fluke/devops-service/db/mongo/models/user.rb

require "exceptions/invalid_record"
require "exceptions/invalid_command"
require "db/mongo/models/mongo_model"

module Devops
  module Model
    class User < MongoModel

      ROOT_USER_NAME = 'root'
      ROOT_PASSWORD = ''

      PRIVILEGES = ["r", "w", "x"]
      PRIVILEGES_REGEX = /^r?w?x?$/

#      attr_accessor :id, :password, :privileges, :email
#      types :id => {:type => String, :empty => false},
#            :email => {:type => String, :empty => false},
#            :password => {:type => String, :empty => true}

      set_field_validators :id, [::Validators::FieldValidator::NotNil,
                                ::Validators::FieldValidator::FieldType::String,
                                ::Validators::FieldValidator::Name]
      set_field_validators :password, [::Validators::FieldValidator::NotNil,
                                      ::Validators::FieldValidator::FieldType::String]
      set_field_validators :email, [::Validators::FieldValidator::NotNil,
                                   ::Validators::FieldValidator::FieldType::String]
      set_field_validators :privileges, [::Validators::FieldValidator::NotNil,
                                        ::Validators::FieldValidator::FieldType::Hash]
      def initialize p={}
        self.id = p['username']
        self.email = p['email']
        self.password = p['password']
        self.privileges = p["privileges"] || self.default_privileges
      end

      def validate!
        validate_id!
        validate_password!
        validate_email!
        validate_privileges!
      end

      def all_privileges
        privileges_with_value("rwx")
      end

      def default_privileges
        privileges_with_value("r", "user" => "")
      end

      def grant cmd, priv=''
        priv='' if priv.nil?
        cmd='' if cmd.nil?
        if !priv.empty? and PRIVILEGES_REGEX.match(priv).to_s.empty?
          raise InvalidCommand.new "Invalid privileges '#{priv}'. Available values are '#{PRIVILEGES.join("', '")}'"
        end
        raise InvalidPrivileges.new "Can't grant privileges to root" if self.id == ROOT_USER_NAME

        case cmd
        when "all"
          self.privileges.each_key do |key|
            self.privileges[key] = priv
          end
        when ""
          self.privileges = self.default_privileges
        else
          raise InvalidCommand.new "Unsupported command '#{cmd}'" unless self.all_privileges.include?(cmd)
          self.privileges[cmd] = priv
        end
      end

      def self.build_from_bson s
        user = User.new s
        user.id = s["_id"]
        user
      end

      def self.create_from_json json
        User.new( JSON.parse(json) )
      end

      def to_hash_without_id
        o = {
          "email" => self.email,
          "password" => self.password,
          "privileges" => self.privileges
        }
        o
      end

      def check_privileges cmd, required_privelege
        unless PRIVILEGES.include?(required_privelege)
          raise InvalidPrivileges.new("Access internal problem with privilege '#{required_privelege}'")
        end
        # can?(cmd, required_privelege)
        unless can?(cmd, required_privelege)
          raise InvalidPrivileges.new("Access denied for '#{id}'")
        end
      end

      def self.create_root
        root = User.new({'username' => ROOT_USER_NAME, 'password' => ROOT_PASSWORD})
        root.privileges = root.all_privileges
        root.email = "#{ROOT_USER_NAME}@host"
        root
      end

      private

      def can?(command, privilege)
        p = self.privileges[command] || []
        p.include?(privilege)
      end

      def privileges_with_value value, options={}
        privileges = {}
        [
          'flavor',
          'group',
          'image',
          'project',
          'server',
          'key',
          'user',
          'filter',
          'network',
          'provider',
          'script',
          'templates',
          'stack_template',
          'stack'
        ].each { |t| privileges.store(t, value) }

        privileges.merge(options)
      end

    end
  end
end
groups, filters, users, flavors 2015-07-16 17:18:55 +03:00			`require "exceptions/invalid_record"`
initial commit 2014-05-08 15:34:26 +04:00			`require "exceptions/invalid_command"`
			`require "db/mongo/models/mongo_model"`

models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00			`module Devops`
			`module Model`
			`class User < MongoModel`

			`ROOT_USER_NAME = 'root'`
			`ROOT_PASSWORD = ''`

			`PRIVILEGES = ["r", "w", "x"]`
			`PRIVILEGES_REGEX = /^r?w?x?$/`

#868: validation order 2015-11-19 14:09:38 +03:00			`# attr_accessor :id, :password, :privileges, :email`
			`# types :id => {:type => String, :empty => false},`
			`# :email => {:type => String, :empty => false},`
			`# :password => {:type => String, :empty => true}`
models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00
#868: validation order 2015-11-19 14:09:38 +03:00			`set_field_validators :id, [::Validators::FieldValidator::NotNil,`
\#780: done fixed role name new field validators without validate fields types fixed error with user parser todo: project tests returned some tests, users fixed some more tests: filters images tests network tests keys tests test generator fixed run_list validator 2015-10-06 13:50:26 +03:00			`::Validators::FieldValidator::FieldType::String,`
#868: validation order 2015-11-19 14:09:38 +03:00			`::Validators::FieldValidator::Name]`
			`set_field_validators :password, [::Validators::FieldValidator::NotNil,`
			`::Validators::FieldValidator::FieldType::String]`
			`set_field_validators :email, [::Validators::FieldValidator::NotNil,`
			`::Validators::FieldValidator::FieldType::String]`
			`set_field_validators :privileges, [::Validators::FieldValidator::NotNil,`
			`::Validators::FieldValidator::FieldType::Hash]`
models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00			`def initialize p={}`
			`self.id = p['username']`
			`self.email = p['email']`
			`self.password = p['password']`
			`self.privileges = p["privileges"] \|\| self.default_privileges`
			`end`
initial commit 2014-05-08 15:34:26 +04:00
\#780: done fixed role name new field validators without validate fields types fixed error with user parser todo: project tests returned some tests, users fixed some more tests: filters images tests network tests keys tests test generator fixed run_list validator 2015-10-06 13:50:26 +03:00			`def validate!`
			`validate_id!`
			`validate_password!`
			`validate_email!`
			`validate_privileges!`
			`end`

models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00			`def all_privileges`
			`privileges_with_value("rwx")`
			`end`
initial commit 2014-05-08 15:34:26 +04:00
models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00			`def default_privileges`
			`privileges_with_value("r", "user" => "")`
			`end`
initial commit 2014-05-08 15:34:26 +04:00
models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00			`def grant cmd, priv=''`
\#780: done fixed role name new field validators without validate fields types fixed error with user parser todo: project tests returned some tests, users fixed some more tests: filters images tests network tests keys tests test generator fixed run_list validator 2015-10-06 13:50:26 +03:00			`priv='' if priv.nil?`
			`cmd='' if cmd.nil?`
models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00			`if !priv.empty? and PRIVILEGES_REGEX.match(priv).to_s.empty?`
			`raise InvalidCommand.new "Invalid privileges '#{priv}'. Available values are '#{PRIVILEGES.join("', '")}'"`
			`end`
			`raise InvalidPrivileges.new "Can't grant privileges to root" if self.id == ROOT_USER_NAME`

			`case cmd`
			`when "all"`
			`self.privileges.each_key do \|key\|`
			`self.privileges[key] = priv`
			`end`
			`when ""`
			`self.privileges = self.default_privileges`
			`else`
\#780: done fixed role name new field validators without validate fields types fixed error with user parser todo: project tests returned some tests, users fixed some more tests: filters images tests network tests keys tests test generator fixed run_list validator 2015-10-06 13:50:26 +03:00			`raise InvalidCommand.new "Unsupported command '#{cmd}'" unless self.all_privileges.include?(cmd)`
models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00			`self.privileges[cmd] = priv`
			`end`
			`end`
initial commit 2014-05-08 15:34:26 +04:00
models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00			`def self.build_from_bson s`
			`user = User.new s`
			`user.id = s["_id"]`
			`user`
initial commit 2014-05-08 15:34:26 +04:00			`end`

models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00			`def self.create_from_json json`
			`User.new( JSON.parse(json) )`
			`end`
initial commit 2014-05-08 15:34:26 +04:00
models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00			`def to_hash_without_id`
			`o = {`
			`"email" => self.email,`
			`"password" => self.password,`
			`"privileges" => self.privileges`
			`}`
			`o`
			`end`
initial commit 2014-05-08 15:34:26 +04:00
groups, filters, users, flavors 2015-07-16 17:18:55 +03:00			`def check_privileges cmd, required_privelege`
			`unless PRIVILEGES.include?(required_privelege)`
			`raise InvalidPrivileges.new("Access internal problem with privilege '#{required_privelege}'")`
			`end`
a lot of fixes to make tests pass. 2015-07-27 18:27:52 +03:00			`# can?(cmd, required_privelege)`
			`unless can?(cmd, required_privelege)`
			`raise InvalidPrivileges.new("Access denied for '#{id}'")`
			`end`
models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00			`end`
initial commit 2014-05-08 15:34:26 +04:00
models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00			`def self.create_root`
			`root = User.new({'username' => ROOT_USER_NAME, 'password' => ROOT_PASSWORD})`
			`root.privileges = root.all_privileges`
			`root.email = "#{ROOT_USER_NAME}@host"`
			`root`
			`end`
initial commit 2014-05-08 15:34:26 +04:00
models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00			`private`
groups, filters, users, flavors 2015-07-16 17:18:55 +03:00
			`def can?(command, privilege)`
			`p = self.privileges[command] \|\| []`
			`p.include?(privilege)`
			`end`

models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00			`def privileges_with_value value, options={}`
			`privileges = {}`
			`[`
			`'flavor',`
			`'group',`
			`'image',`
			`'project',`
			`'server',`
			`'key',`
			`'user',`
			`'filter',`
			`'network',`
			`'provider',`
			`'script',`
			`'templates',`
			`'stack_template',`
			`'stack'`
			`].each { \|t\| privileges.store(t, value) }`

			`privileges.merge(options)`
			`end`
initial commit 2014-05-08 15:34:26 +04:00
models in Devops::Model module, auth 2015-03-06 12:20:30 +03:00			`end`
initial commit 2014-05-08 15:34:26 +04:00			`end`
			`end`