user-services
This commit is contained in:
parent
18e095faee
commit
1f96d708bf
5 changed files with 18 additions and 180 deletions
|
|
@ -194,9 +194,6 @@ sub getOperations {
|
||||||
'setPersonalStyle' => 'Style',
|
'setPersonalStyle' => 'Style',
|
||||||
'unsetPersonalStyle' => 'Style',
|
'unsetPersonalStyle' => 'Style',
|
||||||
|
|
||||||
'ajaxCreateUser' => 'User',
|
|
||||||
'ajaxDeleteUser' => 'User',
|
|
||||||
'ajaxUpdateUser' => 'User',
|
|
||||||
'becomeUser' => 'User',
|
'becomeUser' => 'User',
|
||||||
'deleteUser' => 'User',
|
'deleteUser' => 'User',
|
||||||
'editUser' => 'User',
|
'editUser' => 'User',
|
||||||
|
|
|
||||||
|
|
@ -25,8 +25,6 @@ use WebGUI::SQL;
|
||||||
use WebGUI::TabForm;
|
use WebGUI::TabForm;
|
||||||
use WebGUI::User;
|
use WebGUI::User;
|
||||||
use WebGUI::Utility;
|
use WebGUI::Utility;
|
||||||
use JSON;
|
|
||||||
use XML::Simple;
|
|
||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
|
@ -138,7 +136,7 @@ sub canUseService {
|
||||||
my ( $session ) = @_;
|
my ( $session ) = @_;
|
||||||
my $subnets = $session->config->get('serviceSubnets');
|
my $subnets = $session->config->get('serviceSubnets');
|
||||||
return 1 if !$subnets || !@{$subnets};
|
return 1 if !$subnets || !@{$subnets};
|
||||||
return 1 if WebGUI::Utility::isInSubnet( $session->env->getIp, $subnets );
|
return 1 if WebGUI::Utility::isInSubnet( $session->getIp, $subnets );
|
||||||
return 0; # Don't go away mad, just go away
|
return 0; # Don't go away mad, just go away
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -159,27 +157,6 @@ sub canView {
|
||||||
|
|
||||||
#-------------------------------------------------------------------
|
#-------------------------------------------------------------------
|
||||||
|
|
||||||
=head2 createServiceResponse ( format, data )
|
|
||||||
|
|
||||||
Create a string with the correct C<format> from the given C<data>.
|
|
||||||
|
|
||||||
Possible formats are "json" and "xml".
|
|
||||||
|
|
||||||
=cut
|
|
||||||
|
|
||||||
sub createServiceResponse {
|
|
||||||
my ( $format, $data ) = @_;
|
|
||||||
|
|
||||||
if ( lc $format eq "xml" ) {
|
|
||||||
return XML::Simple::XMLout($data, NoAttr => 1, RootName => "response" );
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
return JSON->new->encode($data);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#-------------------------------------------------------------------
|
|
||||||
|
|
||||||
=head2 doUserSearch ( session, op, returnPaginator, userFilter )
|
=head2 doUserSearch ( session, op, returnPaginator, userFilter )
|
||||||
|
|
||||||
Subroutine that actually performs the SQL search for users.
|
Subroutine that actually performs the SQL search for users.
|
||||||
|
|
@ -362,21 +339,22 @@ sub www_ajaxCreateUser {
|
||||||
|
|
||||||
### Verify data
|
### Verify data
|
||||||
# User data is <PROPERTY_NAME> in form
|
# User data is <PROPERTY_NAME> in form
|
||||||
my %userParam = (
|
my %user = (
|
||||||
map { $_ => $session->form->get($_) }
|
map { $_ => $session->form->get($_) }
|
||||||
grep { !/^auth:/ && $_ ne "op" }
|
grep { !/^auth:/ }
|
||||||
( $session->form->param )
|
$session->form->get
|
||||||
);
|
);
|
||||||
|
|
||||||
# Auth data is auth:<AUTH_METHOD>:<PROPERTY_NAME> in form
|
# Auth data is auth:<AUTH_METHOD>:<PROPERTY_NAME> in form
|
||||||
my %authParam = ();
|
my %auth = ();
|
||||||
for my $formParam ( grep { /^auth:[^:]+:.+$/ } $session->form->get ) {
|
for my $formParam ( grep { /^auth:([^:]+):(.+)$/ } $session->form->get ) {
|
||||||
my ( $authMethod, $property ) = $formParam =~ /^auth:([^:]+):(.+)$/;
|
my $authMethod = $1;
|
||||||
$authParam{$authMethod}{$property} = $session->form->get($formParam);
|
my $property = $2;
|
||||||
|
$auth{$authMethod}{$property} = $session->form->get($formParam);
|
||||||
}
|
}
|
||||||
|
|
||||||
# User must have a username
|
# User must have a username
|
||||||
if ( !$userParam{username} ) {
|
if ( !$user{username} ) {
|
||||||
return createServiceResponse( $outputFormat, {
|
return createServiceResponse( $outputFormat, {
|
||||||
error => "WebGUI::Error::InvalidParam",
|
error => "WebGUI::Error::InvalidParam",
|
||||||
param => "username",
|
param => "username",
|
||||||
|
|
@ -384,26 +362,11 @@ sub www_ajaxCreateUser {
|
||||||
} );
|
} );
|
||||||
}
|
}
|
||||||
|
|
||||||
### Create user
|
# Create user
|
||||||
my $user = WebGUI::User->create( $session );
|
|
||||||
$user->update( \%userParam );
|
# Send new user's data
|
||||||
for my $authMethod ( keys %authParam ) {
|
|
||||||
my $auth = WebGUI::Operation::Auth::getInstance($session,$authMethod,$user->getId);
|
|
||||||
|
|
||||||
# XXX Special handling for WebGUI passwords. This should be removed when
|
|
||||||
# Auth is fixed in WebGUI 8
|
|
||||||
if ( $authMethod eq 'WebGUI' && exists $authParam{$authMethod}{identifier} ) {
|
|
||||||
$authParam{$authMethod}{identifier}
|
|
||||||
= $auth->hashPassword( $authParam{$authMethod}{identifier} );
|
|
||||||
}
|
|
||||||
|
|
||||||
$auth->saveParams( $user->getId, $auth->authMethod, $authParam{$authMethod} );
|
|
||||||
}
|
|
||||||
|
|
||||||
### Send new user's data
|
|
||||||
return createServiceResponse( $outputFormat, {
|
|
||||||
user => $user->get,
|
|
||||||
} );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#-------------------------------------------------------------------
|
#-------------------------------------------------------------------
|
||||||
|
|
@ -417,53 +380,7 @@ Delete a user using a web service.
|
||||||
sub www_ajaxDeleteUser {
|
sub www_ajaxDeleteUser {
|
||||||
my ( $session ) = @_;
|
my ( $session ) = @_;
|
||||||
|
|
||||||
### Get desired output format first (for future error messages)
|
|
||||||
my $outputFormat = "json";
|
|
||||||
my $mimeType = "application/json";
|
|
||||||
|
|
||||||
# Allow XML
|
|
||||||
if ( lc $session->form->get('as') eq "xml" ) {
|
|
||||||
$outputFormat = "xml";
|
|
||||||
$mimeType = "application/xml";
|
|
||||||
}
|
|
||||||
|
|
||||||
$session->http->setMimeType( $mimeType );
|
|
||||||
|
|
||||||
# Verify access
|
|
||||||
if ( !canEdit($session) || !canUseService($session) ) {
|
|
||||||
# We need an automatic way to send a request for an http basic auth
|
|
||||||
$session->http->setStatus(401,'Unauthorized');
|
|
||||||
return createServiceResponse( $outputFormat, {
|
|
||||||
error => "WebGUI::Error::Unauthorized",
|
|
||||||
message => "",
|
|
||||||
} );
|
|
||||||
}
|
|
||||||
|
|
||||||
# Verify data
|
|
||||||
my $userId = $session->form->get('userId');
|
|
||||||
if ( !$userId ) {
|
|
||||||
return createServiceResponse( $outputFormat, {
|
|
||||||
error => "WebGUI::Error::InvalidParam",
|
|
||||||
param => "userId",
|
|
||||||
message => "",
|
|
||||||
} );
|
|
||||||
}
|
|
||||||
elsif ( $userId eq "1" || $userId eq "3" ) {
|
|
||||||
$session->http->setStatus(403,"Forbidden");
|
|
||||||
return createServiceResponse( $outputFormat, {
|
|
||||||
error => 'WebGUI::Error::InvalidParam',
|
|
||||||
param => 'userId',
|
|
||||||
message => 'Cannot delete system user',
|
|
||||||
} );
|
|
||||||
}
|
|
||||||
|
|
||||||
### Delete user
|
|
||||||
my $user = WebGUI::User->new( $session, $userId );
|
|
||||||
$user->delete;
|
|
||||||
|
|
||||||
return createServiceResponse( $outputFormat, {
|
|
||||||
message => 'User deleted',
|
|
||||||
} );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#-------------------------------------------------------------------
|
#-------------------------------------------------------------------
|
||||||
|
|
@ -477,72 +394,7 @@ Update a user using a web service.
|
||||||
sub www_ajaxUpdateUser {
|
sub www_ajaxUpdateUser {
|
||||||
my ( $session ) = @_;
|
my ( $session ) = @_;
|
||||||
|
|
||||||
### Get desired output format first (for future error messages)
|
|
||||||
my $outputFormat = "json";
|
|
||||||
my $mimeType = "application/json";
|
|
||||||
|
|
||||||
# Allow XML
|
|
||||||
if ( lc $session->form->get('as') eq "xml" ) {
|
|
||||||
$outputFormat = "xml";
|
|
||||||
$mimeType = "application/xml";
|
|
||||||
}
|
|
||||||
|
|
||||||
$session->http->setMimeType( $mimeType );
|
|
||||||
|
|
||||||
# Verify access
|
|
||||||
if ( !canEdit($session) || !canUseService($session) ) {
|
|
||||||
# We need an automatic way to send a request for an http basic auth
|
|
||||||
$session->http->setStatus(401,'Unauthorized');
|
|
||||||
return createServiceResponse( $outputFormat, {
|
|
||||||
error => "WebGUI::Error::Unauthorized",
|
|
||||||
message => "",
|
|
||||||
} );
|
|
||||||
}
|
|
||||||
|
|
||||||
### Verify data
|
|
||||||
# User data is <PROPERTY_NAME> in form
|
|
||||||
my %userParam = (
|
|
||||||
map { $_ => $session->form->get($_) }
|
|
||||||
grep { !/^auth:/ && $_ ne "op" }
|
|
||||||
( $session->form->param )
|
|
||||||
);
|
|
||||||
|
|
||||||
# Auth data is auth:<AUTH_METHOD>:<PROPERTY_NAME> in form
|
|
||||||
my %authParam = ();
|
|
||||||
for my $formParam ( grep { /^auth:[^:]+:.+$/ } $session->form->param ) {
|
|
||||||
my ( $authMethod, $property ) = $formParam =~ /^auth:([^:]+):(.+)$/;
|
|
||||||
$authParam{$authMethod}{$property} = $session->form->get($formParam);
|
|
||||||
}
|
|
||||||
|
|
||||||
# User must have a userId
|
|
||||||
if ( !$userParam{userId} ) {
|
|
||||||
return createServiceResponse( $outputFormat, {
|
|
||||||
error => "WebGUI::Error::InvalidParam",
|
|
||||||
param => "userId",
|
|
||||||
message => "",
|
|
||||||
} );
|
|
||||||
}
|
|
||||||
|
|
||||||
### Update user
|
|
||||||
my $user = WebGUI::User->new( $session, delete $userParam{userId} );
|
|
||||||
$user->update( \%userParam );
|
|
||||||
for my $authMethod ( keys %authParam ) {
|
|
||||||
my $auth = WebGUI::Operation::Auth::getInstance($session,$authMethod,$user->getId);
|
|
||||||
|
|
||||||
# XXX Special handling for WebGUI passwords. This should be removed when
|
|
||||||
# Auth is fixed in WebGUI 8
|
|
||||||
if ( $authMethod eq 'WebGUI' && exists $authParam{$authMethod}{identifier} ) {
|
|
||||||
$authParam{$authMethod}{identifier}
|
|
||||||
= $auth->hashPassword( $authParam{$authMethod}{identifier} );
|
|
||||||
}
|
|
||||||
|
|
||||||
$auth->saveParams( $user->getId, $auth->authMethod, $authParam{$authMethod} );
|
|
||||||
}
|
|
||||||
|
|
||||||
### Send user's data
|
|
||||||
return createServiceResponse( $outputFormat, {
|
|
||||||
user => $user->get,
|
|
||||||
} );
|
|
||||||
}
|
}
|
||||||
>>>>>>> added services to create, update, and delete users:lib/WebGUI/Operation/User.pm
|
>>>>>>> added services to create, update, and delete users:lib/WebGUI/Operation/User.pm
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1251,12 +1251,10 @@ sub update {
|
||||||
|
|
||||||
# Make a safe copy of properties, we'll be deleting from it
|
# Make a safe copy of properties, we'll be deleting from it
|
||||||
$properties = { %$properties };
|
$properties = { %$properties };
|
||||||
|
|
||||||
$self->uncache;
|
$self->uncache;
|
||||||
$properties->{lastUpdated} ||= time;
|
$properties->{lastUpdated} ||= time;
|
||||||
|
|
||||||
# No userId, bad!
|
|
||||||
delete $properties->{userId};
|
|
||||||
|
|
||||||
# $self->{_user} contains all fields in `users` table
|
# $self->{_user} contains all fields in `users` table
|
||||||
my @userFields = ();
|
my @userFields = ();
|
||||||
my @userValues = ();
|
my @userValues = ();
|
||||||
|
|
|
||||||
8
t/User.t
8
t/User.t
|
|
@ -20,7 +20,7 @@ use WebGUI::Cache;
|
||||||
use WebGUI::User;
|
use WebGUI::User;
|
||||||
use WebGUI::ProfileField;
|
use WebGUI::ProfileField;
|
||||||
|
|
||||||
use Test::More tests => 221; # increment this value for each test you create
|
use Test::More tests => 211; # increment this value for each test you create
|
||||||
use Test::Deep;
|
use Test::Deep;
|
||||||
use Data::Dumper;
|
use Data::Dumper;
|
||||||
|
|
||||||
|
|
@ -115,18 +115,12 @@ $newSession->close;
|
||||||
|
|
||||||
my $now = time;
|
my $now = time;
|
||||||
$user->update({
|
$user->update({
|
||||||
userId => 'INEDU2COMEINSATURDYTHX',
|
|
||||||
username => "jlumbe",
|
username => "jlumbe",
|
||||||
firstName => "John",
|
firstName => "John",
|
||||||
lastName => "Lumbergh",
|
lastName => "Lumbergh",
|
||||||
lastUpdated => $now,
|
lastUpdated => $now,
|
||||||
});
|
});
|
||||||
|
|
||||||
isnt(
|
|
||||||
$user->get('userId'), 'INEDU2COMEINSATURDYTHX',
|
|
||||||
"update() does not allow changing userId",
|
|
||||||
);
|
|
||||||
|
|
||||||
is(
|
is(
|
||||||
$session->db->quickScalar("SELECT username FROM users WHERE userId=?",[$user->getId]),
|
$session->db->quickScalar("SELECT username FROM users WHERE userId=?",[$user->getId]),
|
||||||
"jlumbe",
|
"jlumbe",
|
||||||
|
|
|
||||||
|
|
@ -231,10 +231,7 @@ all form variables.
|
||||||
sub body {
|
sub body {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
my $value = shift;
|
my $value = shift;
|
||||||
if ( !defined $value ) {
|
return keys %{ $self->{body} } unless defined $value;
|
||||||
return keys %{ $self->{body} } if wantarray;
|
|
||||||
return { %{ $self->{body} } };
|
|
||||||
}
|
|
||||||
if ($self->{body}->{$value}) {
|
if ($self->{body}->{$value}) {
|
||||||
if (wantarray && ref $self->{body}->{$value} eq "ARRAY") {
|
if (wantarray && ref $self->{body}->{$value} eq "ARRAY") {
|
||||||
return @{$self->{body}->{$value}};
|
return @{$self->{body}->{$value}};
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue