From a63aaa465151c4b9050cfe505017854bf055a085 Mon Sep 17 00:00:00 2001
From: Anton Chuchkalov <a2new@yandex.ru>
Date: Tue, 8 Sep 2015 15:45:34 +0300
Subject: [PATCH] add users permissions updater

---
 .../lib/users_permissions_updater.rb          | 61 +++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 devops-service/lib/users_permissions_updater.rb

diff --git a/devops-service/lib/users_permissions_updater.rb b/devops-service/lib/users_permissions_updater.rb
new file mode 100644
index 0000000..78558b7
--- /dev/null
+++ b/devops-service/lib/users_permissions_updater.rb
@@ -0,0 +1,61 @@
+require "mongo"
+
+class UsersPermissionsUpdater
+  attr_reader :users_collection
+
+  def initialize(config)
+    db = config[:db] || "devops"
+    host = config[:host] || "localhost"
+    port = config[:port] || 27017
+    user = config[:user]
+    password = config[:password]
+
+    @db = Mongo::MongoClient.new(host, port).db(db)
+    @db.authenticate(user, password)
+    @users_collection = @db.collection('users')
+  end
+
+  # returns users who have rwx in permissions.server field
+  def admins
+    users_collection.find('privileges.server' => 'rwx')
+  end
+
+  def readers
+    users_collection.find('privileges.server' => 'r')
+  end
+
+  def set_priveleges_to_users(users, privilege_name, privilege_value)
+    ids = users.to_a.map {|u| u['_id']}
+
+    users_collection.update(
+      {"_id" => {'$in' => ids}},
+      {
+        "$set" => {
+          "privileges.#{privilege_name}" => privilege_value
+        }
+      }
+    )
+  end
+
+  def not_admin_or_readers
+    all = users_collection.find({}).to_a
+    admin_ids = admins.to_a.map {|u| u['_id']}
+    reader_ids = readers.to_a.map {|u| u['_id']}
+    admin_or_reader_ids = admin_ids + reader_ids
+
+    result = all.delete_if do |user|
+      admin_or_reader_ids.include?(user['_id'])
+    end
+  end
+end
+
+updater = UsersPermissionsUpdater.new(user: 'user', password: 'pass', db: 'devops_prod')
+updater.set_priveleges_to_users(updater.admins, 'stack', 'rwx')
+updater.set_priveleges_to_users(updater.admins, 'stack_template', 'rwx')
+
+updater.set_priveleges_to_users(updater.readers, 'stack', 'r')
+updater.set_priveleges_to_users(updater.readers, 'stack_template', 'r')
+
+
+puts "Updated admins"
+puts "Updated readers"