Class: RsUserPolicy::User

Inherits:

Object

• Object
• RsUserPolicy::User

Defined in:

lib/rs_user_policy/user.rb

Instance Attribute Summary

• #email ⇒ Object readonly

  Returns the value of attribute email.

• #href ⇒ Object readonly

  Returns the value of attribute href.

• #permissions ⇒ Object readonly

  Returns the value of attribute permissions.

Instance Method Summary

• #add_permission(account_href, permission) ⇒ Object

  Adds a single permission for a single RightScale account.

• #clear_permissions(account_href, client, options = {}) ⇒ Hash

  Removes all permissions for the user in the specified rightscale account using the supplied client.

• #get_api_permissions(account_href) ⇒ Array<RightApi::ResourceDetail>

  Returns the RightScale permissions the user has for the specified account href.

• #initialize(user) ⇒ User constructor

  Initializes read only attributes for an RsUserPolicy::User.

• #set_api_permissions(permissions, account_href, client, options = {}) ⇒ Hash

  Removes and adds permissions as appropriate so that the users current permissions reflect the desired set passed in as “permissions”.

• #to_hash ⇒ Object

  Converts this object to a hash which can be serialized.

Constructor Details

#initialize(user) ⇒ User

Initializes read only attributes for an RsUserPolicy::User

Parameters:

• user (RightApi::ResourceDetail) —

  The user detail returned by RightApi::Client

# File 'lib/rs_user_policy/user.rb', line 29

def initialize(user)
  @email = user.email
  @href = user.href
  @user = user
  @permissions = {}
end

Instance Attribute Details

#email ⇒ Object (readonly)

Returns the value of attribute email.

# File 'lib/rs_user_policy/user.rb', line 24

def email
  @email
end

#href ⇒ Object (readonly)

Returns the value of attribute href.

# File 'lib/rs_user_policy/user.rb', line 24

def href
  @href
end

#permissions ⇒ Object (readonly)

Returns the value of attribute permissions.

# File 'lib/rs_user_policy/user.rb', line 24

def permissions
  @permissions
end

Instance Method Details

#add_permission(account_href, permission) ⇒ Object

Adds a single permission for a single RightScale account

Parameters:

• account_href (String) —

  The RightScale API href of the account

• permission (RightApi::ResourceDetail) —

  A single RightApi::ResourceDetail for a permission.

# File 'lib/rs_user_policy/user.rb', line 51

def add_permission(account_href, permission)
  @permissions[account_href] ||= []
  @permissions[account_href] << permission
end

#clear_permissions(account_href, client, options = {}) ⇒ Hash

Removes all permissions for the user in the specified rightscale account using the supplied client

Parameters:

• account_href (String) —

  The RightScale API href of the account

• client (RightApi::Client) —

  An active RightApi::Client instance for the account referenced in account_href

• options (Hash) (defaults to: {}) —

  Optional parameters

Options Hash (options):

• :dry_run (Bool) —

  If true, no API calls will be made, but the return value will contain the actions which would have been taken

Returns:

• (Hash) —

  A hash where the keys are the permission hrefs destroyed, and the keys are the role_title of those permissions

Raises:

• (RightApi::ApiError) —

  If an unrecoverable API error has occurred.

# File 'lib/rs_user_policy/user.rb', line 75

def clear_permissions(account_href, client, options={})
  options = {:dry_run => false}.merge(options)
  current_permissions = get_api_permissions(account_href)
  if options[:dry_run]
    Hash[current_permissions.map{|p| [p.href, p.role_title]}]
  else
    retval = RsUserPolicy::RightApi::PermissionUtilities.destroy_permissions(
      current_permissions,
      client
    )
    @permissions.delete(account_href)
    retval
  end
end

#get_api_permissions(account_href) ⇒ Array<RightApi::ResourceDetail>

Returns the RightScale permissions the user has for the specified account href

Parameters:

• account_href (String) —

  The RightScale API href of the account

Returns:

• (Array<RightApi::ResourceDetail>) —

  An array of permission RightApi::ResourceDetail objects

# File 'lib/rs_user_policy/user.rb', line 61

def get_api_permissions(account_href)
  @permissions[account_href] || []
end

#set_api_permissions(permissions, account_href, client, options = {}) ⇒ Hash

Removes and adds permissions as appropriate so that the users current permissions reflect the desired set passed in as “permissions”

Parameters:

• permissions (Array<String>) —

  The list of desired permissions for the user in the specified account

• account_href (String) —

  The RightScale API href of the account

• client (RightApi::Client) —

  An active RightApi::Client instance for the account referenced in account_href

• options (Hash) (defaults to: {}) —

  Optional parameters

Options Hash (options):

• :dry_run (Bool) —

  If true, no API calls will be made, but the return value will contain the actions which would have been taken

Returns:

• (Hash, Hash) —

  A tuple where two hashes are returned. The keys of the hashes are the href of the permission, and the values are the role_title of the permission. The first hash is the permissions removed, and the second hash is the permissions added

Raises:

• (RightApi::ApiError) —

  If an unrecoverable API error has occurred.

# File 'lib/rs_user_policy/user.rb', line 102

def set_api_permissions(permissions, account_href, client, options={})
  options = {:dry_run => false}.merge(options)
  existing_api_permissions_response = get_api_permissions(account_href)
  existing_api_permissions = Hash[existing_api_permissions_response.map{|p| [p.role_title, p] }]
  if permissions.length == 0
    removed = clear_permissions(account_href, client, options)
    @permissions.delete(account_href)
    return removed, {}
  else
    permissions_to_remove = (existing_api_permissions.keys - permissions).map{|p| existing_api_permissions[p]}
    remove_response = Hash[permissions_to_remove.map{|p| [p.href, p.role_title]}]
    unless options[:dry_run]
      remove_response = RsUserPolicy::RightApi::PermissionUtilities.destroy_permissions(permissions_to_remove, client)
    end

    permissions_to_add = {
      @href => Hash[(permissions - existing_api_permissions.keys).map{|p| [p,nil]}]
    }
    add_response = {}
    if options[:dry_run]
      href_idx = 0
      add_response = {
        @href => Hash[(permissions - existing_api_permissions.keys).map{|p| [p,(href_idx += 1)]}]
      }
    else
      add_response = RsUserPolicy::RightApi::PermissionUtilities.create_permissions(permissions_to_add, client)
    end

    @permissions[account_href] = client.permissions.index(:filter => ["user_href==#{@href}"]) unless options[:dry_run]

    return remove_response, Hash[add_response[@href].keys.map{|p| [add_response[@href][p],p]}]
  end
end

#to_hash ⇒ Object

Converts this object to a hash which can be serialized

# File 'lib/rs_user_policy/user.rb', line 37

def to_hash()
  rethash = {
    "permissions" => @permissions
  }
  (@user.attributes - [:links]).each do |attr_sym|
    rethash[attr_sym.to_s] = @user.send(attr_sym.to_s)
  end
  rethash
end