fluke/devops-service/routes/v2.0/user.rb

require "db/exceptions/invalid_record"
require "db/mongo/models/user"

module Sinatra
  module Version2_0
    module Core
      module UserRoutes

        def self.registered(app)
          puts "User routes initialized"

          app.after %r{\A/user(/[\w]+(/password)?)?\z} do
            statistic
          end

          # Get users list
          #
          # * *Request*
          #   - method : GET
          #   - headers :
          #     - Accept: application/json
          #
          # * *Returns* :
          #   [
          #     {
          #       "email": "test@test.test",
          #       "privileges": {
          #         "flavor": "r",
          #         "group": "r",
          #         "image": "r",
          #         "project": "r",
          #         "server": "r",
          #         "key": "r",
          #         "user": "",
          #         "filter": "r",
          #         "network": "r",
          #         "provider": "r",
          #         "script": "r",
          #         "templates": "r"
          #       },
          #       "id": "test"
          #     }
          #   ]
          app.get "/users" do
            check_headers :accept
            check_privileges("user", "r")
            users = settings.mongo.users.map {|i| i.to_hash}
            users.each {|u| u.delete("password")}
            json users
          end

          # Create user
          #
          # * *Request*
          #   - method : POST
          #   - headers :
          #     - Accept: application/json
          #     - Content-Type: application/json
          #   - body :
          #   {
          #     "username": "user name",
          #     "email": "user email",
          #     "password": "user password"
          #   }
          #
          # * *Returns* :
          #   201 - Created
          app.post "/user" do
            check_headers :accept, :content_type
            check_privileges("user", "w")
            user = create_object_from_json_body
            ["username", "password", "email"].each do |p|
              check_string(user[p], "Parameter '#{p}' must be a not empty string")
            end
            #BaseRoutes.mongo.user_insert User.new(user)
            settings.mongo.user_insert User.new(user)
            create_response("Created", nil, 201)
          end

          # Delete user
          #
          # * *Request*
          #   - method : DELETE
          #   - headers :
          #     - Accept: application/json
          #
          # * *Returns* :
          #   200 - Deleted
          app.delete "/user/:user" do
            check_headers :accept
            check_privileges("user", "w")
            projects = settings.mongo.projects_by_user params[:user]
            if !projects.empty?
              str = ""
              projects.each do |p|
                p.deploy_envs.each do |e|
                  str+="#{p.id}.#{e.identifier} " if e.users.include? params[:user]
                end
              end
              logger.info projects
              raise DependencyError.new "Deleting is forbidden: User is included in #{str}"
              #return [400, "Deleting is forbidden: User is included in #{str}"]
            end

            r = settings.mongo.user_delete params[:user]
            create_response("User '#{params[:user]}' removed")
          end

          # Change user privileges
          #
          # * *Request*
          #   - method : PUT
          #   - headers :
          #     - Accept: application/json
          #     - Content-Type: application/json
          #   - body :
          #   {
          #     "cmd": "command or all", -> if empty, set default privileges
          #     "privileges": "priv" -> 'rwx' or ''
          #   }
          #
          # * *Returns* :
          #   200 - Updated
          app.put "/user/:user" do
            check_headers :accept, :content_type
            check_privileges("user", "w")
            data = create_object_from_json_body
            user = settings.mongo.user params[:user]
            cmd = check_string(data["cmd"], "Parameter 'cmd' should be a not empty string", true) || ""
            privileges = check_string(data["privileges"], "Parameter 'privileges' should be a not empty string", true) || ""
            user.grant(cmd, privileges)
            settings.mongo.user_update user
            create_response("Updated")
          end

          # Change user email/password
          #
          # * *Request*
          #   - method : PUT
          #   - headers :
          #     - Accept: application/json
          #     - Content-Type: application/json
          #   - body :
          #   {
          #     "email/password": "new user email/password",
          #   }
          #
          # * *Returns* :
          #   200 - Updated
          app.put %r{\A/user/[\w]+/(email|password)\z} do
            check_headers :accept, :content_type
            action = File.basename(request.path)
            u = File.basename(File.dirname(request.path))
            raise InvalidPrivileges.new("Access denied for '#{request.env['REMOTE_USER']}'") if u == User::ROOT_USER_NAME and request.env['REMOTE_USER'] != User::ROOT_USER_NAME

            check_privileges("user", "w") unless request.env['REMOTE_USER'] == u

            body = create_object_from_json_body
            p = check_string(body[action], "Parameter '#{action}' must be a not empty string")
            user = settings.mongo.user u
            user.send("#{action}=", p)
            settings.mongo.user_update user
            create_response("Updated")
          end
        end

      end
    end
  end
end
initial commit 2014-05-08 15:34:26 +04:00			`require "db/exceptions/invalid_record"`
			`require "db/mongo/models/user"`

user module 2014-12-12 17:00:06 +03:00			`module Sinatra`
			`module Version2_0`
			`module Core`
			`module UserRoutes`
initial commit 2014-05-08 15:34:26 +04:00
user module 2014-12-12 17:00:06 +03:00			`def self.registered(app)`
			`puts "User routes initialized"`
initial commit 2014-05-08 15:34:26 +04:00
user module 2014-12-12 17:00:06 +03:00			`app.after %r{\A/user(/[\w]+(/password)?)?\z} do`
			`statistic`
			`end`
initial commit 2014-05-08 15:34:26 +04:00
user module 2014-12-12 17:00:06 +03:00			`# Get users list`
			`#`
			`# * Request`
			`# - method : GET`
			`# - headers :`
			`# - Accept: application/json`
			`#`
			`# * Returns :`
			`# [`
			`# {`
			`# "email": "test@test.test",`
			`# "privileges": {`
			`# "flavor": "r",`
			`# "group": "r",`
			`# "image": "r",`
			`# "project": "r",`
			`# "server": "r",`
			`# "key": "r",`
			`# "user": "",`
			`# "filter": "r",`
			`# "network": "r",`
			`# "provider": "r",`
			`# "script": "r",`
			`# "templates": "r"`
			`# },`
			`# "id": "test"`
			`# }`
			`# ]`
			`app.get "/users" do`
			`check_headers :accept`
			`check_privileges("user", "r")`
			`users = settings.mongo.users.map {\|i\| i.to_hash}`
			`users.each {\|u\| u.delete("password")}`
			`json users`
			`end`
initial commit 2014-05-08 15:34:26 +04:00
user module 2014-12-12 17:00:06 +03:00			`# Create user`
			`#`
			`# * Request`
			`# - method : POST`
			`# - headers :`
			`# - Accept: application/json`
			`# - Content-Type: application/json`
			`# - body :`
			`# {`
			`# "username": "user name",`
			`# "email": "user email",`
			`# "password": "user password"`
			`# }`
			`#`
			`# * Returns :`
			`# 201 - Created`
			`app.post "/user" do`
			`check_headers :accept, :content_type`
			`check_privileges("user", "w")`
			`user = create_object_from_json_body`
			`["username", "password", "email"].each do \|p\|`
			`check_string(user[p], "Parameter '#{p}' must be a not empty string")`
			`end`
			`#BaseRoutes.mongo.user_insert User.new(user)`
			`settings.mongo.user_insert User.new(user)`
			`create_response("Created", nil, 201)`
			`end`

			`# Delete user`
			`#`
			`# * Request`
			`# - method : DELETE`
			`# - headers :`
			`# - Accept: application/json`
			`#`
			`# * Returns :`
			`# 200 - Deleted`
			`app.delete "/user/:user" do`
			`check_headers :accept`
			`check_privileges("user", "w")`
			`projects = settings.mongo.projects_by_user params[:user]`
			`if !projects.empty?`
			`str = ""`
			`projects.each do \|p\|`
			`p.deploy_envs.each do \|e\|`
			`str+="#{p.id}.#{e.identifier} " if e.users.include? params[:user]`
			`end`
			`end`
			`logger.info projects`
			`raise DependencyError.new "Deleting is forbidden: User is included in #{str}"`
			`#return [400, "Deleting is forbidden: User is included in #{str}"]`
			`end`
initial commit 2014-05-08 15:34:26 +04:00
user module 2014-12-12 17:00:06 +03:00			`r = settings.mongo.user_delete params[:user]`
			`create_response("User '#{params[:user]}' removed")`
initial commit 2014-05-08 15:34:26 +04:00			`end`

user module 2014-12-12 17:00:06 +03:00			`# Change user privileges`
			`#`
			`# * Request`
			`# - method : PUT`
			`# - headers :`
			`# - Accept: application/json`
			`# - Content-Type: application/json`
			`# - body :`
			`# {`
			`# "cmd": "command or all", -> if empty, set default privileges`
			`# "privileges": "priv" -> 'rwx' or ''`
			`# }`
			`#`
			`# * Returns :`
			`# 200 - Updated`
			`app.put "/user/:user" do`
			`check_headers :accept, :content_type`
			`check_privileges("user", "w")`
			`data = create_object_from_json_body`
			`user = settings.mongo.user params[:user]`
			`cmd = check_string(data["cmd"], "Parameter 'cmd' should be a not empty string", true) \|\| ""`
			`privileges = check_string(data["privileges"], "Parameter 'privileges' should be a not empty string", true) \|\| ""`
			`user.grant(cmd, privileges)`
			`settings.mongo.user_update user`
			`create_response("Updated")`
			`end`
initial commit 2014-05-08 15:34:26 +04:00
user module 2014-12-12 17:00:06 +03:00			`# Change user email/password`
			`#`
			`# * Request`
			`# - method : PUT`
			`# - headers :`
			`# - Accept: application/json`
			`# - Content-Type: application/json`
			`# - body :`
			`# {`
			`# "email/password": "new user email/password",`
			`# }`
			`#`
			`# * Returns :`
			`# 200 - Updated`
			`app.put %r{\A/user/[\w]+/(email\|password)\z} do`
			`check_headers :accept, :content_type`
			`action = File.basename(request.path)`
			`u = File.basename(File.dirname(request.path))`
			`raise InvalidPrivileges.new("Access denied for '#{request.env['REMOTE_USER']}'") if u == User::ROOT_USER_NAME and request.env['REMOTE_USER'] != User::ROOT_USER_NAME`
initial commit 2014-05-08 15:34:26 +04:00
user module 2014-12-12 17:00:06 +03:00			`check_privileges("user", "w") unless request.env['REMOTE_USER'] == u`
initial commit 2014-05-08 15:34:26 +04:00
user module 2014-12-12 17:00:06 +03:00			`body = create_object_from_json_body`
			`p = check_string(body[action], "Parameter '#{action}' must be a not empty string")`
			`user = settings.mongo.user u`
			`user.send("#{action}=", p)`
			`settings.mongo.user_update user`
			`create_response("Updated")`
			`end`
			`end`
initial commit 2014-05-08 15:34:26 +04:00
user module 2014-12-12 17:00:06 +03:00			`end`
initial commit 2014-05-08 15:34:26 +04:00			`end`
			`end`
			`end`