func marshalPrincipal(princ auth.Principal) ([]byte, error) {
name := externalUserName(princ.Name())
info := db.PrincipalConfig{
Name: &name,
ExplicitChannels: princ.ExplicitChannels().AsSet(),
}
if user, ok := princ.(auth.User); ok {
info.Channels = user.InheritedChannels().AsSet()
info.Email = user.Email()
info.Disabled = user.Disabled()
info.ExplicitRoleNames = user.ExplicitRoles().AllChannels()
info.RoleNames = user.RoleNames().AllChannels()
} else {
info.Channels = princ.Channels().AsSet()
}
return json.Marshal(info)
}
// Recomputes the set of channels a User/Role has been granted access to by sync() functions.
// This is part of the ChannelComputer interface defined by the Authenticator.
func (context *DatabaseContext) ComputeChannelsForPrincipal(princ auth.Principal) (channels.TimedSet, error) {
key := princ.Name()
if _, ok := princ.(auth.User); !ok {
key = "role:" + key // Roles are identified in access view by a "role:" prefix
}
var vres struct {
Rows []struct {
Value channels.TimedSet
}
}
opts := map[string]interface{}{"stale": false, "key": key}
if verr := context.Bucket.ViewCustom(DesignDocSyncGateway, ViewAccess, opts, &vres); verr != nil {
return nil, verr
}
channelSet := channels.TimedSet{}
for _, row := range vres.Rows {
channelSet.Add(row.Value)
}
return channelSet, nil
}