class RsUserPolicy::RightApi::PermissionUtilities
A set of utility methods for manipulating permissions using the RightScale right_api_client gem
Allows bulk actions on permissions without worrying about the complexity of retrying, creating/deleting in the correct order, and the like.
Public Class Methods
Creates all the passed in permissions using the supplied client. This method handles creating permissions with “observer” first in order to avoide the dreaded; RightApi::ApiError: Error: HTTP Code: 422, Response body: A user must have the observer role.
@param [Hash] permissions
A hash where the key is a RightScale API User href, and the value is a hash where the key is the permission role_title that the user should be granted, and the value is nil.
@param [RightApi::Client] client
An active RightApi::Client instance for the account referenced in account_href
@raise [RightApi::ApiError] If an unrecoverable API error has occurred.
@return [Hash] The permissions input hash, where the nil values have been replaced with the href of the permission which was created.
@example Create “observer” and “admin” permissions for two users
client = RightApi::Client.new(</snip>) permissions = { '/api/users/123' => { 'observer' => nil, 'admin' => nil }, '/api/users/456' => { 'observer' => nil, 'admin' => nil } } response = RsUserPolicy::RightApi::PermissionUtilities.create_permissions(permissions, client) puts JSON.pretty_generate(response) # Output would be as follows { '/api/users/123' => { 'observer' => '/api/permissions/1', 'admin' => '/api/permissions/2' }, '/api/users/456' => { 'observer' => '/api/permissions/3', 'admin' => '/api/permissions/4' } }
# File lib/rs_user_policy/right_api/permission_utilities.rb, line 112 def self.create_permissions(permissions, client) permissions.each do |user_href,perm_ary| user_perms_hash = Hash[perm_ary.keys.map{|p| [p, user_href]}] RsUserPolicy::Utilities.yield_on_keys_in_order(['observer'], user_perms_hash) do |role_title,user_href| created_permission = client.permissions.create( { 'permission[user_href]' => user_href, 'permission[role_title]' => role_title } ) permissions[user_href][role_title] = created_permission.href end end permissions end
Destroys all passed in permissions with the specified client. This method handles deleting permissions in the appropriate order to avoid the dreaded; RightApi::ApiError: Error: HTTP Code: 422, Response body: A user must have the observer role. TODO: Handle a 422 resulting from calling delete too quickly and attempting to remove “observer” when other deletes have not been committed
@param [Array<RightApi::ResourceDetail>] permissions
A hash of permissions where the key is the RightScale API href, and the value is the role_title. These permissions can be for one or many users, allowing a bulk actions.
@param [RightApi::Client] client
An active RightApi::Client instance for the account referenced in account_href
@raise [RightApi::ApiError] If an unrecoverable API error has occurred.
@return [Hash] A hash where the keys are the permission hrefs destroyed, and the values are the role_title of those permissions
# File lib/rs_user_policy/right_api/permission_utilities.rb, line 60 def self.destroy_permissions(permissions, client) perms_hash = {} permissions.each{|p| perms_hash[p.href] = p.role_title } RsUserPolicy::Utilities.yield_on_values_in_order(@@permission_delete_order, perms_hash) do |perm_href,role_title| client.permissions(:id => RsUserPolicy::Utilities.id_from_href(perm_href)).destroy() end perms_hash end