Class: RsUserPolicy::RightApi::PermissionUtilities

Inherits:

Object

Object
RsUserPolicy::RightApi::PermissionUtilities

show all

Defined in:: lib/rs_user_policy/right_api/permission_utilities.rb

Overview

A set of utility methods for manipulating permissions using the RightScale right_api_client gem

Allows bulk actions on permissions without worrying about the complexity of retrying, creating/deleting in the correct order, and the like.

Constant Summary collapse

@@permission_delete_order =

[
  'enterprise_manager',
  'admin',
  'security_manager',
  'actor',
  'billing',
  'server_superuser',
  'server_login',
  'publisher',
  'designer',
  'library',
  'lite_user',
  'observer'
]

Class Method Summary collapse

.create_permissions(permissions, client) ⇒ Hash

Creates all the passed in permissions using the supplied client.
.destroy_permissions(permissions, client) ⇒ Hash

Destroys all passed in permissions with the specified client.

Class Method Details

.create_permissions(permissions, client) ⇒ `Hash`

Creates all the passed in permissions using the supplied client. This method handles creating permissions with “observer” first in order to avoide the dreaded; RightApi::ApiError: Error: HTTP Code: 422, Response body: A user must have the observer role.

Examples:

Create “observer” and “admin” permissions for two users

client = RightApi::Client.new(</snip>)

permissions = {
  '/api/users/123' => {
    'observer' => nil,
    'admin' => nil
  },
  '/api/users/456' => {
    'observer' => nil,
    'admin' => nil
  }
}

response = RsUserPolicy::RightApi::PermissionUtilities.create_permissions(permissions, client)

puts JSON.pretty_generate(response)

# Output would be as follows
{
  '/api/users/123' => {
    'observer' => '/api/permissions/1',
    'admin' => '/api/permissions/2'
  },
  '/api/users/456' => {
    'observer' => '/api/permissions/3',
    'admin' => '/api/permissions/4'
  }
}

Parameters:

permissions (Hash) —

A hash where the key is a RightScale API User href, and the value is a hash where the key is the permission role_title that the user should be granted, and the value is nil.
client (RightApi::Client) —

An active RightApi::Client instance for the account referenced in account_href

Returns:

(Hash) —

The permissions input hash, where the nil values have been replaced with the href of the permission which was created.

Raises:

(RightApi::ApiError) —

If an unrecoverable API error has occurred.

# File 'lib/rs_user_policy/right_api/permission_utilities.rb', line 112

def self.create_permissions(permissions, client)
  permissions.each do |user_href,perm_ary|
    user_perms_hash = Hash[perm_ary.keys.map{|p| [p, user_href]}]
    RsUserPolicy::Utilities.yield_on_keys_in_order(['observer'], user_perms_hash) do |role_title,user_href|
      created_permission = client.permissions.create(
        {
          'permission[user_href]' => user_href,
          'permission[role_title]' => role_title
        }
      )
      permissions[user_href][role_title] = created_permission.href
    end
  end
  permissions
end

.destroy_permissions(permissions, client) ⇒ `Hash`

Destroys all passed in permissions with the specified client. This method handles deleting permissions in the appropriate order to avoid the dreaded; RightApi::ApiError: Error: HTTP Code: 422, Response body: A user must have the observer role. TODO: Handle a 422 resulting from calling delete too quickly and attempting to remove “observer” when other deletes have not been committed