require('assert'),
|
||||
BoxError = require('./boxerror.js'),
|
||||
crypto = require('crypto'),
|
||||
constants = require('./constants.js'),
|
||||
@@ -115,7 +116,7 @@ function validatePassword(password) {
|
||||
|
||||
// remove all fields that should never be sent out via REST API
|
||||
function removePrivateFields(user) {
|
||||
return _.pick(user, 'id', 'username', 'email', 'fallbackEmail', 'displayName', 'groupIds', 'admin', 'active', 'source');
|
||||
return _.pick(user, 'id', 'username', 'email', 'fallbackEmail', 'displayName', 'groupIds', 'admin', 'active', 'source', 'permissions');
|
||||
}
|
||||
|
||||
// remove all fields that Non-privileged users must not see
|
||||
@@ -135,6 +136,7 @@ function create(username, password, email, displayName, options, auditSource, ca
|
||||
const isAdmin = !!options.admin;
|
||||
const source = options.source || ''; // empty is local user
|
||||
const invitor = options.invitor || null;
|
||||
const permissions = options.permissions || null;
|
||||
|
||||
var error;
|
||||
|
||||
@@ -158,6 +160,9 @@ function create(username, password, email, displayName, options, auditSource, ca
|
||||
error = validateDisplayName(displayName);
|
||||
if (error) return callback(error);
|
||||
|
||||
error = accesscontrol.validatePermissions(permissions);
|
||||
if (error) return callback(error);
|
||||
|
||||
crypto.randomBytes(CRYPTO_SALT_SIZE, function (error, salt) {
|
||||
if (error) return callback(new BoxError(BoxError.CRYPTO_ERROR, error));
|
||||
|
||||
@@ -177,7 +182,8 @@ function create(username, password, email, displayName, options, auditSource, ca
|
||||
resetToken: '',
|
||||
displayName: displayName,
|
||||
admin: isOwner || isAdmin,
|
||||
source: source
|
||||
source: source,
|
||||
permissions: permissions
|
||||
};
|
||||
|
||||
userdb.add(user.id, user, function (error) {
|
||||
@@ -407,7 +413,7 @@ function updateUser(user, data, auditSource, callback) {
|
||||
assert.strictEqual(typeof callback, 'function');
|
||||
|
||||
var error;
|
||||
data = _.pick(data, 'email', 'fallbackEmail', 'displayName', 'username', 'admin', 'active');
|
||||
data = _.pick(data, 'email', 'fallbackEmail', 'displayName', 'username', 'admin', 'active', 'permissions');
|
||||
|
||||
if (_.isEmpty(data)) return callback();
|
||||
|
||||
@@ -429,6 +435,11 @@ function updateUser(user, data, auditSource, callback) {
|
||||
if (error) return callback(error);
|
||||
}
|
||||
|
||||
if (data.permissions) {
|
||||
error = accesscontrol.validatePermissions(data.permissions);
|
||||
if (error) return callback(error);
|
||||
}
|
||||
|
||||
userdb.update(user.id, data, function (error) {
|
||||
if (error) return callback(error);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user