github.com/axw/juju@v0.0.0-20161005053422-4bd6544d08d4/state/controlleruser.go

github.com/axw/juju@v0.0.0-20161005053422-4bd6544d08d4/state/controlleruser.go (about)

     1  // Copyright 2016 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package state
     5  
     6  import (
     7  	"fmt"
     8  	"strings"
     9  	"time"
    10  
    11  	"github.com/juju/errors"
    12  	"gopkg.in/juju/names.v2"
    13  	"gopkg.in/mgo.v2"
    14  	"gopkg.in/mgo.v2/txn"
    15  
    16  	"github.com/juju/juju/permission"
    17  )
    18  
    19  const defaultControllerPermission = permission.LoginAccess
    20  
    21  // setAccess changes the user's access permissions on the controller.
    22  func (st *State) setControllerAccess(access permission.Access, userGlobalKey string) error {
    23  	if err := permission.ValidateControllerAccess(access); err != nil {
    24  		return errors.Trace(err)
    25  	}
    26  	op := updatePermissionOp(controllerKey(st.ControllerUUID()), userGlobalKey, access)
    27  
    28  	err := st.runTransaction([]txn.Op{op})
    29  	if err == txn.ErrAborted {
    30  		return errors.NotFoundf("existing permissions")
    31  	}
    32  	return errors.Trace(err)
    33  }
    34  
    35  // controllerUser a model userAccessDoc.
    36  func (st *State) controllerUser(user names.UserTag) (userAccessDoc, error) {
    37  	controllerUser := userAccessDoc{}
    38  	controllerUsers, closer := st.getCollection(controllerUsersC)
    39  	defer closer()
    40  
    41  	username := strings.ToLower(user.Canonical())
    42  	err := controllerUsers.FindId(username).One(&controllerUser)
    43  	if err == mgo.ErrNotFound {
    44  		return userAccessDoc{}, errors.NotFoundf("controller user %q", user.Canonical())
    45  	}
    46  	// DateCreated is inserted as UTC, but read out as local time. So we
    47  	// convert it back to UTC here.
    48  	controllerUser.DateCreated = controllerUser.DateCreated.UTC()
    49  	return controllerUser, nil
    50  }
    51  
    52  func createControllerUserOps(controllerUUID string, user, createdBy names.UserTag, displayName string, dateCreated time.Time, access permission.Access) []txn.Op {
    53  	creatorname := createdBy.Canonical()
    54  	doc := &userAccessDoc{
    55  		ID:          userAccessID(user),
    56  		ObjectUUID:  controllerUUID,
    57  		UserName:    user.Canonical(),
    58  		DisplayName: displayName,
    59  		CreatedBy:   creatorname,
    60  		DateCreated: dateCreated,
    61  	}
    62  	ops := []txn.Op{
    63  		createPermissionOp(controllerKey(controllerUUID), userGlobalKey(userAccessID(user)), access),
    64  		{
    65  			C:      controllerUsersC,
    66  			Id:     userAccessID(user),
    67  			Assert: txn.DocMissing,
    68  			Insert: doc,
    69  		},
    70  	}
    71  	return ops
    72  }
    73  
    74  func removeControllerUserOps(controllerUUID string, user names.UserTag) []txn.Op {
    75  	return []txn.Op{
    76  		removePermissionOp(controllerKey(controllerUUID), userGlobalKey(userAccessID(user))),
    77  		{
    78  			C:      controllerUsersC,
    79  			Id:     userAccessID(user),
    80  			Assert: txn.DocExists,
    81  			Remove: true,
    82  		}}
    83  
    84  }
    85  
    86  // RemoveControllerUser removes a user from the database.
    87  func (st *State) removeControllerUser(user names.UserTag) error {
    88  	ops := removeControllerUserOps(st.ControllerUUID(), user)
    89  	err := st.runTransaction(ops)
    90  	if err == txn.ErrAborted {
    91  		err = errors.NewNotFound(nil, fmt.Sprintf("controller user %q does not exist", user.Canonical()))
    92  	}
    93  	if err != nil {
    94  		return errors.Trace(err)
    95  	}
    96  	return nil
    97  }