remove registry flags, one-of, change user_id to username

Author: emathew5

api-docs/openapi.json

@@ -5,7 +5,7 @@
   "title": "CVE Create Registry User Request",
   "description": "JSON Schema for creating a CVE Registry User",
   "properties": {
-    "user_id": {
+    "username": {
       "type": "string",
       "description": "User's identifier or username"
     },
@@ -75,7 +75,7 @@
     }
   },
   "required": [
-    "user_id",
+    "username",
     "name"
   ]
 }

schemas/registry-user/create-registry-user-request.json

@@ -16,7 +16,7 @@
           "type": "string",
           "description": "Unique identifier for the user"
         },
-        "user_id": {
+        "username": {
           "type": "string",
           "description": "User's identifier or username"
         },

schemas/registry-user/create-registry-user-response.json

@@ -9,7 +9,7 @@
       "type": "string",
       "description": "Unique identifier for the user"
     },
-    "user_id": {
+    "username": {
       "type": "string",
       "description": "User's identifier or username"
     },

schemas/registry-user/get-registry-user-response.json

@@ -5,7 +5,7 @@
   "title": "CVE Update Registry User Request",
   "description": "JSON Schema for updating a CVE Registry User",
   "properties": {
-    "user_id": {
+    "username": {
       "type": "string",
       "description": "User's identifier or username"
     },

schemas/registry-user/update-registry-user-request.json

@@ -16,7 +16,7 @@
           "type": "string",
           "description": "Unique identifier for the user"
         },
-        "user_id": {
+        "username": {
           "type": "string",
           "description": "User's identifier or username"
         },

schemas/registry-user/update-registry-user-response.json

@@ -48,6 +48,80 @@ router.get('/registry/org/:identifier',
   controller.ORG_SINGLE
 )
 router.get('/registry/org/:shortname/user/:username',
+  /*
+  #swagger.tags = ['Registry User']
+  #swagger.operationId = 'registryUserSingle'
+  #swagger.summary = "Retrieves information about a user for the specified username and organization short name (accessible to all registered users)"
+  #swagger.description = "
+        <h2>Access Control</h2>
+        <p>All registered users can access this endpoint</p>
+        <h2>Expected Behavior</h2>
+        <p><b>Regular, CNA & Admin Users:</b> Retrieves information about a registry user in the same organization</p>
+        <p><b>Secretariat:</b> Retrieves any registry user's information</p>"
+  #swagger.parameters['shortname'] = {
+    description: 'The shortname of the organization'
+  }
+  #swagger.parameters['username'] = {
+    description: 'The username of the registry user',
+    schema: {
+      type: 'string',
+      pattern: '^[a-zA-Z0-9._@-]+$'  // Based on isValidUsername custom validator
+    }
+  }
+  #swagger.parameters['$ref'] = [
+    '#/components/parameters/apiEntityHeader',
+    '#/components/parameters/apiUserHeader',
+    '#/components/parameters/apiSecretHeader'
+  ]
+  #swagger.responses[200] = {
+    description: 'Returns information about the specified registry user',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/registry-user/get-registry-user-response.json' }
+      }
+    }
+  }
+  #swagger.responses[400] = {
+    description: 'Bad Request',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/bad-request.json' }
+      }
+    }
+  }
+  #swagger.responses[401] = {
+    description: 'Not Authenticated',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/generic.json' }
+      }
+    }
+  }
+  #swagger.responses[403] = {
+    description: 'Forbidden',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/generic.json' }
+      }
+    }
+  }
+  #swagger.responses[404] = {
+    description: 'Not Found',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/generic.json' }
+      }
+    }
+  }
+  #swagger.responses[500] = {
+    description: 'Internal Server Error',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/generic.json' }
+      }
+    }
+  }
+  */
   mw.useRegistry(),
   mw.validateUser,
   param(['shortname']).isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
@@ -75,6 +149,81 @@ router.put('/registry/org/:shortname',
 )
 
 router.post('/registry/org/:shortname/user',
+  /*
+  #swagger.tags = ['Registry User']
+  #swagger.operationId = 'registryUserCreateSingle'
+  #swagger.summary = "Create a user with the provided short name as the owning organization (accessible to Admins and Secretariats)"
+  #swagger.description = "
+        <h2>Access Control</h2>
+        <p>User must belong to an organization with the <b>Secretariat</b> role or be an <b>Admin</b> of the organization</p>
+        <h2>Expected Behavior</h2>
+        <p><b>Admin User:</b> Creates a user for the Admin's organization</p>
+        <p><b>Secretariat:</b> Creates a user for any organization</p>"
+  #swagger.parameters['shortname'] = { description: 'The shortname of the organization' }
+  #swagger.parameters['$ref'] = [
+    '#/components/parameters/apiEntityHeader',
+    '#/components/parameters/apiUserHeader',
+    '#/components/parameters/apiSecretHeader'
+  ]
+  #swagger.requestBody = {
+    required: true,
+    content: {
+      'application/json': {
+        schema:
+            { $ref: '../schemas/registry-user/create-registry-user-request.json' }
+      }
+    }
+  }
+  #swagger.responses[200] = {
+    description: 'Returns the new user information (with the secret)',
+    content: {
+      "application/json": {
+        schema:
+            { $ref: '../schemas/registry-user/create-registry-user-response.json' }
+      }
+    }
+  }
+  #swagger.responses[400] = {
+    description: 'Bad Request',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/bad-request.json' }
+      }
+    }
+  }
+  #swagger.responses[401] = {
+    description: 'Not Authenticated',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/generic.json' }
+      }
+    }
+  }
+  #swagger.responses[403] = {
+    description: 'Forbidden',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/generic.json' }
+      }
+    }
+  }
+  #swagger.responses[404] = {
+    description: 'Not Found',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/generic.json' }
+      }
+    }
+  }
+  #swagger.responses[500] = {
+    description: 'Internal Server Error',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/generic.json' }
+      }
+    }
+  }
+  */
   mw.useRegistry(),
   mw.validateUser,
   mw.onlySecretariatOrAdmin,
@@ -96,6 +245,82 @@ router.post('/registry/org/:shortname/user',
   controller.USER_CREATE_SINGLE
 )
 router.put('/registry/org/:shortname/user/:username',
+  /*
+  #swagger.tags = ['Registry User']
+  #swagger.operationId = 'registryUserUpdateSingle'
+  #swagger.summary = "Updates information about a user for the specified username and organization shortname (accessible to all registered users)"
+  #swagger.description = "
+        <h2>Access Control</h2>
+        <p>All registered users can access this endpoint</p>
+        <h2>Expected Behavior</h2>
+        <p><b>Regular User:</b> Updates the user's own information. Only name fields may be changed.</p>
+        <p><b>Admin User:</b> Updates information about a user in the Admin's organization. Allowed to change all fields except org_short_name. </p>
+        <p><b>Secretariat:</b> Updates information about a user in any organization. Allowed to change all fields.</p>"
+  #swagger.parameters['shortname'] = { description: 'The shortname of the organization' }
+  #swagger.parameters['username'] = { description: 'The username of the user' }
+  #swagger.parameters['$ref'] = [
+    '#/components/parameters/active',
+    '#/components/parameters/activeUserRolesAdd',
+    '#/components/parameters/activeUserRolesRemove',
+    '#/components/parameters/nameFirst',
+    '#/components/parameters/nameLast',
+    '#/components/parameters/nameMiddle',
+    '#/components/parameters/nameSuffix',
+    '#/components/parameters/newUsername',
+    '#/components/parameters/orgShortname',
+    '#/components/parameters/apiEntityHeader',
+    '#/components/parameters/apiUserHeader',
+    '#/components/parameters/apiSecretHeader'
+  ]
+  #swagger.responses[200] = {
+    description: 'Returns the updated user information',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/registry-user/update-registry-user-response.json' }
+      }
+    }
+  }
+  #swagger.responses[400] = {
+    description: 'Bad Request',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/bad-request.json' }
+      }
+    }
+  }
+  #swagger.responses[401] = {
+    description: 'Not Authenticated',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/generic.json' }
+      }
+    }
+  }
+  #swagger.responses[403] = {
+    description: 'Forbidden',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/generic.json' }
+      }
+    }
+  }
+  #swagger.responses[404] = {
+    description: 'Not Found',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/generic.json' }
+      }
+    }
+  }
+  #swagger.responses[500] = {
+    description: 'Internal Server Error',
+    content: {
+      "application/json": {
+        schema: { $ref: '../schemas/errors/generic.json' }
+      }
+    }
+  }
+  */
   mw.useRegistry(),
   mw.validateUser,
   mw.onlyOrgWithPartnerRole,
@@ -663,25 +888,16 @@ router.post('/org/:shortname/user',
     required: true,
     content: {
       'application/json': {
-        schema: {
-          oneOf: [
-            { $ref: '../schemas/user/create-user-request.json' },
-            { $ref: '../schemas/registry-user/create-registry-user-request.json' }
-          ]
-        },
+        schema:
+            { $ref: '../schemas/user/create-user-request.json' }
       }
     }
   }
   #swagger.responses[200] = {
     description: 'Returns the new user information (with the secret)',
     content: {
       "application/json": {
-        schema: {
-          oneOf: [
-            { $ref: '../schemas/user/create-user-response.json' },
-            { $ref: '../schemas/registry-user/create-registry-user-response.json' }
-          ]
-        }
+        schema: { $ref: '../schemas/user/create-user-response.json' }
       }
     }
   }
@@ -758,7 +974,6 @@ router.get('/org/:shortname/user/:username',
   #swagger.parameters['shortname'] = { description: 'The shortname of the organization' }
   #swagger.parameters['username'] = { description: 'The username of the user' }
   #swagger.parameters['$ref'] = [
-    '#/components/parameters/registry',
     '#/components/parameters/apiEntityHeader',
     '#/components/parameters/apiUserHeader',
     '#/components/parameters/apiSecretHeader'
@@ -767,12 +982,7 @@ router.get('/org/:shortname/user/:username',
     description: 'Returns information about the specified user',
     content: {
       "application/json": {
-        schema: {
-          oneOf: [
-            { $ref: '../schemas/user/get-user-response.json' },
-            { $ref: '../schemas/registry-user/get-registry-user-response.json' }
-          ]
-        }
+        schema: { $ref: '../schemas/user/get-user-response.json' }
       }
     }
   }
@@ -856,12 +1066,7 @@ router.put('/org/:shortname/user/:username',
     description: 'Returns the updated user information',
     content: {
       "application/json": {
-        schema: {
-          oneOf: [
-            { $ref: '../schemas/user/update-user-response.json' },
-            { $ref: '../schemas/registry-user/update-registry-user-response.json' }
-          ]
-        }
+        schema: {$ref: '../schemas/user/update-user-response.json'}
       }
     }
   }