class RsUserPolicy::User

Attributes

email[R]
href[R]
permissions[R]

Public Class Methods

new(user) click to toggle source

Initializes read only attributes for an RsUserPolicy::User

@param [RightApi::ResourceDetail] user The user detail returned by RightApi::Client

# File lib/rs_user_policy/user.rb, line 29
def initialize(user)
  @email = user.email
  @href = user.href
  @user = user
  @permissions = {}
end

Public Instance Methods

add_permission(account_href, permission) click to toggle source

Adds a single permission for a single RightScale account

@param [String] account_href The RightScale API href of the account @param [RightApi::ResourceDetail] permission A single RightApi::ResourceDetail for a permission.

# File lib/rs_user_policy/user.rb, line 51
def add_permission(account_href, permission)
  @permissions[account_href] ||= []
  @permissions[account_href] << permission
end
clear_permissions(account_href, client, options={}) click to toggle source

Removes all permissions for the user in the specified rightscale account using the supplied client

@param [String] account_href The RightScale API href of the account @param [RightApi::Client] client An active RightApi::Client instance for the account referenced in account_href @param [Hash] options Optional parameters @option options [Bool] :dry_run If true, no API calls will be made, but the return value will contain the actions which would have been taken

@raise [RightApi::ApiError] If an unrecoverable API error has occurred.

@return [Hash] A hash where the keys are the permission hrefs destroyed, and the keys are the role_title of those permissions

# File lib/rs_user_policy/user.rb, line 75
def clear_permissions(account_href, client, options={})
  options = {:dry_run => false}.merge(options)
  current_permissions = get_api_permissions(account_href)
  if options[:dry_run]
    Hash[current_permissions.map{|p| [p.href, p.role_title]}]
  else
    retval = RsUserPolicy::RightApi::PermissionUtilities.destroy_permissions(
      current_permissions,
      client
    )
    @permissions.delete(account_href)
    retval
  end
end
get_api_permissions(account_href) click to toggle source

Returns the RightScale permissions the user has for the specified account href

@param [String] account_href The RightScale API href of the account

@return [Array<RightApi::ResourceDetail>] An array of permission RightApi::ResourceDetail objects

# File lib/rs_user_policy/user.rb, line 61
def get_api_permissions(account_href)
  @permissions[account_href] || []
end
set_api_permissions(permissions, account_href, client, options={}) click to toggle source

Removes and adds permissions as appropriate so that the users current permissions reflect the desired set passed in as “permissions”

@param [Array<String>] permissions The list of desired permissions for the user in the specified account @param [String] account_href The RightScale API href of the account @param [RightApi::Client] client An active RightApi::Client instance for the account referenced in account_href @param [Hash] options Optional parameters @option options [Bool] :dry_run If true, no API calls will be made, but the return value will contain the actions which would have been taken

@raise [RightApi::ApiError] If an unrecoverable API error has occurred.

@return [Hash,Hash] A tuple where two hashes are returned. The keys of the hashes are the href of the permission, and the values are the role_title of the permission. The first hash is the permissions removed, and the second hash is the permissions added

# File lib/rs_user_policy/user.rb, line 102
def set_api_permissions(permissions, account_href, client, options={})
  options = {:dry_run => false}.merge(options)
  existing_api_permissions_response = get_api_permissions(account_href)
  existing_api_permissions = Hash[existing_api_permissions_response.map{|p| [p.role_title, p] }]
  if permissions.length == 0
    removed = clear_permissions(account_href, client, options)
    @permissions.delete(account_href)
    return removed, {}
  else
    permissions_to_remove = (existing_api_permissions.keys - permissions).map{|p| existing_api_permissions[p]}
    remove_response = Hash[permissions_to_remove.map{|p| [p.href, p.role_title]}]
    unless options[:dry_run]
      remove_response = RsUserPolicy::RightApi::PermissionUtilities.destroy_permissions(permissions_to_remove, client)
    end

    permissions_to_add = {
      @href => Hash[(permissions - existing_api_permissions.keys).map{|p| [p,nil]}]
    }
    add_response = {}
    if options[:dry_run]
      href_idx = 0
      add_response = {
        @href => Hash[(permissions - existing_api_permissions.keys).map{|p| [p,(href_idx += 1)]}]
      }
    else
      add_response = RsUserPolicy::RightApi::PermissionUtilities.create_permissions(permissions_to_add, client)
    end

    @permissions[account_href] = client.permissions.index(:filter => ["user_href==#{@href}"]) unless options[:dry_run]

    return remove_response, Hash[add_response[@href].keys.map{|p| [add_response[@href][p],p]}]
  end
end
to_hash() click to toggle source

Converts this object to a hash which can be serialized

# File lib/rs_user_policy/user.rb, line 37
def to_hash()
  rethash = {
    "permissions" => @permissions
  }
  (@user.attributes - [:links]).each do |attr_sym|
    rethash[attr_sym.to_s] = @user.send(attr_sym.to_s)
  end
  rethash
end