aboutsummaryrefslogtreecommitdiffstats
path: root/ui/imports/api/accounts/methods.js
diff options
context:
space:
mode:
Diffstat (limited to 'ui/imports/api/accounts/methods.js')
-rw-r--r--ui/imports/api/accounts/methods.js196
1 files changed, 196 insertions, 0 deletions
diff --git a/ui/imports/api/accounts/methods.js b/ui/imports/api/accounts/methods.js
new file mode 100644
index 0000000..4e1c40a
--- /dev/null
+++ b/ui/imports/api/accounts/methods.js
@@ -0,0 +1,196 @@
+/////////////////////////////////////////////////////////////////////////////////////////
+// Copyright (c) 2017 Koren Lev (Cisco Systems), Yaron Yogev (Cisco Systems) and others /
+// /
+// All rights reserved. This program and the accompanying materials /
+// are made available under the terms of the Apache License, Version 2.0 /
+// which accompanies this distribution, and is available at /
+// http://www.apache.org/licenses/LICENSE-2.0 /
+/////////////////////////////////////////////////////////////////////////////////////////
+import { ValidatedMethod } from 'meteor/mdg:validated-method';
+import { SimpleSchema } from 'meteor/aldeed:simple-schema';
+import * as R from 'ramda';
+import { Roles } from 'meteor/alanning:roles';
+import { Environments } from '/imports/api/environments/environments';
+
+let userSchema = new SimpleSchema({
+ _id: { type: String },
+ username: { type: String },
+ password: { type: String },
+ viewEnvs: { type: [ String ] },
+ editEnvs: { type: [ String ] },
+});
+
+export const insert = new ValidatedMethod({
+ name: 'accounts.insert',
+ validate: userSchema
+ .pick([
+ 'username',
+ 'password',
+ 'viewEnvs',
+ 'viewEnvs.$',
+ 'editEnvs',
+ 'editEnvs.$',
+ ]).validator({ clean: true, filter: false }),
+ run({
+ username,
+ password,
+ viewEnvs,
+ editEnvs,
+ }) {
+ if (! Roles.userIsInRole(Meteor.userId(), 'manage-users', Roles.GLOBAL_GROUP)) {
+ throw new Meteor.Error('unauthorized for removing users');
+ }
+
+ let userId = Accounts.createUser({
+ username: username,
+ password: password
+ });
+
+ addRole(viewEnvs, 'view-env', userId);
+ addRole(editEnvs, 'edit-env', userId);
+ }
+});
+
+
+
+export const update = new ValidatedMethod({
+ name: 'accounts.update',
+ validate: userSchema
+ .pick([
+ '_id',
+ // 'password',
+ 'viewEnvs',
+ 'viewEnvs.$',
+ 'editEnvs',
+ 'editEnvs.$',
+ ]).validator({ clean: true, filter: false }),
+ run({
+ _id,
+ //_password,
+ viewEnvs,
+ editEnvs,
+ }) {
+ console.log('accounts - methods - update - start');
+ //throw new Meteor.Error('unimplemented');
+ if (! Roles.userIsInRole(Meteor.userId(), 'manage-users', Roles.GLOBAL_GROUP)) {
+ throw new Meteor.Error('unauthorized for updating users');
+ }
+
+ /*
+ let item = Meteor.users.findOne({ _id: _id });
+ console.log('user for update: ', item);
+
+ item = R.merge(R.pick([
+ 'password',
+ ], item), {
+ password
+ });
+ */
+
+ /*
+ let item = {
+ //password
+ };
+
+ Meteor.users.update({ _id: _id }, { $set: item });
+ */
+
+ let currentViewEnvs = R.map((env) => {
+ return env.name;
+ }, Environments.find({ 'auth.view-env': { $in: [ _id ] }}).fetch());
+
+ let viewEnvsForDelete = R.difference(currentViewEnvs, viewEnvs);
+ let viewEnvsForAdd = R.difference(viewEnvs, currentViewEnvs);
+
+ removeRole(viewEnvsForDelete, 'view-env', _id);
+ addRole(viewEnvsForAdd, 'view-env', _id);
+
+ //
+
+ let currentEditEnvs = R.map((env) => {
+ return env.name;
+ }, Environments.find({ 'auth.edit-env': { $in: [ _id ] }}).fetch());
+
+ let editEnvsForDelete = R.difference(currentEditEnvs, editEnvs);
+ let editEnvsForAdd = R.difference(editEnvs, currentEditEnvs);
+
+ removeRole(editEnvsForDelete, 'edit-env', _id);
+ addRole(editEnvsForAdd, 'edit-env', _id);
+
+ console.log('accounts - methods - update - end');
+ }
+});
+
+export const remove = new ValidatedMethod({
+ name: 'accounts.remove',
+ validate: userSchema
+ .pick([
+ '_id',
+ ]).validator({ clean: true, filter: false }),
+ run({
+ _id
+ }) {
+ if (! Roles.userIsInRole(Meteor.userId(), 'manage-users', Roles.GLOBAL_GROUP)) {
+ throw new Meteor.Error('unauthorized for removing users');
+ }
+
+ let user = Meteor.users.findOne({ _id: _id });
+ console.log('user for remove: ', user);
+
+ Meteor.users.remove({ _id: _id });
+ }
+});
+
+function removeRole(rolesForRemoval, roleName, userId) {
+ R.forEach((envName) => {
+ let env = Environments.findOne({ name: envName });
+ let auth = env.auth;
+ if (R.isNil(auth)) { auth = { }; }
+ if (R.isNil(R.path([roleName], auth))) {
+ auth = R.assoc(roleName, [], auth);
+ }
+ auth = R.assoc(roleName, R.reject(R.equals(userId), auth[roleName]), auth);
+
+ updateEnv(auth, env);
+ //let newEnv = R.merge(env, { auth: auth });
+
+ }, rolesForRemoval);
+}
+
+function addRole(rolesForAdd, roleName, userId) {
+ R.forEach((envName) => {
+ let env = Environments.findOne({ name: envName });
+ let auth = env.auth;
+ if (R.isNil(auth)) { auth = { }; }
+ if (R.isNil(R.path([roleName], auth))) {
+ auth = R.assoc(roleName, [], auth);
+ }
+ auth = R.assoc(roleName, R.append(userId, auth[roleName]), auth);
+
+ updateEnv(auth, env);
+ //let newEnv = R.merge(env, { auth: auth });
+
+ }, rolesForAdd);
+}
+
+function updateEnv(auth, env) {
+ console.log('update env. set: ' + R.toString(auth));
+ try {
+ Environments.update(env._id, {
+ $set: {
+ auth: auth,
+ configuration: env.configuration,
+ //distribution: distribution,
+ //name: name,
+ type_drivers: env.type_drivers,
+ mechanism_drivers: env.mechanism_drivers,
+ listen: env.listen,
+ enable_monitoring: env.enable_monitoring,
+ }
+ });
+ } catch(e) {
+ console.error('error in update: ' + R.toString(e));
+ throw new Meteor.Error('enviornment update error',
+ `unable to update ACL for environment - ${env.name}. Please check envrironment info. ${e.message}`);
+ }
+}