86 lines
2.9 KiB
Ruby
86 lines
2.9 KiB
Ruby
require "db/exceptions/invalid_record"
|
|
require "db/mongo/models/user"
|
|
|
|
module Devops
|
|
module Version2_0
|
|
module Handler
|
|
class User
|
|
|
|
def self.get_users
|
|
lambda {
|
|
check_privileges("user", "r")
|
|
users = settings.mongo.users.map {|i| i.to_hash}
|
|
users.each {|u| u.delete("password")}
|
|
json users
|
|
}
|
|
end
|
|
|
|
def self.create_user
|
|
lambda {
|
|
check_privileges("user", "w")
|
|
user = create_object_from_json_body
|
|
["username", "password", "email"].each do |p|
|
|
check_string(user[p], "Parameter '#{p}' must be a not empty string")
|
|
end
|
|
settings.mongo.user_insert User.new(user)
|
|
create_response("Created", nil, 201)
|
|
}
|
|
end
|
|
|
|
def self.delete_user
|
|
lambda {
|
|
check_privileges("user", "w")
|
|
projects = settings.mongo.projects_by_user params[:user]
|
|
if !projects.empty?
|
|
str = ""
|
|
projects.each do |p|
|
|
p.deploy_envs.each do |e|
|
|
str+="#{p.id}.#{e.identifier} " if e.users.include? params[:user]
|
|
end
|
|
end
|
|
logger.info projects
|
|
raise DependencyError.new "Deleting is forbidden: User is included in #{str}"
|
|
#return [400, "Deleting is forbidden: User is included in #{str}"]
|
|
end
|
|
|
|
r = settings.mongo.user_delete params[:user]
|
|
create_response("User '#{params[:user]}' removed")
|
|
}
|
|
end
|
|
|
|
def self.change_user_privileges
|
|
lambda {
|
|
check_privileges("user", "w")
|
|
data = create_object_from_json_body
|
|
user = settings.mongo.user params[:user]
|
|
cmd = check_string(data["cmd"], "Parameter 'cmd' should be a not empty string", true) || ""
|
|
privileges = check_string(data["privileges"], "Parameter 'privileges' should be a not empty string", true) || ""
|
|
user.grant(cmd, privileges)
|
|
settings.mongo.user_update user
|
|
create_response("Updated")
|
|
}
|
|
end
|
|
|
|
def self.change_user_email_or_password
|
|
lambda {
|
|
check_privileges("user", "w")
|
|
action = File.basename(request.path)
|
|
u = File.basename(File.dirname(request.path))
|
|
raise InvalidPrivileges.new("Access denied for '#{request.env['REMOTE_USER']}'") if u == User::ROOT_USER_NAME and request.env['REMOTE_USER'] != User::ROOT_USER_NAME
|
|
|
|
check_privileges("user", "w") unless request.env['REMOTE_USER'] == u
|
|
|
|
body = create_object_from_json_body
|
|
p = check_string(body[action], "Parameter '#{action}' must be a not empty string")
|
|
user = settings.mongo.user u
|
|
user.send("#{action}=", p)
|
|
settings.mongo.user_update user
|
|
create_response("Updated")
|
|
}
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|