Add GET method to admin API /users/@user:dom/admin

Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
This commit is contained in:
Olivier Wilkinson (reivilibre) 2019-08-27 13:12:27 +01:00
parent 1a7e6eb633
commit c88a119259
4 changed files with 43 additions and 9 deletions

1
changelog.d/5914.feature Normal file
View File

@ -0,0 +1 @@
Add admin API endpoint for getting whether or not a user is a server administrator.

View File

@ -94,6 +94,15 @@ class AdminHandler(BaseHandler):
return ret return ret
def get_user_server_admin(self, user):
"""
Get the admin bit on a user.
Args:
user_id (UserID): the (necessarily local) user to manipulate
"""
return self.store.is_server_admin(user)
def set_user_server_admin(self, user, admin): def set_user_server_admin(self, user, admin):
""" """
Set the admin bit on a user. Set the admin bit on a user.

View File

@ -52,7 +52,7 @@ logger = logging.getLogger(__name__)
class UsersRestServlet(RestServlet): class UsersRestServlet(RestServlet):
PATTERNS = historical_admin_path_patterns("/users/(?P<user_id>[^/]*)") PATTERNS = historical_admin_path_patterns("/users/(?P<user_id>[^/]*)$")
def __init__(self, hs): def __init__(self, hs):
self.hs = hs self.hs = hs

View File

@ -22,24 +22,34 @@ from synapse.http.servlet import (
assert_params_in_dict, assert_params_in_dict,
parse_json_object_from_request, parse_json_object_from_request,
) )
from synapse.rest.admin import assert_requester_is_admin from synapse.rest.admin import assert_requester_is_admin, assert_user_is_admin
from synapse.types import UserID from synapse.types import UserID
class UserAdminServlet(RestServlet): class UserAdminServlet(RestServlet):
""" """
Set whether or not a user is a server administrator. Get or set whether or not a user is a server administrator.
Note that only local users can be server administrators, and that an Note that only local users can be server administrators, and that an
administrator may not demote themselves. administrator may not demote themselves.
Only server administrators can use this API. Only server administrators can use this API.
Example: Examples:
* Get
GET /_synapse/admin/v1/users/@nonadmin:example.com/admin
response on success:
{
"admin": false
}
* Set
PUT /_synapse/admin/v1/users/@reivilibre:librepush.net/admin PUT /_synapse/admin/v1/users/@reivilibre:librepush.net/admin
request body:
{ {
"admin": true "admin": true
} }
response on success:
{}
""" """
PATTERNS = (re.compile("^/_synapse/admin/v1/users/(?P<user_id>@[^/]*)/admin$"),) PATTERNS = (re.compile("^/_synapse/admin/v1/users/(?P<user_id>@[^/]*)/admin$"),)
@ -50,9 +60,23 @@ class UserAdminServlet(RestServlet):
self.handlers = hs.get_handlers() self.handlers = hs.get_handlers()
@defer.inlineCallbacks @defer.inlineCallbacks
def on_PUT(self, request, user_id): def on_GET(self, request, user_id):
yield assert_requester_is_admin(self.auth, request) yield assert_requester_is_admin(self.auth, request)
target_user = UserID.from_string(user_id)
if not self.hs.is_mine(target_user):
raise SynapseError(400, "Only local users can be admins of this homeserver")
is_admin = yield self.handlers.admin_handler.get_user_server_admin(target_user)
is_admin = bool(is_admin)
return (200, {"admin": is_admin})
@defer.inlineCallbacks
def on_PUT(self, request, user_id):
requester = yield self.auth.get_user_by_req(request) requester = yield self.auth.get_user_by_req(request)
yield assert_user_is_admin(self.auth, requester.user)
auth_user = requester.user auth_user = requester.user
target_user = UserID.from_string(user_id) target_user = UserID.from_string(user_id)