49 lines
2 KiB
Python
49 lines
2 KiB
Python
from rest_framework import viewsets, status
|
|
from rest_framework.decorators import action
|
|
from rest_framework.response import Response
|
|
|
|
from userausfall.models import User, MissingUserAttribute, PasswordMismatch
|
|
from userausfall.rest_api.permissions import UserPermission
|
|
from userausfall.rest_api.serializers import (
|
|
ActivateUserSerializer,
|
|
CreateUserSerializer,
|
|
RetrieveUserSerializer,
|
|
)
|
|
|
|
|
|
class UserViewSet(viewsets.ModelViewSet):
|
|
permission_classes = [UserPermission]
|
|
queryset = User.objects.all()
|
|
|
|
@action(detail=False, url_path="me")
|
|
def retrieve_authenticated(self, request):
|
|
"""Retrieve user data for logged in user."""
|
|
serializer = self.get_serializer(request.user)
|
|
return Response(serializer.data)
|
|
|
|
@action(detail=True, methods=["post"])
|
|
def activate(self, request, pk=None):
|
|
"""Create the corresponding LDAP account."""
|
|
user: User = self.get_object()
|
|
serializer = self.get_serializer(data=request.data)
|
|
if serializer.is_valid():
|
|
try:
|
|
# We prevent untrusted user accounts from being activated via API.
|
|
# They might be activated via Admin or programmatically.
|
|
if not user.trust_bridge.is_trusted:
|
|
raise MissingUserAttribute("User has no trusted trust bridge.")
|
|
user.create_ldap_account(serializer.validated_data["password"])
|
|
except (MissingUserAttribute, PasswordMismatch) as e:
|
|
return Response({"message": str(e)}, status=status.HTTP_400_BAD_REQUEST)
|
|
return Response(status=status.HTTP_204_NO_CONTENT)
|
|
else:
|
|
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
|
|
|
|
def get_serializer_class(self):
|
|
if self.action == "activate":
|
|
return ActivateUserSerializer
|
|
elif self.action == "create":
|
|
return CreateUserSerializer
|
|
elif self.action == "retrieve_authenticated":
|
|
return RetrieveUserSerializer
|