///////////////////////////////////////////////////////////////////////////////////////// // Copyright (c) 2017 Koren Lev (Cisco Systems), Yaron Yogev (Cisco Systems) and others / // / // All rights reserved. This program and the accompanying materials / // are made available under the terms of the Apache License, Version 2.0 / // which accompanies this distribution, and is available at / // http://www.apache.org/licenses/LICENSE-2.0 / ///////////////////////////////////////////////////////////////////////////////////////// import { ValidatedMethod } from 'meteor/mdg:validated-method'; import { SimpleSchema } from 'meteor/aldeed:simple-schema'; import * as R from 'ramda'; import { Roles } from 'meteor/alanning:roles'; import { Environments } from '/imports/api/environments/environments'; import { UserSettings } from '/imports/api/user-settings/user-settings'; let userSchema = new SimpleSchema({ _id: { type: String }, username: { type: String }, password: { type: String }, viewEnvs: { type: [ String ] }, editEnvs: { type: [ String ] }, }); export const insert = new ValidatedMethod({ name: 'accounts.insert', validate: userSchema .pick([ 'username', 'password', 'viewEnvs', 'viewEnvs.$', 'editEnvs', 'editEnvs.$', ]).validator({ clean: true, filter: false }), run({ username, password, viewEnvs, editEnvs, }) { if (! Roles.userIsInRole(Meteor.userId(), 'manage-users', Roles.GLOBAL_GROUP)) { throw new Meteor.Error('unauthorized for removing users'); } let userId = Accounts.createUser({ username: username, password: password }); addRole(viewEnvs, 'view-env', userId); addRole(editEnvs, 'edit-env', userId); let userSettings = UserSettings.schema.clean({}); userSettings = R.merge(userSettings, { user_id: userId, }); UserSettings.insert(userSettings); } }); export const update = new ValidatedMethod({ name: 'accounts.update', validate: userSchema .pick([ '_id', // 'password', 'viewEnvs', 'viewEnvs.$', 'editEnvs', 'editEnvs.$', ]).validator({ clean: true, filter: false }), run({ _id, //_password, viewEnvs, editEnvs, }) { console.log('accounts - methods - update - start'); //throw new Meteor.Error('unimplemented'); if (! Roles.userIsInRole(Meteor.userId(), 'manage-users', Roles.GLOBAL_GROUP)) { throw new Meteor.Error('unauthorized for updating users'); } /* let item = Meteor.users.findOne({ _id: _id }); console.log('user for update: ', item); item = R.merge(R.pick([ 'password', ], item), { password }); */ /* let item = { //password }; Meteor.users.update({ _id: _id }, { $set: item }); */ let currentViewEnvs = R.map((env) => { return env.name; }, Environments.find({ 'auth.view-env': { $in: [ _id ] }}).fetch()); let viewEnvsForDelete = R.difference(currentViewEnvs, viewEnvs); let viewEnvsForAdd = R.difference(viewEnvs, currentViewEnvs); removeRole(viewEnvsForDelete, 'view-env', _id); addRole(viewEnvsForAdd, 'view-env', _id); // let currentEditEnvs = R.map((env) => { return env.name; }, Environments.find({ 'auth.edit-env': { $in: [ _id ] }}).fetch()); let editEnvsForDelete = R.difference(currentEditEnvs, editEnvs); let editEnvsForAdd = R.difference(editEnvs, currentEditEnvs); removeRole(editEnvsForDelete, 'edit-env', _id); addRole(editEnvsForAdd, 'edit-env', _id); console.log('accounts - methods - update - end'); } }); export const remove = new ValidatedMethod({ name: 'accounts.remove', validate: userSchema .pick([ '_id', ]).validator({ clean: true, filter: false }), run({ _id }) { if (! Roles.userIsInRole(Meteor.userId(), 'manage-users', Roles.GLOBAL_GROUP)) { throw new Meteor.Error('unauthorized for removing users'); } let user = Meteor.users.findOne({ _id: _id }); console.log('user for remove: ', user); Meteor.users.remove({ _id: _id }); } }); function removeRole(rolesForRemoval, roleName, userId) { R.forEach((envName) => { let env = Environments.findOne({ name: envName }); let auth = env.auth; if (R.isNil(auth)) { auth = { }; } if (R.isNil(R.path([roleName], auth))) { auth = R.assoc(roleName, [], auth); } auth = R.assoc(roleName, R.reject(R.equals(userId), auth[roleName]), auth); updateEnv(auth, env); //let newEnv = R.merge(env, { auth: auth }); }, rolesForRemoval); } function addRole(rolesForAdd, roleName, userId) { R.forEach((envName) => { let env = Environments.findOne({ name: envName }); let auth = env.auth; if (R.isNil(auth)) { auth = { }; } if (R.isNil(R.path([roleName], auth))) { auth = R.assoc(roleName, [], auth); } auth = R.assoc(roleName, R.append(userId, auth[roleName]), auth); updateEnv(auth, env); //let newEnv = R.merge(env, { auth: auth }); }, rolesForAdd); } function updateEnv(auth, env) { console.log('update env. set: ' + R.toString(auth)); try { Environments.update(env._id, { $set: { auth: auth, configuration: env.configuration, //distribution: distribution, //name: name, type_drivers: env.type_drivers, mechanism_drivers: env.mechanism_drivers, listen: env.listen, enable_monitoring: env.enable_monitoring, } }); } catch(e) { console.error('error in update: ' + R.toString(e)); throw new Meteor.Error('enviornment update error', `unable to update ACL for environment - ${env.name}. Please check envrironment info. ${e.message}`); } }