Add public endpoint to get user photo
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone Build is passing

This commit is contained in:
Garrett Mills 2021-04-19 13:32:35 -05:00
parent 13af63a364
commit de20dce735
Signed by: garrettmills
GPG Key ID: D2BF5FBA8298F246
3 changed files with 26 additions and 0 deletions

View File

@ -220,6 +220,28 @@ class AuthController extends Controller {
return res.api(await user.to_api()) return res.api(await user.to_api())
} }
async get_user_photo(req, res, next) {
let user
if ( req.params.id === 'me' ) {
user = req.user
} else {
const User = this.models.get('auth:User')
user = await User.findOne({ uid: req.params.id })
}
if ( !user )
return res.status(404)
.message(req.T('api.user_not_found'))
.api()
const file = await user.photo()
if ( !file )
// The user does not have a profile. Send the default.
return res.sendFile(this.utility.path('app/assets/people.png'))
await file.send(res)
}
async create_group(req, res, next) { async create_group(req, res, next) {
if ( !req.user.can(`auth:group:create`) ) if ( !req.user.can(`auth:group:create`) )
return res.status(401) return res.status(401)

View File

@ -36,6 +36,9 @@ const auth_routes = {
['middleware::api:Permission', { check: 'v1:auth:users:get' }], ['middleware::api:Permission', { check: 'v1:auth:users:get' }],
'controller::api:v1:Auth.get_user', 'controller::api:v1:Auth.get_user',
], ],
'/users/:id/photo': [
'controller::api:v1:Auth.get_user_photo',
],
'/groups/:id': [ '/groups/:id': [
'middleware::auth:APIRoute', 'middleware::auth:APIRoute',
['middleware::api:Permission', { check: 'v1:auth:groups:get' }], ['middleware::api:Permission', { check: 'v1:auth:groups:get' }],

View File

@ -9,6 +9,7 @@ module.exports = exports = {
vault_not_found: 'A vault with that ID not found.', vault_not_found: 'A vault with that ID not found.',
user_not_found: 'User not found with that ID.', user_not_found: 'User not found with that ID.',
photo_not_found: 'This user has no photo.',
user_already_exists: 'A user with that identifier already exists.', user_already_exists: 'A user with that identifier already exists.',
client_not_found: 'Client not found with that ID.', client_not_found: 'Client not found with that ID.',