Module: Cloudant::Security
- Included in:
- API
- Defined in:
- lib/cloudant/security.rb
Class Method Summary collapse
-
.check_roles(roles) ⇒ Object
Checks input array to make sure it contains only valid roles.
Instance Method Summary collapse
-
#create_api_keys ⇒ Object
Returns => “str”, “key” => “str”, “ok” => true.
-
#delete_user(user) ⇒ Object
Accepts a string - a key with permissions already existing in the database If the key isn’t found within the database, no changes are made.
-
#new_user(user_roles) ⇒ Object
Methd to create and authorize a new set of credentials.
-
#permissions ⇒ Object
The Security Module contains methods to read and modify existing users, permissions, and credentials.
-
#roles ⇒ Object
View existing user permissions in the database Returns => {“key” => [“_permission”]}.
-
#update_roles(doc) ⇒ Object
Grant or revoke permissions Accepts a document: => {“key” => [“_permission”]}.
Class Method Details
.check_roles(roles) ⇒ Object
Checks input array to make sure it contains only valid roles. Any invalid roles will be removed. If there are a mix of valid and invalid roles in the array, the new user will be created with only the valid roles. If the input is empty, or no valid roles are present, no user will be created.
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
# File 'lib/cloudant/security.rb', line 71 def self.check_roles(roles) all_roles = ["_reader","_writer","_admin","_replicator","_db_updates","_design","_shards","_security"] validated = [] if roles && roles.is_a?(Array) roles.each do |role| role_str = role.to_s role_str = role_str[1..-1] if role_str[0] == "_" role_str = "_#{role_str}" validated << role_str if all_roles.include?(role_str) end end validated = nil if validated.empty? validated end |
Instance Method Details
#create_api_keys ⇒ Object
Returns => “str”, “key” => “str”, “ok” => true
28 29 30 |
# File 'lib/cloudant/security.rb', line 28 def create_api_keys @conn.query({url_path: "_api/v2/api_keys", method: :post}) end |
#delete_user(user) ⇒ Object
Accepts a string - a key with permissions already existing in the database If the key isn’t found within the database, no changes are made.
59 60 61 62 63 64 65 |
# File 'lib/cloudant/security.rb', line 59 def delete_user(user) users = roles existing = users["cloudant"] existing.delete(user) if existing update_roles(users) end |
#new_user(user_roles) ⇒ Object
Methd to create and authorize a new set of credentials. :new_user accepts and array of either symbols or hashes, corresponding to the roles available in Cloudant as see in all_roles below. Returns the credentials and roles => “str”, “key” => “str”, “ok” => true, “roles”: []
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'lib/cloudant/security.rb', line 36 def new_user(user_roles) checked = Security.check_roles(user_roles) if checked users = roles keys = create_api_keys existing_users = users["cloudant"] users["cloudant"] = {} unless existing_users # If no users exist a blank has is returned instead of {"cloudant": {}} users["cloudant"][keys["key"]] = checked keys["roles"] = checked update_roles(users) else raise ArgumentError.new('invalid - permitted roles: reader, writer, admin, replicator, db_updates, design, shards, security') end keys end |
#permissions ⇒ Object
The Security Module contains methods to read and modify existing users, permissions, and credentials. The default credentials provided upon account creaton have _admin level access to all account databases; any subsequent users or API keys created must have permissions explicitly set.
View permissions for the current user Can only be accessed after performing cookie auth
11 12 13 |
# File 'lib/cloudant/security.rb', line 11 def @conn.query({url_path: "_session", method: :get}) end |
#roles ⇒ Object
View existing user permissions in the database Returns => {“key” => [“_permission”]}
17 18 19 |
# File 'lib/cloudant/security.rb', line 17 def roles @conn.query({url_path: "_api/v2/db/#{database}/_security", method: :get}) end |
#update_roles(doc) ⇒ Object
Grant or revoke permissions Accepts a document: => {“key” => [“_permission”]}
23 24 25 |
# File 'lib/cloudant/security.rb', line 23 def update_roles(doc) @conn.query({url_path: "_api/v2/db/#{database}/_security", opts: doc, method: :put}) end |