forked from lda/telodendria
Remove user create Admin endpoint, and the associated privilege.
If an admin wants to create a user, he or she should have the ISSUE_TOKEN privilege. The admin can use that to create a one-time registration token, and then just use the regular registration API with that token.
This commit is contained in:
parent
d89e3fd753
commit
58dae3a0c9
1 changed files with 12 additions and 63 deletions
|
@ -39,10 +39,6 @@ Here are all of the admin privileges a user can have:
|
|||
This allows users to create, modify and delete registration
|
||||
tokens.
|
||||
|
||||
- CREATE_USERS:
|
||||
Allows users with such privilege to create new users even if
|
||||
registration is completely turned off.
|
||||
|
||||
- ALL:
|
||||
Users with this privilege can use *any* admin endpoint(and some
|
||||
others)
|
||||
|
@ -53,6 +49,8 @@ Here are all of the admin privileges a user can have:
|
|||
|
||||
### GET `/_telodendria/admin/privileges`
|
||||
|
||||
Get the priviledges of the user that owns the provided access token.
|
||||
|
||||
|Requires token|Rate limited|
|
||||
|--------------|------------|
|
||||
|YES |YES |
|
||||
|
@ -60,8 +58,8 @@ Here are all of the admin privileges a user can have:
|
|||
|
||||
|Error response|Description |
|
||||
|--------------|------------------------|
|
||||
|200 |User was sucessfully |
|
||||
| |deactivated. |
|
||||
|200 |Privileges successfully |
|
||||
| |returned. |
|
||||
|
||||
200 Response JSON Format:
|
||||
|
||||
|
@ -81,13 +79,12 @@ Here are all of the admin privileges a user can have:
|
|||
|
||||
### DELETE `/_telodendria/admin/deactivate/[localpart]`
|
||||
|
||||
Deactivates a local user, optionally with a reason.
|
||||
|
||||
|Requires token|Rate limited|Permissions|
|
||||
|--------------|------------|-----------|
|
||||
|YES |YES |DEACTIVATE |
|
||||
|
||||
Description:
|
||||
Deactivates a local user, optionally with a reason.
|
||||
|
||||
Request JSON Format:
|
||||
|
||||
|Field |Type |Description |Required|
|
||||
|
@ -190,14 +187,12 @@ Reactivates a local user.
|
|||
|
||||
### GET `/_telodendria/admin/tokens`
|
||||
|
||||
Gets a list of *all* tokens present, and additional information.
|
||||
|
||||
|Requires token|Rate limited|Permissions |
|
||||
|--------------|------------|------------|
|
||||
|YES |YES |ISSUE_TOKENS|
|
||||
|
||||
Description:
|
||||
Gets a list of *all* tokens present, and additional information.
|
||||
|
||||
|
||||
|Error response|Description |
|
||||
|--------------|---------------------------|
|
||||
|200 |Token list was sucessfully |
|
||||
|
@ -274,13 +269,12 @@ Gets a list of *all* tokens present, and additional information.
|
|||
|
||||
### GET `/_telodendria/admin/tokens/[token]`
|
||||
|
||||
Returns information about a specific registration token.
|
||||
|
||||
|Requires token|Rate limited|Permissions |
|
||||
|--------------|------------|------------|
|
||||
|YES |YES |ISSUE_TOKENS|
|
||||
|
||||
Description:
|
||||
Returns information about a specific registration token.
|
||||
|
||||
|error response|description |
|
||||
|--------------|---------------------------|
|
||||
|200 |token info was sucessfully |
|
||||
|
@ -329,13 +323,12 @@ Returns information about a specific registration token.
|
|||
|
||||
### POST `/_telodendria/admin/tokens`
|
||||
|
||||
Adds a registration token, and setup expiry date and max uses.
|
||||
|
||||
|Requires token|Rate limited|Permissions |
|
||||
|--------------|------------|------------|
|
||||
|YES |YES |ISSUE_TOKENS|
|
||||
|
||||
Description:
|
||||
Adds a registration token, and setup expiry date and max uses.
|
||||
|
||||
Request JSON Format:
|
||||
|
||||
|Field |Type |Description |Required|
|
||||
|
@ -438,47 +431,3 @@ Deletes an existing registration token.
|
|||
}
|
||||
```
|
||||
|
||||
### POST /_telodendria/admin/user/create
|
||||
|
||||
|Requires token|Rate limited|Permissions |
|
||||
|--------------|------------|------------|
|
||||
|YES |YES |CREATE_USERS|
|
||||
|
||||
Description:
|
||||
Creates a new user with password login.
|
||||
**NOTE**: This does not make the user login.
|
||||
|
||||
Request JSON Format:
|
||||
|
||||
|Field |Type |Description |Required|
|
||||
|-------------|-----------|----------------------|--------|
|
||||
|name |localpart |The created user's lo-|YES |
|
||||
| | |calpart. | |
|
||||
|-------------|-----------|----------------------|--------|
|
||||
|password |string |The created user's |YES |
|
||||
| | |password. | |
|
||||
|
||||
Request Example:
|
||||
```json
|
||||
{
|
||||
"name": "edward",
|
||||
"password": "verysecurepassworddontworryaboutittoomuch"
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
|Error response|Description |
|
||||
|--------------|-----------------------------|
|
||||
|204 |User was sucessfully created.|
|
||||
|--------------|-----------------------------|
|
||||
|403 |User does not have the |
|
||||
| |CREATE_USERS permission. |
|
||||
|
||||
403 Response JSON Format:
|
||||
|
||||
```json
|
||||
{
|
||||
"errcode": "M_FORBIDDEN",
|
||||
"error": "Forbidden access. Bad permissions or not authenticated."
|
||||
}
|
||||
```
|
||||
|
|
Loading…
Reference in a new issue