/ucengine/src/controllers/user_controller.erl
Erlang | 210 lines | 166 code | 27 blank | 17 comment | 0 complexity | ea9965972b3c2dab31a9ecfac26e29f9 MD5 | raw file
1%% 2%% U.C.Engine - Unified Collaboration Engine 3%% Copyright (C) 2011 af83 4%% 5%% This program is free software: you can redistribute it and/or modify 6%% it under the terms of the GNU Affero General Public License as published by 7%% the Free Software Foundation, either version 3 of the License, or 8%% (at your option) any later version. 9%% 10%% This program is distributed in the hope that it will be useful, 11%% but WITHOUT ANY WARRANTY; without even the implied warranty of 12%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13%% GNU Affero General Public License for more details. 14%% 15%% You should have received a copy of the GNU Affero General Public License 16%% along with this program. If not, see <http://www.gnu.org/licenses/>. 17%% 18-module(user_controller). 19 20-export([init/0, add/4, update/4, get/4, find/4, list/4, delete/4, check_access/4, add_role/4, delete_role/4]). 21 22-include("uce.hrl"). 23 24init() -> 25 [#uce_route{method='POST', 26 path=["user"], 27 callback={?MODULE, add, 28 [{"uid", "", string}, 29 {"sid", "", string}, 30 {"name", required, string}, 31 {"auth", required, string}, 32 {"credential", required, string}, 33 {"metadata", [], dictionary}]}}, 34 35 #uce_route{method='GET', 36 path=["user"], 37 callback={?MODULE, list, 38 [{"uid", required, string}, 39 {"sid", required, string}]}}, 40 41 #uce_route{method='GET', 42 path=["user", id], 43 callback={?MODULE, get, 44 [{"uid", required, string}, 45 {"sid", required, string}]}}, 46 47 #uce_route{method='GET', 48 path=["find","user"], 49 callback={?MODULE, find, 50 [{"uid", required, string}, 51 {"sid", required, string}, 52 {"by_name", "", string}, 53 {"by_uid", "", string}]}}, 54 55 #uce_route{method='PUT', 56 path=["user", id], 57 callback={?MODULE, update, 58 [{"uid", required, string}, 59 {"sid", required, string}, 60 {"name", required, string}, 61 {"auth", required, string}, 62 {"credential", required, string}, 63 {"metadata", [], dictionary}]}}, 64 65 #uce_route{method='DELETE', 66 path=["user", id], 67 callback={?MODULE, delete, 68 [{"uid", required, string}, 69 {"sid", required, string}]}}, 70 71 #uce_route{method='GET', 72 path=["user", id, "can", action, object, '...'], 73 callback={?MODULE, check_access, 74 [{"uid", required, string}, 75 {"sid", required, string}, 76 {"conditions", [], dictionary}]}}, 77 78 #uce_route{method='POST', 79 path=["user", id, "roles"], 80 callback={?MODULE, add_role, 81 [{"uid", required, string}, 82 {"sid", required, string}, 83 {"role", required, string}, 84 {"location", "", string}]}}, 85 86 #uce_route{method='DELETE', 87 path=["user", id, "roles", role, '...'], 88 callback={?MODULE, delete_role, 89 [{"uid", required, string}, 90 {"sid", required, string}]}}]. 91 92 93add(Domain, [], [Uid, Sid, Name, Auth, Credential, Metadata], _) -> 94 case config:get(Domain, register) of 95 open -> 96 create_user(Domain, [Name, Auth, Credential, Metadata]); 97 restricted -> 98 {ok, true} = uce_presence:assert(Domain, Uid, Sid), 99 {ok, true} = uce_access:assert(Domain, Uid, "", "user", "add"), 100 create_user(Domain, [Name, Auth, Credential, Metadata]) 101 end. 102 103create_user(Domain, [Name, Auth, Credential, Metadata]) -> 104 {ok, NewUserUid} = uce_user:add(Domain, #uce_user{id=none, 105 name=Name, 106 auth=Auth, 107 credential=Credential, 108 metadata=json_helpers:to_struct(Metadata)}), 109 110 {ok, _} = uce_event:add(Domain, #uce_event{id=none, 111 from=NewUserUid, 112 location="", 113 type="internal.user.add"}), 114 json_helpers:created(Domain, NewUserUid). 115 116list(Domain, [], [Uid, Sid], _) -> 117 {ok, true} = uce_presence:assert(Domain, Uid, Sid), 118 {ok, true} = uce_access:assert(Domain, Uid, "", "user", "list"), 119 {ok, Users} = uce_user:list(Domain), 120 json_helpers:json(Domain, Users). 121 122get(Domain, [{id, Id}], [Uid, Sid], _) -> 123 {ok, true} = uce_presence:assert(Domain, Uid, Sid), 124 {ok, true} = uce_access:assert(Domain, Uid, "", "user", "get", [{"user", Id}]), 125 {ok, User} = uce_user:get(Domain, Id), 126 json_helpers:json(Domain, User). 127 128find(Domain, [], [Uid, Sid, ByName, _ByUid], _ ) when ByName /= "" -> 129 {ok, true} = uce_presence:assert(Domain, Uid, Sid), 130 {ok, true} = uce_access:assert(Domain, Uid, "", "user", "get", []), 131 {ok, User} = uce_user:get_by_name(Domain, ByName), 132 json_helpers:json(Domain, User); 133 134find(Domain, [], [Uid, Sid, _ByName, ByUid], _ ) when ByUid /= "" -> 135 {ok, true} = uce_presence:assert(Domain, Uid, Sid), 136 {ok, true} = uce_access:assert(Domain, Uid, "", "user", "get", []), 137 {ok, User} = uce_user:get(Domain, ByUid), 138 json_helpers:json(Domain, User); 139 140find(_Domain, [], [_Uid, _Sid, _ByName, _ByUid], _ )-> 141 throw({error, missing_parameter}). 142 143update(Domain, [{id, Id}], [Uid, Sid, Name, Auth, Credential, Metadata], _) -> 144 {ok, true} = uce_presence:assert(Domain, Uid, Sid), 145 {ok, true} = uce_access:assert(Domain, Uid, "", "user", "update", [{"user", Id}, 146 {"auth", Auth}]), 147 {ok, Record} = uce_user:get(Domain, Id), 148 {ok, updated} = uce_user:update(Domain, Record#uce_user{name=Name, 149 auth=Auth, 150 credential=Credential, 151 metadata=json_helpers:to_struct(Metadata)}), 152 153 {ok, _} = uce_event:add(Domain, 154 #uce_event{id=none, 155 from=Id, 156 location="", 157 type="internal.user.update"}), 158 159 json_helpers:ok(Domain). 160 161delete(Domain, [{id, Id}], [Uid, Sid], _) -> 162 {ok, true} = uce_presence:assert(Domain, Uid, Sid), 163 {ok, true} = uce_access:assert(Domain, Uid, "", "user", "delete", [{"user", Id}]), 164 {ok, deleted} = uce_user:delete(Domain, Id), 165 json_helpers:ok(Domain). 166 167check_access(Domain, [Name, Action, Object], [Uid, Sid, Conditions], Arg) -> 168 check_access(Domain, [Name, Action, Object, ""], [Uid, Sid, Conditions], Arg); 169check_access(Domain, [{id, Name}, {action, Action}, {object, Object}, Location], [Uid, Sid, Conditions], _Arg) -> 170 {ok, true} = uce_presence:assert(Domain, Uid, Sid), 171 {ok, true} = uce_access:assert(Domain, Uid, "", "access", "check", [{"user", Name}, 172 {"action", Action}, 173 {"object", Object}, 174 {"location", Location}]), 175 case uce_access:check(Domain, Name, Location, Object, Action, Conditions) of 176 {ok, true} -> 177 json_helpers:true(Domain); 178 {ok, false} -> 179 json_helpers:false(Domain) 180 end. 181 182add_role(Domain, [{id, Name}], [Uid, Sid, Role, Location], _) -> 183 {ok, true} = uce_presence:assert(Domain, Uid, Sid), 184 {ok, true} = uce_access:assert(Domain, Uid, Location, "user.role", "add", [{"user", Name}, 185 {"role", Role}]), 186 {ok, updated} = uce_user:add_role(Domain, Name, {Role, Location}), 187 {ok, _} = uce_event:add(Domain, 188 #uce_event{id=none, 189 from=Uid, 190 location=Location, 191 type="internal.user.role.add", 192 metadata=[{"role", Role}, 193 {"user", Name}]}), 194 json_helpers:ok(Domain). 195 196delete_role(Domain, [User, Role], [Uid, Sid], Arg) -> 197 delete_role(Domain, [User, Role, ""], [Uid, Sid], Arg); 198delete_role(Domain, [{id, User}, {role, Role}, Location], [Uid, Sid], _Arg) -> 199 {ok, true} = uce_presence:assert(Domain, Uid, Sid), 200 {ok, true} = uce_access:assert(Domain, Uid, Location, "user.role", "delete", [{"user", User}, 201 {"role", Role}]), 202 {ok, updated} = uce_user:delete_role(Domain, User, {Role, Location}), 203 {ok, _} = uce_event:add(Domain, 204 #uce_event{id=none, 205 from=Uid, 206 location=Location, 207 type="internal.user.role.delete", 208 metadata=[{"role", Role}, 209 {"user", User}]}), 210 json_helpers:ok(Domain).