diff --git a/README-CONFIG.md b/README-CONFIG.md index 1bb70cc10..32b48d919 100644 --- a/README-CONFIG.md +++ b/README-CONFIG.md @@ -66,6 +66,112 @@ This document will describe about the detail of each configuration: } ``` +## User management + +### Register user + +* Only admin and users who has admin roles can register a new user. +* admin user can register a user who has `admin` or `user` roles + * `user` roles doesn't include a privilege to manipulate user +* If multiple profiles are configured, user information of each profile is completely isolated. + * e.g. Admin of org1-network can't manipulate user of org2-network. +* There are 2 ways to register a new user to Explorer. You can do that via GUI or Web API. + + * GUI +![](docs/source/images/UserRegisterGUI.png) + + * Web API +First you need to login using admin credential to get a JSON Web token. + ```shell + $ curl -s --location --request POST 'localhost:8080/auth/login' \ + --header 'Content-Type: application/json' --data-raw '{ + "user": "exploreradmin", + "password": "exploreradminpw", + "network": "first-network" + }' | jq . + + { + "success": true, + "message": "You have successfully logged in!", + "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiZXhwbG9yZXJhZG1pbiIsIm5ldHdvcmsiOiJmaXJzdC1uZXR3b3JrIiwiaWF0IjoxNTk3MTMyMTY0LCJleHAiOjE1OTcxMzkzNjR9.5Z9nyQi93fsKNV9Y7RgAXaXKds70fivZOVAEefHzlx4", + "user": { + "message": "logged in", + "name": "exploreradmin" + } + } + ``` + + Then post a request for registering a new user with the retrieved token and mandatorily required parameters. + + ```shell + $ curl -s --location --request POST 'localhost:8080/api/register' \ + --header 'Content-Type: application/json' \ + --header 'Authorization: Bearer eyJheyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiZXhwbG9yZXJhZG1pbiIsIm5ldHdvcmsiOiJmaXJzdC1uZXR3b3JrIiwiaWF0IjoxNTk3MTMyMTY0LCJleHAiOjE1OTcxMzkzNjR9.5Z9nyQi93fsKNV9Y7RgAXaXKds70fivZOVAEefHzlx4' \ + --data-raw '{ + "user": "newuser", + "password": "newuser", + "roles": "user" + }' | jq . + + { + "status": 200 + } + ``` + +### List registered user + +* Anyone can request this Web API after sing in Explorer dashboard. +* You can list registered user via Web API (GUI for this operation has not been supported yet). + + ```shell + $ curl -s --location --request GET 'localhost:8080/api/userlist' \ + --header 'conten: application/json' \ + --header 'Authorization: Bearer eyJheyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiZXhwbG9yZXJhZG1pbiIsIm5ldHdvcmsiOiJmaXJzdC1uZXR3b3JrIiwiaWF0IjoxNTk3MTMyMTY0LCJleHAiOjE1OTcxMzkzNjR9.5Z9nyQi93fsKNV9Y7RgAXaXKds70fivZOVAEefHzlx4' \ + | jq . + + { + "status": 200, + "message": [ + { + "username": "exploreradmin", + "email": null, + "networkName": "first-network", + "firstName": null, + "lastName": null, + "roles": "admin" + }, + { + "username": "newuser", + "email": null, + "networkName": "first-network", + "firstName": null, + "lastName": null, + "roles": "user" + } + ] + } + ``` + +### Unregister user + +* Root admin user can't be unregistered +* It's not allowed to unregister user who's sending this request itself +* You can unregister user via Web API (GUI for this operation has not been supported yet). + +```shell +$ curl -s --location --request POST 'localhost:8080/api/unregister' \ +--header 'Content-Type: application/json' \ +--header 'Authorization: Bearer eyJheyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiZXhwbG9yZXJhZG1pbiIsIm5ldHdvcmsiOiJmaXJzdC1uZXR3b3JrIiwiaWF0IjoxNTk3MTMyMTY0LCJleHAiOjE1OTcxMzkzNjR9.5Z9nyQi93fsKNV9Y7RgAXaXKds70fivZOVAEefHzlx4' \ +--data-raw '{ +"user": "newuser" +}' | jq . + +{ + "status": 200, + "message": "Unregistered successfully!" +} +``` + ## Enable TLS * If your fabric network enables TLS, then set `true` to `client.tlsEnable` in the connection profile (e.g. `app/platform/fabric/connection-profile/first-network.json`). diff --git a/docs/source/images/UserRegisterGUI.png b/docs/source/images/UserRegisterGUI.png new file mode 100644 index 000000000..bf04bf479 Binary files /dev/null and b/docs/source/images/UserRegisterGUI.png differ