forked from lda/telodendria
Remove user create Admin endpoint, and the associated privilege.
If an admin wants to create a user, he or she should have the ISSUE_TOKEN privilege. The admin can use that to create a one-time registration token, and then just use the regular registration API with that token.
This commit is contained in:
parent
d89e3fd753
commit
58dae3a0c9
1 changed files with 12 additions and 63 deletions
|
@ -39,10 +39,6 @@ Here are all of the admin privileges a user can have:
|
||||||
This allows users to create, modify and delete registration
|
This allows users to create, modify and delete registration
|
||||||
tokens.
|
tokens.
|
||||||
|
|
||||||
- CREATE_USERS:
|
|
||||||
Allows users with such privilege to create new users even if
|
|
||||||
registration is completely turned off.
|
|
||||||
|
|
||||||
- ALL:
|
- ALL:
|
||||||
Users with this privilege can use *any* admin endpoint(and some
|
Users with this privilege can use *any* admin endpoint(and some
|
||||||
others)
|
others)
|
||||||
|
@ -53,6 +49,8 @@ Here are all of the admin privileges a user can have:
|
||||||
|
|
||||||
### GET `/_telodendria/admin/privileges`
|
### GET `/_telodendria/admin/privileges`
|
||||||
|
|
||||||
|
Get the priviledges of the user that owns the provided access token.
|
||||||
|
|
||||||
|Requires token|Rate limited|
|
|Requires token|Rate limited|
|
||||||
|--------------|------------|
|
|--------------|------------|
|
||||||
|YES |YES |
|
|YES |YES |
|
||||||
|
@ -60,8 +58,8 @@ Here are all of the admin privileges a user can have:
|
||||||
|
|
||||||
|Error response|Description |
|
|Error response|Description |
|
||||||
|--------------|------------------------|
|
|--------------|------------------------|
|
||||||
|200 |User was sucessfully |
|
|200 |Privileges successfully |
|
||||||
| |deactivated. |
|
| |returned. |
|
||||||
|
|
||||||
200 Response JSON Format:
|
200 Response JSON Format:
|
||||||
|
|
||||||
|
@ -81,13 +79,12 @@ Here are all of the admin privileges a user can have:
|
||||||
|
|
||||||
### DELETE `/_telodendria/admin/deactivate/[localpart]`
|
### DELETE `/_telodendria/admin/deactivate/[localpart]`
|
||||||
|
|
||||||
|
Deactivates a local user, optionally with a reason.
|
||||||
|
|
||||||
|Requires token|Rate limited|Permissions|
|
|Requires token|Rate limited|Permissions|
|
||||||
|--------------|------------|-----------|
|
|--------------|------------|-----------|
|
||||||
|YES |YES |DEACTIVATE |
|
|YES |YES |DEACTIVATE |
|
||||||
|
|
||||||
Description:
|
|
||||||
Deactivates a local user, optionally with a reason.
|
|
||||||
|
|
||||||
Request JSON Format:
|
Request JSON Format:
|
||||||
|
|
||||||
|Field |Type |Description |Required|
|
|Field |Type |Description |Required|
|
||||||
|
@ -190,14 +187,12 @@ Reactivates a local user.
|
||||||
|
|
||||||
### GET `/_telodendria/admin/tokens`
|
### GET `/_telodendria/admin/tokens`
|
||||||
|
|
||||||
|
Gets a list of *all* tokens present, and additional information.
|
||||||
|
|
||||||
|Requires token|Rate limited|Permissions |
|
|Requires token|Rate limited|Permissions |
|
||||||
|--------------|------------|------------|
|
|--------------|------------|------------|
|
||||||
|YES |YES |ISSUE_TOKENS|
|
|YES |YES |ISSUE_TOKENS|
|
||||||
|
|
||||||
Description:
|
|
||||||
Gets a list of *all* tokens present, and additional information.
|
|
||||||
|
|
||||||
|
|
||||||
|Error response|Description |
|
|Error response|Description |
|
||||||
|--------------|---------------------------|
|
|--------------|---------------------------|
|
||||||
|200 |Token list was sucessfully |
|
|200 |Token list was sucessfully |
|
||||||
|
@ -274,13 +269,12 @@ Gets a list of *all* tokens present, and additional information.
|
||||||
|
|
||||||
### GET `/_telodendria/admin/tokens/[token]`
|
### GET `/_telodendria/admin/tokens/[token]`
|
||||||
|
|
||||||
|
Returns information about a specific registration token.
|
||||||
|
|
||||||
|Requires token|Rate limited|Permissions |
|
|Requires token|Rate limited|Permissions |
|
||||||
|--------------|------------|------------|
|
|--------------|------------|------------|
|
||||||
|YES |YES |ISSUE_TOKENS|
|
|YES |YES |ISSUE_TOKENS|
|
||||||
|
|
||||||
Description:
|
|
||||||
Returns information about a specific registration token.
|
|
||||||
|
|
||||||
|error response|description |
|
|error response|description |
|
||||||
|--------------|---------------------------|
|
|--------------|---------------------------|
|
||||||
|200 |token info was sucessfully |
|
|200 |token info was sucessfully |
|
||||||
|
@ -329,13 +323,12 @@ Returns information about a specific registration token.
|
||||||
|
|
||||||
### POST `/_telodendria/admin/tokens`
|
### POST `/_telodendria/admin/tokens`
|
||||||
|
|
||||||
|
Adds a registration token, and setup expiry date and max uses.
|
||||||
|
|
||||||
|Requires token|Rate limited|Permissions |
|
|Requires token|Rate limited|Permissions |
|
||||||
|--------------|------------|------------|
|
|--------------|------------|------------|
|
||||||
|YES |YES |ISSUE_TOKENS|
|
|YES |YES |ISSUE_TOKENS|
|
||||||
|
|
||||||
Description:
|
|
||||||
Adds a registration token, and setup expiry date and max uses.
|
|
||||||
|
|
||||||
Request JSON Format:
|
Request JSON Format:
|
||||||
|
|
||||||
|Field |Type |Description |Required|
|
|Field |Type |Description |Required|
|
||||||
|
@ -438,47 +431,3 @@ Deletes an existing registration token.
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
### POST /_telodendria/admin/user/create
|
|
||||||
|
|
||||||
|Requires token|Rate limited|Permissions |
|
|
||||||
|--------------|------------|------------|
|
|
||||||
|YES |YES |CREATE_USERS|
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Creates a new user with password login.
|
|
||||||
**NOTE**: This does not make the user login.
|
|
||||||
|
|
||||||
Request JSON Format:
|
|
||||||
|
|
||||||
|Field |Type |Description |Required|
|
|
||||||
|-------------|-----------|----------------------|--------|
|
|
||||||
|name |localpart |The created user's lo-|YES |
|
|
||||||
| | |calpart. | |
|
|
||||||
|-------------|-----------|----------------------|--------|
|
|
||||||
|password |string |The created user's |YES |
|
|
||||||
| | |password. | |
|
|
||||||
|
|
||||||
Request Example:
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"name": "edward",
|
|
||||||
"password": "verysecurepassworddontworryaboutittoomuch"
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
|Error response|Description |
|
|
||||||
|--------------|-----------------------------|
|
|
||||||
|204 |User was sucessfully created.|
|
|
||||||
|--------------|-----------------------------|
|
|
||||||
|403 |User does not have the |
|
|
||||||
| |CREATE_USERS permission. |
|
|
||||||
|
|
||||||
403 Response JSON Format:
|
|
||||||
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"errcode": "M_FORBIDDEN",
|
|
||||||
"error": "Forbidden access. Bad permissions or not authenticated."
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
Loading…
Reference in a new issue