Working on adding functionality for administrators to directly add users to the application

2018-02-23 22:05:58 -06:00 · 2018-02-23 22:05:58 -06:00 · bc947a14ae
commit bc947a14ae
parent a5211d9483
4 changed files with 29 additions and 21 deletions
--- a/client/js/controllers/top_navigation_controller.js
+++ b/client/js/controllers/top_navigation_controller.js
@ -47,10 +47,12 @@ class TopNavigationController {
            topNavigation.hide('users');
        }
        if (api.isLoggedIn()) {
+            if (!api.hasPrivilege('users:create:any')) {
                topNavigation.hide('register');
+            }
            topNavigation.hide('login');
        } else {
-            if (!api.hasPrivilege('users:create')) {
+            if (!api.hasPrivilege('users:create:self')) {
                topNavigation.hide('register');
            }
            topNavigation.hide('account');
--- a/client/js/controllers/user_registration_controller.js
+++ b/client/js/controllers/user_registration_controller.js
@ -10,7 +10,7 @@ const EmptyView = require('../views/empty_view.js');

 class UserRegistrationController {
    constructor() {
-        if (!api.hasPrivilege('users:create')) {
+        if (!api.hasPrivilege('users:create:self')) {
            this._view = new EmptyView();
            this._view.showError('Registration is closed.');
            return;
@ -30,6 +30,7 @@ class UserRegistrationController {
        user.email = e.detail.email;
        user.password = e.detail.password;
        user.save().then(() => {
+            // TODO: Support the flow where an admin creates a user. Don't log them out...
            api.forget();
            return api.login(e.detail.name, e.detail.password, false);
        }).then(() => {
--- a/server/szurubooru/api/user_api.py
+++ b/server/szurubooru/api/user_api.py
@ -26,8 +26,11 @@ def get_users(
@rest.routes.post('/users/?')
 def create_user(
        ctx: rest.Context, _params: Dict[str, str] = {}) -> rest.Response:
-    if config.config['registration_enabled']:
-        auth.verify_privilege(ctx.user, 'users:create')
+    if ctx.user.user_id is None:
+        auth.verify_privilege(ctx.user, 'users:create:self')
+    else:
+        auth.verify_privilege(ctx.user, 'users:create:any')
+
    name = ctx.get_param_as_string('name')
    password = ctx.get_param_as_string('password')
    email = ctx.get_param_as_string('email', default='')
@ -41,9 +44,11 @@ def create_user(
            ctx.get_file('avatar', default=b''))
    ctx.session.add(user)
    ctx.session.commit()
+
+    if ctx.user.user_id is not None:
+        user = ctx.user
+
    return _serialize(ctx, user, force_show_email=True)
-    else:
-        raise errors.ValidationError('User Registration Disabled')


@rest.routes.get('/user/(?P<user_name>[^/]+)/?')
--- a/server/szurubooru/tests/api/test_user_creating.py
+++ b/server/szurubooru/tests/api/test_user_creating.py
@ -6,7 +6,7 @@ from szurubooru.func import users

@pytest.fixture(autouse=True)
 def inject_config(config_injector):
-    config_injector({'privileges': {'users:create': 'regular'}})
+    config_injector({'privileges': {'users:create:self': 'regular'}})


 def test_creating_user(user_factory, context_factory, fake_datetime):