Beispiel #1
0
func listUsers(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	users, err := auth.ListUsers()
	if err != nil {
		return err
	}
	apiUsers := make([]apiUser, len(users))
	for i, user := range users {
		var teamsNames []string
		if teams, err := user.Teams(); err == nil {
			teamsNames = auth.GetTeamsNames(teams)
		}
		apiUsers[i] = apiUser{Email: user.Email, Teams: teamsNames}
	}
	return json.NewEncoder(w).Encode(apiUsers)
}
Beispiel #2
0
// title: user list
// path: /users
// method: GET
// produce: application/json
// responses:
//   200: OK
//   401: Unauthorized
func listUsers(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	userEmail := r.URL.Query().Get("userEmail")
	roleName := r.URL.Query().Get("role")
	contextValue := r.URL.Query().Get("context")
	users, err := auth.ListUsers()
	if err != nil {
		return err
	}
	apiUsers := make([]apiUser, 0, len(users))
	roleMap := make(map[string]*permission.Role)
	includeAll := permission.Check(t, permission.PermUserUpdate)
	perms, err := t.Permissions()
	if err != nil {
		return err
	}
	for _, user := range users {
		usrData, err := createAPIUser(perms, &user, roleMap, includeAll)
		if err != nil {
			return err
		}
		if usrData == nil {
			continue
		}
		if userEmail == "" && roleName == "" {
			apiUsers = append(apiUsers, *usrData)
		}
		if userEmail != "" && usrData.Email == userEmail {
			apiUsers = append(apiUsers, *usrData)
		}
		if roleName != "" {
			for _, role := range usrData.Roles {
				if role.Name == roleName {
					if contextValue != "" && role.ContextValue == contextValue {
						apiUsers = append(apiUsers, *usrData)
						break
					}
					if contextValue == "" {
						apiUsers = append(apiUsers, *usrData)
						break
					}
				}
			}
		}
	}
	w.Header().Add("Content-Type", "application/json")
	return json.NewEncoder(w).Encode(apiUsers)
}
Beispiel #3
0
func listUsers(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	users, err := auth.ListUsers()
	if err != nil {
		return err
	}
	apiUsers := make([]apiUser, 0, len(users))
	for _, user := range users {
		usrData, err := createApiUser(t, &user)
		if err != nil {
			return err
		}
		if usrData != nil {
			apiUsers = append(apiUsers, *usrData)
		}
	}
	return json.NewEncoder(w).Encode(apiUsers)
}
Beispiel #4
0
func Sync(w io.Writer) error {
	var m gandalfManager
	users, err := auth.ListUsers()
	if err != nil {
		return err
	}
	for _, user := range users {
		fmt.Fprintf(w, "Syncing user %q... ", user.Email)
		err = m.CreateUser(user.Email)
		switch err {
		case repository.ErrUserAlreadyExists:
			fmt.Fprintln(w, "already present in Gandalf")
		case nil:
			fmt.Fprintln(w, "OK")
		default:
			return err
		}
	}
	apps, err := app.List(nil, nil)
	if err != nil {
		return err
	}
	for _, app := range apps {
		var users []string
		for _, team := range app.GetTeams() {
			users = append(users, team.Users...)
		}
		fmt.Fprintf(w, "Syncing app %q... ", app.Name)
		err = m.CreateRepository(app.Name, users)
		switch err {
		case repository.ErrRepositoryAlreadExists:
			fmt.Fprintln(w, "already present in Gandalf")
		case nil:
			fmt.Fprintln(w, "OK")
		default:
			return err
		}
		for _, user := range users {
			m.GrantAccess(app.Name, user)
		}
	}
	return nil
}
Beispiel #5
0
func listUsers(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	users, err := auth.ListUsers()
	if err != nil {
		return err
	}
	apiUsers := make([]apiUser, 0, len(users))
	roleMap := make(map[string]*permission.Role)
	perms, err := t.Permissions()
	if err != nil {
		return err
	}
	for _, user := range users {
		usrData, err := createApiUser(perms, &user, roleMap)
		if err != nil {
			return err
		}
		if usrData != nil {
			apiUsers = append(apiUsers, *usrData)
		}
	}
	return json.NewEncoder(w).Encode(apiUsers)
}
Beispiel #6
0
func Sync(w io.Writer) error {
	var m gandalfManager
	users, err := auth.ListUsers()
	if err != nil {
		return err
	}
	for _, user := range users {
		fmt.Fprintf(w, "Syncing user %q... ", user.Email)
		err = m.CreateUser(user.Email)
		switch err {
		case repository.ErrUserAlreadyExists:
			fmt.Fprintln(w, "already present in Gandalf")
		case nil:
			fmt.Fprintln(w, "OK")
		default:
			return err
		}
	}
	apps, err := app.List(nil)
	if err != nil {
		return err
	}
	for _, app := range apps {
		allowedPerms := []permission.Permission{
			{
				Scheme:  permission.PermAppDeploy,
				Context: permission.Context(permission.CtxGlobal, ""),
			},
			{
				Scheme:  permission.PermAppDeploy,
				Context: permission.Context(permission.CtxPool, app.Pool),
			},
		}
		for _, t := range app.GetTeams() {
			allowedPerms = append(allowedPerms, permission.Permission{
				Scheme:  permission.PermAppDeploy,
				Context: permission.Context(permission.CtxTeam, t.Name),
			})
		}
		users, err := auth.ListUsersWithPermissions(allowedPerms...)
		if err != nil {
			return err
		}
		userNames := make([]string, len(users))
		for i := range users {
			userNames[i] = users[i].Email
		}
		fmt.Fprintf(w, "Syncing app %q... ", app.Name)
		err = m.CreateRepository(app.Name, userNames)
		switch err {
		case repository.ErrRepositoryAlreadExists:
			fmt.Fprintln(w, "already present in Gandalf")
		case nil:
			fmt.Fprintln(w, "OK")
		default:
			return err
		}
		for _, user := range userNames {
			m.GrantAccess(app.Name, user)
		}
	}
	return nil
}
Beispiel #7
0
func migrateRoles() error {
	adminTeam, err := config.GetString("admin-team")
	if err != nil {
		return err
	}
	adminRole, err := createRole("admin", "global")
	if err != nil {
		return err
	}
	err = adminRole.AddPermissions("*")
	if err != nil {
		return err
	}
	teamMember, err := createRole("team-member", "team")
	if err != nil {
		return err
	}
	err = teamMember.AddPermissions(permission.PermApp.FullName(),
		permission.PermTeam.FullName(),
		permission.PermServiceInstance.FullName())
	if err != nil {
		return err
	}
	err = teamMember.AddEvent(permission.RoleEventTeamCreate.String())
	if err != nil {
		return err
	}
	teamCreator, err := createRole("team-creator", "global")
	if err != nil {
		return err
	}
	err = teamCreator.AddPermissions(permission.PermTeamCreate.FullName())
	if err != nil {
		return err
	}
	err = teamCreator.AddEvent(permission.RoleEventUserCreate.String())
	if err != nil {
		return err
	}
	users, err := auth.ListUsers()
	if err != nil {
		return err
	}
	conn, err := db.Conn()
	if err != nil {
		return err
	}
	defer conn.Close()
	for _, u := range users {
		var teams []auth.Team
		err := conn.Teams().Find(bson.M{"users": bson.M{"$in": []string{u.Email}}}).All(&teams)
		if err != nil {
			return err
		}
		for _, team := range teams {
			if team.Name == adminTeam {
				err := u.AddRole(adminRole.Name, "")
				if err != nil {
					fmt.Printf("%s\n", err.Error())
				}
				continue
			}
			err := u.AddRole(teamMember.Name, team.Name)
			if err != nil {
				fmt.Printf("%s\n", err.Error())
			}
			err = u.AddRole(teamCreator.Name, "")
			if err != nil {
				fmt.Printf("%s\n", err.Error())
			}
		}
	}
	return nil
}