// Recomputes the set of roles a User has been granted access to by sync() functions.
// This is part of the ChannelComputer interface defined by the Authenticator.
func (context *DatabaseContext) ComputeRolesForUser(user auth.User) ([]string, error) {
var vres struct {
Rows []struct {
Value channels.TimedSet
}
}
opts := map[string]interface{}{"stale": false, "key": user.Name()}
if verr := context.Bucket.ViewCustom("sync_gateway", "role_access", opts, &vres); verr != nil {
return nil, verr
}
// Boil the list of TimedSets down to a simple set of role names:
all := map[string]bool{}
for _, row := range vres.Rows {
for name, _ := range row.Value {
all[name] = true
}
}
// Then turn that set into an array to return:
values := make([]string, 0, len(all))
for name, _ := range all {
values = append(values, name)
}
return values, nil
}
// Creates a userCtx object to be passed to the sync function
func makeUserCtx(user auth.User) map[string]interface{} {
if user == nil {
return nil
}
return map[string]interface{}{
"name": user.Name(),
"roles": user.RoleNames(),
"channels": user.InheritedChannels().AllChannels(),
}
}
func (listener *changeListener) NewWaiterWithChannels(chans base.Set, user auth.User) *changeWaiter {
waitKeys := make([]string, 0, 5)
for channel, _ := range chans {
waitKeys = append(waitKeys, channelLogDocID(channel))
}
if user != nil {
waitKeys = append(waitKeys, auth.UserKeyPrefix+user.Name())
for _, role := range user.RoleNames() {
waitKeys = append(waitKeys, auth.RoleKeyPrefix+role)
}
}
return listener.NewWaiter(waitKeys)
}
func (h *handler) makeSession(user auth.User) error {
if user == nil {
return base.HTTPErrorf(http.StatusUnauthorized, "Invalid login")
}
h.user = user
auth := h.db.Authenticator()
session, err := auth.CreateSession(user.Name(), kDefaultSessionTTL)
if err != nil {
return err
}
cookie := auth.MakeSessionCookie(session)
cookie.Path = "/" + h.db.Name + "/"
http.SetCookie(h.response, cookie)
return h.respondWithSessionInfo()
}
func (listener *changeListener) NewWaiterWithChannels(chans base.Set, user auth.User) *changeWaiter {
waitKeys := make([]string, 0, 5)
for channel, _ := range chans {
waitKeys = append(waitKeys, channel)
}
var userKeys []string
if user != nil {
userKeys = []string{auth.UserKeyPrefix + user.Name()}
for role, _ := range user.RoleNames() {
userKeys = append(userKeys, auth.RoleKeyPrefix+role)
}
waitKeys = append(waitKeys, userKeys...)
}
waiter := listener.NewWaiter(waitKeys)
waiter.userKeys = userKeys
return waiter
}
// Recomputes the set of roles a User has been granted access to by sync() functions.
// This is part of the ChannelComputer interface defined by the Authenticator.
func (context *DatabaseContext) ComputeRolesForUser(user auth.User) (channels.TimedSet, error) {
var vres struct {
Rows []struct {
Value channels.TimedSet
}
}
opts := map[string]interface{}{"stale": false, "key": user.Name()}
if verr := context.Bucket.ViewCustom("sync_gateway", "role_access", opts, &vres); verr != nil {
return nil, verr
}
// Merge the TimedSets from the view result:
var result channels.TimedSet
for _, row := range vres.Rows {
if result == nil {
result = row.Value
} else {
result.Add(row.Value)
}
}
return result, nil
}
// Handles PUT or POST to /username
func putUser(r http.ResponseWriter, rq *http.Request, a *auth.Authenticator, username string) error {
body, _ := ioutil.ReadAll(rq.Body)
var user auth.User
err := json.Unmarshal(body, &user)
if err != nil {
return err
}
if user.Channels == nil {
return &base.HTTPError{http.StatusBadRequest, "Missing channels property"}
}
if rq.Method == "POST" {
username = user.Name
if username == "" {
return &base.HTTPError{http.StatusBadRequest, "Missing name property"}
}
} else if user.Name == "" {
user.Name = username
} else if user.Name != username {
return &base.HTTPError{http.StatusBadRequest, "Name mismatch (can't change name)"}
}
log.Printf("SaveUser: %v", user) //TEMP
return a.SaveUser(&user)
}
