From b88c78e3cf2bef22aa2f1c4d0bf305e303bc15f0 Mon Sep 17 00:00:00 2001 From: Koren Lev Date: Thu, 27 Jul 2017 16:42:15 +0300 Subject: adding calipso ui Change-Id: Ifa6f63daebb07f45580f747341960e898fdb00c4 Signed-off-by: Koren Lev --- ui/imports/api/accounts/methods.js | 196 +++++++++++++++++++++++++ ui/imports/api/accounts/server/publications.js | 29 ++++ 2 files changed, 225 insertions(+) create mode 100644 ui/imports/api/accounts/methods.js create mode 100644 ui/imports/api/accounts/server/publications.js (limited to 'ui/imports/api/accounts') diff --git a/ui/imports/api/accounts/methods.js b/ui/imports/api/accounts/methods.js new file mode 100644 index 0000000..4e1c40a --- /dev/null +++ b/ui/imports/api/accounts/methods.js @@ -0,0 +1,196 @@ +///////////////////////////////////////////////////////////////////////////////////////// +// Copyright (c) 2017 Koren Lev (Cisco Systems), Yaron Yogev (Cisco Systems) and others / +// / +// All rights reserved. This program and the accompanying materials / +// are made available under the terms of the Apache License, Version 2.0 / +// which accompanies this distribution, and is available at / +// http://www.apache.org/licenses/LICENSE-2.0 / +///////////////////////////////////////////////////////////////////////////////////////// +import { ValidatedMethod } from 'meteor/mdg:validated-method'; +import { SimpleSchema } from 'meteor/aldeed:simple-schema'; +import * as R from 'ramda'; +import { Roles } from 'meteor/alanning:roles'; +import { Environments } from '/imports/api/environments/environments'; + +let userSchema = new SimpleSchema({ + _id: { type: String }, + username: { type: String }, + password: { type: String }, + viewEnvs: { type: [ String ] }, + editEnvs: { type: [ String ] }, +}); + +export const insert = new ValidatedMethod({ + name: 'accounts.insert', + validate: userSchema + .pick([ + 'username', + 'password', + 'viewEnvs', + 'viewEnvs.$', + 'editEnvs', + 'editEnvs.$', + ]).validator({ clean: true, filter: false }), + run({ + username, + password, + viewEnvs, + editEnvs, + }) { + if (! Roles.userIsInRole(Meteor.userId(), 'manage-users', Roles.GLOBAL_GROUP)) { + throw new Meteor.Error('unauthorized for removing users'); + } + + let userId = Accounts.createUser({ + username: username, + password: password + }); + + addRole(viewEnvs, 'view-env', userId); + addRole(editEnvs, 'edit-env', userId); + } +}); + + + +export const update = new ValidatedMethod({ + name: 'accounts.update', + validate: userSchema + .pick([ + '_id', + // 'password', + 'viewEnvs', + 'viewEnvs.$', + 'editEnvs', + 'editEnvs.$', + ]).validator({ clean: true, filter: false }), + run({ + _id, + //_password, + viewEnvs, + editEnvs, + }) { + console.log('accounts - methods - update - start'); + //throw new Meteor.Error('unimplemented'); + if (! Roles.userIsInRole(Meteor.userId(), 'manage-users', Roles.GLOBAL_GROUP)) { + throw new Meteor.Error('unauthorized for updating users'); + } + + /* + let item = Meteor.users.findOne({ _id: _id }); + console.log('user for update: ', item); + + item = R.merge(R.pick([ + 'password', + ], item), { + password + }); + */ + + /* + let item = { + //password + }; + + Meteor.users.update({ _id: _id }, { $set: item }); + */ + + let currentViewEnvs = R.map((env) => { + return env.name; + }, Environments.find({ 'auth.view-env': { $in: [ _id ] }}).fetch()); + + let viewEnvsForDelete = R.difference(currentViewEnvs, viewEnvs); + let viewEnvsForAdd = R.difference(viewEnvs, currentViewEnvs); + + removeRole(viewEnvsForDelete, 'view-env', _id); + addRole(viewEnvsForAdd, 'view-env', _id); + + // + + let currentEditEnvs = R.map((env) => { + return env.name; + }, Environments.find({ 'auth.edit-env': { $in: [ _id ] }}).fetch()); + + let editEnvsForDelete = R.difference(currentEditEnvs, editEnvs); + let editEnvsForAdd = R.difference(editEnvs, currentEditEnvs); + + removeRole(editEnvsForDelete, 'edit-env', _id); + addRole(editEnvsForAdd, 'edit-env', _id); + + console.log('accounts - methods - update - end'); + } +}); + +export const remove = new ValidatedMethod({ + name: 'accounts.remove', + validate: userSchema + .pick([ + '_id', + ]).validator({ clean: true, filter: false }), + run({ + _id + }) { + if (! Roles.userIsInRole(Meteor.userId(), 'manage-users', Roles.GLOBAL_GROUP)) { + throw new Meteor.Error('unauthorized for removing users'); + } + + let user = Meteor.users.findOne({ _id: _id }); + console.log('user for remove: ', user); + + Meteor.users.remove({ _id: _id }); + } +}); + +function removeRole(rolesForRemoval, roleName, userId) { + R.forEach((envName) => { + let env = Environments.findOne({ name: envName }); + let auth = env.auth; + if (R.isNil(auth)) { auth = { }; } + if (R.isNil(R.path([roleName], auth))) { + auth = R.assoc(roleName, [], auth); + } + auth = R.assoc(roleName, R.reject(R.equals(userId), auth[roleName]), auth); + + updateEnv(auth, env); + //let newEnv = R.merge(env, { auth: auth }); + + }, rolesForRemoval); +} + +function addRole(rolesForAdd, roleName, userId) { + R.forEach((envName) => { + let env = Environments.findOne({ name: envName }); + let auth = env.auth; + if (R.isNil(auth)) { auth = { }; } + if (R.isNil(R.path([roleName], auth))) { + auth = R.assoc(roleName, [], auth); + } + auth = R.assoc(roleName, R.append(userId, auth[roleName]), auth); + + updateEnv(auth, env); + //let newEnv = R.merge(env, { auth: auth }); + + }, rolesForAdd); +} + +function updateEnv(auth, env) { + console.log('update env. set: ' + R.toString(auth)); + try { + Environments.update(env._id, { + $set: { + auth: auth, + configuration: env.configuration, + //distribution: distribution, + //name: name, + type_drivers: env.type_drivers, + mechanism_drivers: env.mechanism_drivers, + listen: env.listen, + enable_monitoring: env.enable_monitoring, + } + }); + } catch(e) { + console.error('error in update: ' + R.toString(e)); + throw new Meteor.Error('enviornment update error', + `unable to update ACL for environment - ${env.name}. Please check envrironment info. ${e.message}`); + } +} diff --git a/ui/imports/api/accounts/server/publications.js b/ui/imports/api/accounts/server/publications.js new file mode 100644 index 0000000..47718d3 --- /dev/null +++ b/ui/imports/api/accounts/server/publications.js @@ -0,0 +1,29 @@ +///////////////////////////////////////////////////////////////////////////////////////// +// Copyright (c) 2017 Koren Lev (Cisco Systems), Yaron Yogev (Cisco Systems) and others / +// / +// All rights reserved. This program and the accompanying materials / +// are made available under the terms of the Apache License, Version 2.0 / +// which accompanies this distribution, and is available at / +// http://www.apache.org/licenses/LICENSE-2.0 / +///////////////////////////////////////////////////////////////////////////////////////// +import { Meteor } from 'meteor/meteor'; +//import * as R from 'ramda'; +//import { Environments } from '/imports/api/environments/environments'; +//import { Roles } from 'meteor/alanning:roles'; + +Meteor.publish('users', function () { + console.log('server subscribtion to: users'); + /* + let that = this; + + let query = {}; + + if (! Roles.userIsInRole(that.userId, 'manage-users', 'default-group')) { + query = { + _id: that.userId + }; + } + */ + + return Meteor.users.find({}); +}); -- cgit 1.2.3-korg