User APIs for automated management
This adds three new XMLRPC user management APIs:
-
system.get_all_users
to find out which users are registered on this LAVA instance. -
system.set_user_active
to lock and unlock accounts on the LAVA instance.
Both APIs require a token from a user with staff access.
This uses the same @check_staff
decorator as !1854 (merged).
The background here is our ongoing attempt to integrate LAVA more fully into a SSO environment, where OIDC only takes us so far in terms of things like account locking and access by use of user tokens.