From bcace4598345e486a686d88e60bc632ed414e494 Mon Sep 17 00:00:00 2001
From: Shinsuke Nara <shinsuke.nara@muraoka-design.com>
Date: Mon, 16 Oct 2017 15:40:34 +0900
Subject: [PATCH] Implement user creation REST API.

---
 redash/handlers/api.py   |  3 ++-
 redash/handlers/users.py | 31 +++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/redash/handlers/api.py b/redash/handlers/api.py
index 0e1003c7e6..e68603208d 100644
--- a/redash/handlers/api.py
+++ b/redash/handlers/api.py
@@ -11,7 +11,7 @@
 from redash.handlers.events import EventResource
 from redash.handlers.queries import QueryForkResource, QueryRefreshResource, QueryListResource, QueryRecentResource, QuerySearchResource, QueryResource, MyQueriesResource
 from redash.handlers.query_results import QueryResultListResource, QueryResultResource, JobResource
-from redash.handlers.users import UserResource, UserListResource, UserInviteResource, UserResetPasswordResource
+from redash.handlers.users import UserResource, UserListResource, UserInviteResource, UserResetPasswordResource, UserCreateResource
 from redash.handlers.visualizations import VisualizationListResource
 from redash.handlers.visualizations import VisualizationResource
 from redash.handlers.widgets import WidgetResource, WidgetListResource
@@ -89,6 +89,7 @@ def json_representation(data, code, headers=None):
 api.add_org_resource(UserResource, '/api/users/<user_id>', endpoint='user')
 api.add_org_resource(UserInviteResource, '/api/users/<user_id>/invite', endpoint='user_invite')
 api.add_org_resource(UserResetPasswordResource, '/api/users/<user_id>/reset_password', endpoint='user_reset_password')
+api.add_org_resource(UserCreateResource, '/api/users/create', endpoint='users_create')
 
 api.add_org_resource(VisualizationListResource, '/api/visualizations', endpoint='visualizations')
 api.add_org_resource(VisualizationResource, '/api/visualizations/<visualization_id>', endpoint='visualization')
diff --git a/redash/handlers/users.py b/redash/handlers/users.py
index 06ed23f7ad..c44f4b071b 100644
--- a/redash/handlers/users.py
+++ b/redash/handlers/users.py
@@ -56,6 +56,37 @@ def post(self):
 
         return d
 
+class UserCreateResource(BaseResource):
+    @require_admin
+    def post(self):
+        req = request.get_json(force=True)
+        require_fields(req, ('name', 'email', 'password'))
+
+        user = models.User(org=self.current_org,
+                           name=req['name'],
+                           email=req['email'],
+                           group_ids=[self.current_org.default_group.id])
+        user.hash_password(req['password'])
+
+        try:
+            models.db.session.add(user)
+            models.db.session.commit()
+        except IntegrityError as e:
+            if "email" in e.message:
+                abort(400, message='Email already taken.')
+
+            abort(500)
+
+        self.record_event({
+            'action': 'create',
+            'timestamp': int(time.time()),
+            'object_id': user.id,
+            'object_type': 'user'
+        })
+
+        d = user.to_dict()
+
+        return d
 
 class UserInviteResource(BaseResource):
     @require_admin