func listUsers(w http.ResponseWriter, r *http.Request, t auth.Token) error {
users, err := auth.ListUsers()
if err != nil {
return err
}
apiUsers := make([]apiUser, len(users))
for i, user := range users {
var teamsNames []string
if teams, err := user.Teams(); err == nil {
teamsNames = auth.GetTeamsNames(teams)
}
apiUsers[i] = apiUser{Email: user.Email, Teams: teamsNames}
}
return json.NewEncoder(w).Encode(apiUsers)
}
// title: user list
// path: /users
// method: GET
// produce: application/json
// responses:
// 200: OK
// 401: Unauthorized
func listUsers(w http.ResponseWriter, r *http.Request, t auth.Token) error {
userEmail := r.URL.Query().Get("userEmail")
roleName := r.URL.Query().Get("role")
contextValue := r.URL.Query().Get("context")
users, err := auth.ListUsers()
if err != nil {
return err
}
apiUsers := make([]apiUser, 0, len(users))
roleMap := make(map[string]*permission.Role)
includeAll := permission.Check(t, permission.PermUserUpdate)
perms, err := t.Permissions()
if err != nil {
return err
}
for _, user := range users {
usrData, err := createAPIUser(perms, &user, roleMap, includeAll)
if err != nil {
return err
}
if usrData == nil {
continue
}
if userEmail == "" && roleName == "" {
apiUsers = append(apiUsers, *usrData)
}
if userEmail != "" && usrData.Email == userEmail {
apiUsers = append(apiUsers, *usrData)
}
if roleName != "" {
for _, role := range usrData.Roles {
if role.Name == roleName {
if contextValue != "" && role.ContextValue == contextValue {
apiUsers = append(apiUsers, *usrData)
break
}
if contextValue == "" {
apiUsers = append(apiUsers, *usrData)
break
}
}
}
}
}
w.Header().Add("Content-Type", "application/json")
return json.NewEncoder(w).Encode(apiUsers)
}
func listUsers(w http.ResponseWriter, r *http.Request, t auth.Token) error {
users, err := auth.ListUsers()
if err != nil {
return err
}
apiUsers := make([]apiUser, 0, len(users))
for _, user := range users {
usrData, err := createApiUser(t, &user)
if err != nil {
return err
}
if usrData != nil {
apiUsers = append(apiUsers, *usrData)
}
}
return json.NewEncoder(w).Encode(apiUsers)
}
func Sync(w io.Writer) error {
var m gandalfManager
users, err := auth.ListUsers()
if err != nil {
return err
}
for _, user := range users {
fmt.Fprintf(w, "Syncing user %q... ", user.Email)
err = m.CreateUser(user.Email)
switch err {
case repository.ErrUserAlreadyExists:
fmt.Fprintln(w, "already present in Gandalf")
case nil:
fmt.Fprintln(w, "OK")
default:
return err
}
}
apps, err := app.List(nil, nil)
if err != nil {
return err
}
for _, app := range apps {
var users []string
for _, team := range app.GetTeams() {
users = append(users, team.Users...)
}
fmt.Fprintf(w, "Syncing app %q... ", app.Name)
err = m.CreateRepository(app.Name, users)
switch err {
case repository.ErrRepositoryAlreadExists:
fmt.Fprintln(w, "already present in Gandalf")
case nil:
fmt.Fprintln(w, "OK")
default:
return err
}
for _, user := range users {
m.GrantAccess(app.Name, user)
}
}
return nil
}
func listUsers(w http.ResponseWriter, r *http.Request, t auth.Token) error {
users, err := auth.ListUsers()
if err != nil {
return err
}
apiUsers := make([]apiUser, 0, len(users))
roleMap := make(map[string]*permission.Role)
perms, err := t.Permissions()
if err != nil {
return err
}
for _, user := range users {
usrData, err := createApiUser(perms, &user, roleMap)
if err != nil {
return err
}
if usrData != nil {
apiUsers = append(apiUsers, *usrData)
}
}
return json.NewEncoder(w).Encode(apiUsers)
}
func Sync(w io.Writer) error {
var m gandalfManager
users, err := auth.ListUsers()
if err != nil {
return err
}
for _, user := range users {
fmt.Fprintf(w, "Syncing user %q... ", user.Email)
err = m.CreateUser(user.Email)
switch err {
case repository.ErrUserAlreadyExists:
fmt.Fprintln(w, "already present in Gandalf")
case nil:
fmt.Fprintln(w, "OK")
default:
return err
}
}
apps, err := app.List(nil)
if err != nil {
return err
}
for _, app := range apps {
allowedPerms := []permission.Permission{
{
Scheme: permission.PermAppDeploy,
Context: permission.Context(permission.CtxGlobal, ""),
},
{
Scheme: permission.PermAppDeploy,
Context: permission.Context(permission.CtxPool, app.Pool),
},
}
for _, t := range app.GetTeams() {
allowedPerms = append(allowedPerms, permission.Permission{
Scheme: permission.PermAppDeploy,
Context: permission.Context(permission.CtxTeam, t.Name),
})
}
users, err := auth.ListUsersWithPermissions(allowedPerms...)
if err != nil {
return err
}
userNames := make([]string, len(users))
for i := range users {
userNames[i] = users[i].Email
}
fmt.Fprintf(w, "Syncing app %q... ", app.Name)
err = m.CreateRepository(app.Name, userNames)
switch err {
case repository.ErrRepositoryAlreadExists:
fmt.Fprintln(w, "already present in Gandalf")
case nil:
fmt.Fprintln(w, "OK")
default:
return err
}
for _, user := range userNames {
m.GrantAccess(app.Name, user)
}
}
return nil
}
func migrateRoles() error {
adminTeam, err := config.GetString("admin-team")
if err != nil {
return err
}
adminRole, err := createRole("admin", "global")
if err != nil {
return err
}
err = adminRole.AddPermissions("*")
if err != nil {
return err
}
teamMember, err := createRole("team-member", "team")
if err != nil {
return err
}
err = teamMember.AddPermissions(permission.PermApp.FullName(),
permission.PermTeam.FullName(),
permission.PermServiceInstance.FullName())
if err != nil {
return err
}
err = teamMember.AddEvent(permission.RoleEventTeamCreate.String())
if err != nil {
return err
}
teamCreator, err := createRole("team-creator", "global")
if err != nil {
return err
}
err = teamCreator.AddPermissions(permission.PermTeamCreate.FullName())
if err != nil {
return err
}
err = teamCreator.AddEvent(permission.RoleEventUserCreate.String())
if err != nil {
return err
}
users, err := auth.ListUsers()
if err != nil {
return err
}
conn, err := db.Conn()
if err != nil {
return err
}
defer conn.Close()
for _, u := range users {
var teams []auth.Team
err := conn.Teams().Find(bson.M{"users": bson.M{"$in": []string{u.Email}}}).All(&teams)
if err != nil {
return err
}
for _, team := range teams {
if team.Name == adminTeam {
err := u.AddRole(adminRole.Name, "")
if err != nil {
fmt.Printf("%s\n", err.Error())
}
continue
}
err := u.AddRole(teamMember.Name, team.Name)
if err != nil {
fmt.Printf("%s\n", err.Error())
}
err = u.AddRole(teamCreator.Name, "")
if err != nil {
fmt.Printf("%s\n", err.Error())
}
}
}
return nil
}
