User services¶
User Retrieval Services¶
List of Users (xml.info?type=users)¶
The xml.info service can be used to retrieve the users defined in GeoNetwork. See Site Information (xml.info).
User groups list (xml.usergroups.list)¶
The xml.usergroups.list service can be used to retrieve the list of groups that a user belongs to.
Requires authentication: Yes
Request¶
Parameters:
- id: User identifier (multiple id elements can be specified)
User groups list request example:
Url:
http://localhost:8080/geonetwork/srv/eng/xml.usergroups.list
Mime-type:
application/xml
Post request:
<?xml version="1.0" encoding="UTF-8"?>
<request>
<id>3</id>
<request>
Response¶
If the request executes successfully then HTTP status code 200 is returned with an XML document containing the groups that the user belongs to. The elements in the response are:
- group: This is the container for each user group element returned
- id: Group identifier
- name: Group name
- description: Group description
User groups list response example:
<groups>
<group>
<id>3</id>
<name>RWS</name>
<description />
</group>
</groups>
If the request fails then an HTTP 500 status code error is returned and the response contains an XML document with the details of the exception/what went wrong. An example error response is::
<error id="missing-parameter">
<message>id</message>
<class>MissingParameterEx</class>
.....
</error>
See Exception handling for more details.
Errors¶
- Service not allowed (error id: service-not-allowed), when the user is not authenticated or their profile has no rights to execute the service. Returns 500 HTTP code
- User XXXX doesn’t exist, if a user with provided id value does not exist. Returns 500 HTTP code
User information (xml.user.get)¶
The xml.user.get service returns information on a specified user.
Requires authentication: Yes
Request¶
Parameters:
- id: Identifier of user to retrieve
User get request example:
Url:
http://localhost:8080/geonetwork/srv/eng/xml.user.get
Mime-type:
application/xml
Post request:
<request>
<id>2</id>
</request>
Response¶
If the request executed succesfully then an HTTP 200 status code is returned and an XML document containing the user information (including the groups they belong to) is returned. An example response is::
<response>
<record>
<id>2</id>
<username>bullshot</username>
<password>112c535b861a904569285c941277d0c642eea4bb</password>
<surname>Shot</surname>
<name>Bull</name>
<profile>RegisteredUser</profile>
<address>41 Shot Street</address>
<city>Kunnanurra</city>
<state>Western Australia</state>
<zip>8988</zip>
<country>Australia</country>
<email>gan@gan.com</email>
<organisation>B7</organisation>
<kind>gov</kind>
</record>
<groups>
<id>2</id>
</groups>
</response>
If the request fails then an HTTP 500 status code error is returned and the response contains an XML document with the details of the exception/what went wrong. An example error response is::
<error id="missing-parameter">
<message>id</message>
<class>MissingParameterEx</class>
.....
</error>
See Exception handling for more details.
Errors¶
- Service not allowed (error id: service-not-allowed), when the user is not authenticated or their profile has no rights to execute the service. Returns 500 HTTP code
- Missing parameter (error id: missing-parameter), when mandatory parameters are not provided. Returns 500 HTTP code
- bad-parameter id, when id parameter is empty/invalid. Returns 500 HTTP code
User Maintenance Services¶
Create a user (xml.user.update)¶
The xml.user.update service can be used to create new users, update user information and reset user password, depending on the value of the operation parameter. Only users with profiles Administrator or UserAdmin can create new users.
Users with profile Administrator can create users in any group, while users with profile UserAdmin can create users only in the groups to which they belong.
Requires authentication: Yes
Request¶
Parameters:
- operation: (mandatory) newuser
- username: (mandatory) User login name
- password: (mandatory) User password
- profile: (mandatory) User profile
- surname:User surname
- name: User name
- address: User physical address
- city: User address city
- state: User address state
- zip: User address zip
- country: User address country
- email: User email
- org: User organisation/departament
- kind: Kind of organisation
- groups: Group identifier to set for the user, can be multiple groups elements
- groupid: Group identifier
User create request example:
Url:
http://localhost:8080/geonetwork/srv/eng/xml.user.update
Mime-type:
application/xml
Post request:
<request>
<operation>newuser</operation>
<username>samantha</username>
<password>editor2</password>
<profile>Editor</profile>
<name>Samantha</name>
<city>Amsterdam</city>
<country>Netherlands</country>
<email>samantha@mail.net</email>
<groups>2</groups>
<groups>4</groups>
</request>
Response¶
If the request executed successfully then HTTP 200 status code is returned with an XML document containing an empty response element.
If the request fails, then an HTTP 500 status code error is returned with an XML document describing the exception/what went wrong. An example of such a response is::
<error id="error">
<message>User with username samantha already exists</message>
<class>IllegalArgumentException</class>
<stack>...</stack>
.....
</error>
See Exception handling for more details.
Errors¶
- Service not allowed (error id: service-not-allowed), when the user is not authenticated or their profile has no rights to execute the service. Returns 500 HTTP code
- Missing parameter (error id: missing-parameter), when mandatory parameters are not provided. Returns 500 HTTP code
- bad-parameter, when a mandatory fields is empty. Returns 500 HTTP code
- User with username XXXX already exists (error id: error), when a user with that username is already present. Returns 500 HTTP code
- Unknown profile XXXX (error id: error), when the profile is not valid. Returns 500 HTTP code
- ERROR: duplicate key violates unique constraint “users_username_key”, when trying to create a new user using an existing username. Returns 500 HTTP code
- ERROR: insert or update on table “usergroups” violates foreign key constraint “usergroups_groupid_fkey”, when group identifier is not an existing group identifier. Returns 500 HTTP code
- ERROR: tried to add group id XX to user XXXX - not allowed because you are not a member of that group, when the authenticated user has profile UserAdmin and tries to add the user to a group they do not manage. Returns 500 HTTP code
- ERROR: you don’t have rights to do this, when the authenticated user has a profile that is not Administrator or UserAdmin. Returns 500 HTTP code
Update user information (xml.user.update)¶
The xml.user.update service can be used to create new users, update user information and reset user password, depending on the value of the operation parameter. Only users with profiles Administrator or UserAdmin can update users information.
Users with profile Administrator can update any user, while users with profile UserAdmin can update users only in the groups where they belong.
Requires authentication: Yes
Request¶
Parameters:
- operation: (mandatory) editinfo
- id: (mandatory) Identifier of the user to update
- username: (mandatory) User login name
- password: (mandatory) User password
- profile: (mandatory) User profile
- surname: User surname
- name: User name
- address: User physical address
- city: User address city
- state: User address state
- zip: User address zip
- country: User address country
- email: User email
- org: User organisation/departament
- kind: Kind of organisation
- groups: Group identifier to set for the user, can be multiple groups elements
- groupid: Group identifier
Note
If an optional parameter is not provided, the value is updated in the database with an empty string.
Update user information request example:
Url:
http://localhost:8080/geonetwork/srv/eng/xml.user.update
Mime-type:
application/xml
Post request:
<?xml version="1.0" encoding="UTF-8"?>
<request>
<operation>editinfo</operation>
<id>5</id>
<username>samantha</username>
<password>editor2</password>
<profile>Editor</profile>
<name>Samantha</name>
<city>Rotterdam</city>
<country>Netherlands</country>
<email>samantha@mail.net</email>
</request>
Response¶
If the request executed successfully then HTTP 200 status code is returned with an XML document containing an empty response element.
If the request fails, then an HTTP 500 status code error is returned with an XML document describing the exception/what went wrong. An example of such a response is::
<error id="missing-parameter">
<message>username</message>
<class>MissingParameterEx</class>
<stack>...</stack>
.....
</error>
See Exception handling for more details.
Errors¶
- Service not allowed (error id: service-not-allowed), when the user is not authenticated or their profile has no rights to execute the service. Returns 500 HTTP code
- Missing parameter (error id: missing-parameter), when mandatory parameters are not provided. Returns 500 HTTP code
- bad-parameter, when a mandatory field is empty. Returns 500 HTTP code
- Unknown profile XXXX (error id: error), when the profile is not valid. Returns 500 HTTP code
- ERROR: duplicate key violates unique constraint “users_username_key”, when trying to create a new user using an existing username. Returns 500 HTTP code
- ERROR: insert or update on table “usergroups” violates foreign key constraint “usergroups_groupid_fkey”, when the group identifier is not an existing group identifier. Returns 500 HTTP code
- ERROR: tried to add group id XX to user XXXX - not allowed because you are not a member of that group, when the authenticated user has profile UserAdmin and tries to add the user to a group in which they do not manage. Returns 500 HTTP code
- ERROR: you don’t have rights to do this, when the authenticated user has a profile that is not Administrator or UserAdmin. Returns 500 HTTP code
Reset user password (xml.user.update)¶
The xml.user.update service can be used to create new users, update user information and reset user password, depending on the value of the operation parameter. Only users with profiles Administrator or UserAdmin can reset users password.
Users with profile Administrator can reset the password for any user, while users with profile UserAdmin can reset the password for users only in the groups where they belong.
Requires authentication: Yes
Request¶
Parameters:
- operation: (mandatory) resetpw
- id: (mandatory) Identifier of the user to reset the password
- username: (mandatory) User login name
- password: (mandatory) User new password
- profile: (mandatory) User profile
Reset user password request example:
Url:
http://localhost:8080/geonetwork/srv/eng/xml.user.update
Mime-type:
application/xml
Post request:
<?xml version="1.0" encoding="UTF-8"?>
<request>
<operation>resetpw</operation>
<id>2</id>
<username>editor</username>
<password>newpassword</password>
<profile>Editor</profile>
</request>
Response¶
If the request executed successfully then HTTP 200 status code is returned with an XML document containing an empty response element.
If the request fails, then an HTTP 500 status code error is returned with an XML document describing the exception/what went wrong. An example of such a response is::
<error id="missing-parameter">
<message>username</message>
<class>MissingParameterEx</class>
<stack>...</stack>
.....
</error>
See Exception handling for more details.
Errors¶
- Service not allowed (error id: service-not-allowed), when the user is not authenticated or their profile has no rights to execute the service. Returns 500 HTTP code
- Missing parameter (error id: missing-parameter), when mandatory parameters are not provided. Returns 500 HTTP code
- bad-parameter, when a mandatory field is empty. Returns 500 HTTP code
- Unknown profile XXXX (error id: error), when the profile is not valid. Returns 500 HTTP code
- ERROR: you don’t have rights to do this, when the authenticated user is not an Administrator or UserAdmin. Returns 500 HTTP code
Update current authenticated user information (xml.user.infoupdate)¶
The xml.user.infoupdate service can be used to update the information related to the current authenticated user.
Requires authentication: Yes
Request¶
Parameters:
- surname: (mandatory) User surname
- name: (mandatory) User name
- address: User physical address
- city: User address city
- state: User address state
- zip: User address zip
- country: User address country
- email: User email
- org: User organisation/departament
- kind: Kind of organisation
Note
If an optional parameter is not provided the value is updated in the database with an empty string.
Current user info update request example:
Url:
http://localhost:8080/geonetwork/srv/eng/xml.user.infoupdate
Mime-type:
application/xml
Post request:
<request>
<name>admin</name>
<surname>admin</surname>
<address>address</address>
<city>Amsterdam</city>
<zip>55555</zip>
<country>Netherlands</country>
<email>user@mail.net</email>
<org>GeoCat</org>
<kind>gov</kind>
</request>
Response¶
If the request executed successfully then HTTP 200 status code is returned with an XML document containing an empty response element.
If the request fails, then an HTTP 500 status code error is returned with an XML document describing the exception/what went wrong. An example of such a response is::
<error id="missing-parameter">
<message>surname</message>
<class>MissingParameterEx</class>
<stack>...</stack>
.....
</error>
See Exception handling for more details.
Errors¶
- Service not allowed (error id: service-not-allowed), when the user is not authenticated. Returns 500 HTTP code
- Missing parameter (error id: missing-parameter), when mandatory parameters are not provided. Returns 500 HTTP code
Change current authenticated user password (xml.user.pwupdate)¶
The xml.user.pwupdate service can be used to change the password of the current authenticated user.
Requires authentication: Yes
Request¶
Parameters:
- password: Actual user password
- newPassword: New password to set for the user
Example:
<request>
<password>admin</password>
<newPassword>admin2</newPassword>
</request>
Response¶
If the request executed successfully then HTTP 200 status code is returned with an XML document containing an empty response element.
If the request fails, then an HTTP 500 status code error is returned with an XML document describing the exception/what went wrong. An example of such a response is::
<error id="error">
<message>Old password is not correct</message>
<class>IllegalArgumentException</class>
<stack>...</stack>
.....
</error>
See Exception handling for more details.
Errors¶
- Service not allowed (error id: service-not-allowed), when the user is not authenticated. Returns 500 HTTP code
- Old password is not correct. Returns 500 HTTP code
- Bad parameter (newPassword), when an empty password is provided. Returns 500 HTTP code
Remove a user (xml.user.remove)¶
The xml.user.remove service can be used to remove an existing user. Only users with profiles Administrator or UserAdmin can delete users.
Users with profile Administrator can delete any user (except themselves), while users with profile UserAdmin can delete users only in the groups where they belong (except themselves).
Requires authentification: Yes
Request¶
Parameters:
- id: (mandatory) Identifier of user to delete
User remove request example:
Url:
http://localhost:8080/geonetwork/srv/eng/xml.user.remove
Mime-type:
application/xml
Post request:
<request>
<id>2</id>
</request>
Response¶
If the request executed successfully then HTTP 200 status code is returned with an XML document containing an empty response element.
If the request fails, then an HTTP 500 status code error is returned with an XML document describing the exception/what went wrong. An example of such a response is::
<error id="error">
<message>You cannot delete yourself from the user database</message>
<class>IllegalArgumentException</class>
<stack>...</stack>
.....
</error>
See Exception handling for more details.
Errors¶
- Service not allowed (error id: service-not-allowed), when the user is not authenticated or their profile has no rights to execute the service. Returns 500 HTTP code
- Missing parameter (error id: missing-parameter), when the id parameter is not provided. Returns 500 HTTP code
- You cannot delete yourself from the user database (error id: error). Returns 500 HTTP code
- You don’t have rights to delete this user (error id: error), when authenticated user is not an Administrator or User administrator. Returns 500 HTTP code
- You don’t have rights to delete this user because the user is not part of your group (error id: error), when trying to delete a user that is not in the same group as the authenticated user and the authenticated user is a User administrator. Returns 500 HTTP code