Merge branch 'soohwa-1285-feature-disable-user' into devel

REST API:
- Disable and enable user login.
- Take ownership boards of a user.
- List boards of user.

Thanks to soohwa ! Closes #1285, closes #1220, closes #1118

CHANGELOG.md

@@ -1,3 +1,11 @@
+# Upcoming Wekan release
+
+This release adds the following new features:
+
+* [REST API: Disable and enable user login. Take ownership boards of a user. List boards of user.](https://github.com/wekan/wekan/pull/1296)
+
+Thanks to GitHub user soohwa for contributions.
+
 # v0.50 2017-10-10 Wekan release
 
 This release fixes the following bugs:

models/boards.js

@@ -298,6 +298,15 @@ Boards.mutations({
     return { $pull: { labels: { _id: labelId } } };
   },
 
+  changeOwnership(fromId, toId) {
+    const memberIndex = this.memberIndex(fromId);
+    return {
+      $set: {
+        [`members.${memberIndex}.userId`]: toId,
+      },
+    };
+  },
+
   addMember(memberId) {
     const memberIndex = this.memberIndex(memberId);
     if (memberIndex >= 0) {
@@ -565,7 +574,7 @@ if (Meteor.isServer) {
 
     const data = Boards.find({
       archived: false,
-      'members.userId': req.userId,
+      'members.userId': paramUserId,
     }, {
       sort: ['title'],
     }).map(function(board) {

models/users.js

@@ -112,6 +112,10 @@ Users.attachSchema(new SimpleSchema({
     type: Boolean,
     optional: true,
   },
+  loginDisabled: {
+    type: Boolean,
+    optional: true,
+  },
 }));
 
 // Search a user in the complete server database by its name or username. This
@@ -597,6 +601,40 @@ if (Meteor.isServer) {
       data: Meteor.users.findOne({ _id: id }),
     });
   });
+  JsonRoutes.add('PUT', '/api/users/:id', function (req, res, next) {
+    Authentication.checkUserId( req.userId);
+    const id = req.params.id;
+    const action = req.body.action;
+    let data = Meteor.users.findOne({ _id: id });
+    if (data !== undefined) {
+      if (action === 'takeOwnership') {
+        data = Boards.find({
+          'members.userId': id,
+          'members.isAdmin': true,
+        }).map(function(board) {
+          if (board.hasMember(req.userId)) {
+            board.removeMember(req.userId);
+          }
+          board.changeOwnership(id, req.userId);
+          return {
+            _id: board._id,
+            title: board.title,
+          };
+        });
+      } else {
+        if ((action === 'disableLogin') && (id !== req.userId)) {
+          Users.update({ _id: id }, { $set: { loginDisabled: true, 'services.resume.loginTokens': '' } });
+        } else if (action === 'enableLogin') {
+          Users.update({ _id: id }, { $set: { loginDisabled: '' } });
+        }
+        data = Meteor.users.findOne({ _id: id });
+      }
+    }
+    JsonRoutes.sendResult(res, {
+      code: 200,
+      data,
+    });
+  });
   JsonRoutes.add('POST', '/api/users/', function (req, res, next) {
     Authentication.checkUserId( req.userId);
     const id = Accounts.createUser({

server/authentication.js

@@ -1,4 +1,9 @@
 Meteor.startup(() => {
+
+  Accounts.validateLoginAttempt(function (options) {
+    return !options.user.loginDisabled;
+  });
+
   Authentication = {};
 
   Authentication.checkUserId = function (userId) {