Merge pull request #5914 from matrix-org/rei/admin_getadmin

Add GET method to admin API /users/@user:dom/admin
This commit is contained in:
reivilibre 2019-08-28 09:44:22 +01:00 committed by GitHub
commit a3f0635686
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 62 additions and 9 deletions

1
changelog.d/5914.feature Normal file
View file

@ -0,0 +1 @@
Add admin API endpoint for getting whether or not a user is a server administrator.

View file

@ -86,6 +86,25 @@ with a body of:
including an ``access_token`` of a server admin. including an ``access_token`` of a server admin.
Get whether a user is a server administrator or not
===================================================
The api is::
GET /_synapse/admin/v1/users/<user_id>/admin
including an ``access_token`` of a server admin.
A response body like the following is returned:
.. code:: json
{
"admin": true
}
Change whether a user is a server administrator or not Change whether a user is a server administrator or not
====================================================== ======================================================

View file

@ -94,6 +94,15 @@ class AdminHandler(BaseHandler):
return ret return ret
def get_user_server_admin(self, user):
"""
Get the admin bit on a user.
Args:
user_id (UserID): the (necessarily local) user to manipulate
"""
return self.store.is_server_admin(user)
def set_user_server_admin(self, user, admin): def set_user_server_admin(self, user, admin):
""" """
Set the admin bit on a user. Set the admin bit on a user.

View file

@ -52,7 +52,7 @@ logger = logging.getLogger(__name__)
class UsersRestServlet(RestServlet): class UsersRestServlet(RestServlet):
PATTERNS = historical_admin_path_patterns("/users/(?P<user_id>[^/]*)") PATTERNS = historical_admin_path_patterns("/users/(?P<user_id>[^/]*)$")
def __init__(self, hs): def __init__(self, hs):
self.hs = hs self.hs = hs

View file

@ -22,24 +22,34 @@ from synapse.http.servlet import (
assert_params_in_dict, assert_params_in_dict,
parse_json_object_from_request, parse_json_object_from_request,
) )
from synapse.rest.admin import assert_requester_is_admin from synapse.rest.admin import assert_requester_is_admin, assert_user_is_admin
from synapse.types import UserID from synapse.types import UserID
class UserAdminServlet(RestServlet): class UserAdminServlet(RestServlet):
""" """
Set whether or not a user is a server administrator. Get or set whether or not a user is a server administrator.
Note that only local users can be server administrators, and that an Note that only local users can be server administrators, and that an
administrator may not demote themselves. administrator may not demote themselves.
Only server administrators can use this API. Only server administrators can use this API.
Example: Examples:
* Get
GET /_synapse/admin/v1/users/@nonadmin:example.com/admin
response on success:
{
"admin": false
}
* Set
PUT /_synapse/admin/v1/users/@reivilibre:librepush.net/admin PUT /_synapse/admin/v1/users/@reivilibre:librepush.net/admin
request body:
{ {
"admin": true "admin": true
} }
response on success:
{}
""" """
PATTERNS = (re.compile("^/_synapse/admin/v1/users/(?P<user_id>@[^/]*)/admin$"),) PATTERNS = (re.compile("^/_synapse/admin/v1/users/(?P<user_id>@[^/]*)/admin$"),)
@ -50,9 +60,23 @@ class UserAdminServlet(RestServlet):
self.handlers = hs.get_handlers() self.handlers = hs.get_handlers()
@defer.inlineCallbacks @defer.inlineCallbacks
def on_PUT(self, request, user_id): def on_GET(self, request, user_id):
yield assert_requester_is_admin(self.auth, request) yield assert_requester_is_admin(self.auth, request)
target_user = UserID.from_string(user_id)
if not self.hs.is_mine(target_user):
raise SynapseError(400, "Only local users can be admins of this homeserver")
is_admin = yield self.handlers.admin_handler.get_user_server_admin(target_user)
is_admin = bool(is_admin)
return (200, {"admin": is_admin})
@defer.inlineCallbacks
def on_PUT(self, request, user_id):
requester = yield self.auth.get_user_by_req(request) requester = yield self.auth.get_user_by_req(request)
yield assert_user_is_admin(self.auth, requester.user)
auth_user = requester.user auth_user = requester.user
target_user = UserID.from_string(user_id) target_user = UserID.from_string(user_id)