CreateUser create a user. swagger:operation POST /user user createUser Create a user. With enabled registration: non admin users can be created without authentication. With disabled registrations: users can only be created by admin users. --- consumes: [application/json] produces: [application
(ctx *gin.Context)
| 166 | // schema: |
| 167 | // $ref: "#/definitions/Error" |
| 168 | func (a *UserAPI) CreateUser(ctx *gin.Context) { |
| 169 | user := model.CreateUserExternal{} |
| 170 | if err := ctx.Bind(&user); err == nil { |
| 171 | internal := &model.User{ |
| 172 | Name: user.Name, |
| 173 | Admin: user.Admin, |
| 174 | Pass: password.CreatePassword(user.Pass, a.PasswordStrength), |
| 175 | } |
| 176 | existingUser, err := a.DB.GetUserByName(internal.Name) |
| 177 | if success := successOrAbort(ctx, 500, err); !success { |
| 178 | return |
| 179 | } |
| 180 | |
| 181 | var requestedBy *model.User |
| 182 | uid := auth.TryGetUserID(ctx) |
| 183 | if uid != nil { |
| 184 | requestedBy, err = a.DB.GetUserByID(*uid) |
| 185 | if err != nil { |
| 186 | ctx.AbortWithError(http.StatusInternalServerError, fmt.Errorf("could not get user: %s", err)) |
| 187 | return |
| 188 | } |
| 189 | } |
| 190 | |
| 191 | if requestedBy == nil || !requestedBy.Admin { |
| 192 | status := http.StatusUnauthorized |
| 193 | if requestedBy != nil { |
| 194 | status = http.StatusForbidden |
| 195 | } |
| 196 | if !a.Registration { |
| 197 | ctx.AbortWithError(status, errors.New("you are not allowed to access this api")) |
| 198 | return |
| 199 | } |
| 200 | if internal.Admin { |
| 201 | ctx.AbortWithError(status, errors.New("you are not allowed to create an admin user")) |
| 202 | return |
| 203 | } |
| 204 | } |
| 205 | |
| 206 | if existingUser == nil { |
| 207 | if success := successOrAbort(ctx, 500, a.DB.CreateUser(internal)); !success { |
| 208 | return |
| 209 | } |
| 210 | if err := a.UserChangeNotifier.fireUserAdded(internal.ID); err != nil { |
| 211 | ctx.AbortWithError(500, err) |
| 212 | return |
| 213 | } |
| 214 | ctx.JSON(200, toExternalUser(internal)) |
| 215 | } else { |
| 216 | ctx.AbortWithError(400, errors.New("username already exists")) |
| 217 | } |
| 218 | } |
| 219 | } |
| 220 | |
| 221 | // GetUserByID returns the user by id |
| 222 | // swagger:operation GET /user/{id} user getUser |
nothing calls this directly
no test coverage detected