cloudant 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 617903591a37ae1748f18b5eae04fa09b888e1c9
-  data.tar.gz: f63d86f9d26940307786fcd17cb4bdf55c0c3ac5
+  metadata.gz: 323e21dbdef047f55e8659ab87b86849773f33bd
+  data.tar.gz: de9591fe10e75a28b093a6650ab3e82f2c6c854f
 SHA512:
-  metadata.gz: 24f9c643c868ec3cbc735640bc226b8ff92e5325bad4093c7c71b05743faa5f6be9100533841890fe7ddc9244b9261d90b322b015d69b1c2385bffae32edc844
-  data.tar.gz: d73ed0447c65737c12f60c0793edc85eff2c77185e917196c126be47ba3b23a6b8203092b6512ef35dd7d8fc94e6189eac129a9234c1b772c98b63f31c349694
+  metadata.gz: d7965e9c118e21a7dc576b6bdee230ef47503b76fe434eb9b90068f8c9aa00bb756fbc6828874a5c507ade1ca86f276852a00aebf990c105f55248b7c4dc8857
+  data.tar.gz: 8306676a225c5d36ffff93a7c230d80f78f2425fe2e1f2de80c09908b3c7aa7aec32459f0dd33714827e1ee2c3814f64392b35ad77d21a876b5fa753f1b4a8ec

data/README.md

@@ -75,7 +75,9 @@ response = client.create(doc)
 # Find a single document by id
 doc_id = response['id']
 client.doc(doc_id)
-
+# Options can also be passed along with the id (View Cloudant docs for a full list)
+client.doc(doc_id, :revs => true))
+    
 # Update a single document (requires an existing doc's id and current rev)
 new_doc = {'id'=>'1', 'rev'=>'1-bf74a68c2105f3d9d0245fc836ca9f3', 'field_two'=>'more content'}
 client.update(new_doc)
@@ -146,10 +148,24 @@ client.view(database,view_to_query, :reduce => false, :include_docs => true)
 # => {"total_rows"=>2, "offset"=>0, "rows"=>[{"id"=>"5d8e6c99198dfdde8accd8e019ba052", "key"=>"5d8e6c99198dfdde8accd8e019ba052", "value"=>1, "doc"=>{"_id"=>"5d8e6c99198dfdde8accd8e019ba052", "_rev"=>"1-7ebdb5b82e1cc4eaf2e27a711e9857c6", "a"=>10, "b"=>92, "c"=>31}}, {"id"=>"5d8e6c99898dcdd08accd8e019badab", "key"=>"5d8e6c99898dcdd0daccd8e019badab", "value"=>1, "doc"=>{"_id"=>"5d8e6c99898dcdd8daccd8e019badab", "_rev"=>"1-d36298f4391da575df61e170af2efa34", "b"=>12, "c"=>33}}]}
 ```
 
+**Database Security and Authorization**
+```ruby
+# View permissions for the current user
+client.permissions
+
+# View all users and their permissions for a given database
+client.roles
+
+# Create a new set of API keys
+client.create_api_keys
+
+# Create a new user and assign it one or more permissions
+client.new_user(["reader", "writer"])
+```
+
 ## To Do
 
 - Add database replication functionality - `/_replicator`
-- Allow new user creation - `/_security`
 - Add more robust options handling for various queries (expanding the `QueryBuilder` module, as used in view querying)
     -   Currently, options have to be added to a query string by the user.
 - Add support for `attachments`   

data/lib/cloudant.rb

@@ -5,5 +5,7 @@ require 'rest-client'
 
 require "cloudant/version"
 require "cloudant/query_builder"
+require "cloudant/security"
+require "cloudant/api"
 require "cloudant/client"
 require "cloudant/connection"

data/lib/cloudant/api.rb

@@ -0,0 +1,6 @@
+module Cloudant
+  module API
+    include Cloudant::QueryBuilder
+    include Cloudant::Security
+  end
+end

data/lib/cloudant/client.rb

@@ -1,7 +1,8 @@
 module Cloudant
   class Client
-    attr_reader   :username, :password
+    include Cloudant::API
     attr_accessor :database, :base_uri
+    attr_reader   :username, :password
 
     def initialize(args)
       @username = args[:username]
@@ -16,7 +17,7 @@ module Cloudant
     # Retrieve all docs from the database
     def all_docs(*opts)
       q = "#{database}/_all_docs"
-      q << QueryBuilder.build(opts.first,"all_docs") if opts && opts.any? && opts.first.is_a?(Hash)
+      q << build_query_string(opts.first,"all_docs") if opts && opts.any? && opts.first.is_a?(Hash)
 
       @conn.query({url_path: q, method: :get})
     end
@@ -24,7 +25,7 @@ module Cloudant
     # Accepts a single document id and returns it if found
     def get_doc(id,*opts)
       q = "#{database}/#{id}"
-      q << QueryBuilder.build(opts.first,"doc") if opts && opts.any? && opts.first.is_a?(Hash)
+      q << build_query_string(opts.first,"doc") if opts && opts.any? && opts.first.is_a?(Hash)
 
       @conn.query({url_path: q, method: :get})
     end
@@ -94,7 +95,7 @@ module Cloudant
     # Get a hash {"results" => []}, containing a hash of seq, id, changes
     def changes(*opts)
       q = "#{database}/_changes"
-      q << QueryBuilder.build(opts.first,"changes") if opts && opts.any? && opts.first.is_a?(Hash)
+      q << build_query_string(opts.first,"changes") if opts && opts.any? && opts.first.is_a?(Hash)
 
       @conn.query({url_path: q, method: :get})
     end
@@ -163,7 +164,7 @@ module Cloudant
     # if it has one, or rows containing keys, ids, and values if not.
     def view(ddoc,view,*opts)
       q  = "#{database}/_design/#{ddoc}/_view/#{view}"
-      q << QueryBuilder.build(opts.first,"view") if opts && opts.any? && opts.first.is_a?(Hash)
+      q << build_query_string(opts.first,"view") if opts && opts.any? && opts.first.is_a?(Hash)
 
       @conn.query({url_path: q, method: :get})
     end

data/lib/cloudant/query_builder.rb

@@ -1,36 +1,34 @@
 module Cloudant
   module QueryBuilder
-    class << self
-      # TODO: Add a check to determine if options value is valid for key.
-      # ex: {include_docs: true} is valid, {include_docs: 6} is not.
-      def build(opts,type)
-        query_str = ""
-        fields    = get_fields(type)
+    # TODO: Add a check to determine if options value is valid for key.
+    # ex: {include_docs: true} is valid, {include_docs: 6} is not.
+    def build_query_string(opts,type)
+      query_str = ""
+      fields    = get_fields(type)
 
-        fields.each do |field|
-          key = field
-          val = opts[field].to_s
+      fields.each do |field|
+        key = field
+        val = opts[field].to_s
 
-          current = "#{key}=#{val}"   if val != ""
-          query_str << "&" << current if (query_str != "" && current)
-          query_str << "?" << current if (query_str == "" && current)
-        end
-
-        query_str
+        current = "#{key}=#{val}"   if val != ""
+        query_str << "&" << current if (query_str != "" && current)
+        query_str << "?" << current if (query_str == "" && current)
       end
 
-      # TODO: This will be expanded to calls other than /_view.
-      def get_fields(type)
-        case type
-          when "view"
-            return [:reduce,:include_docs,:descending,:endkey,:endkey_docid,:group,:group_level,:inclusive_end,:key,:keys,:limit,:skip,:stale,:startkey,:startkey_docid]  
-          when "all_docs"
-            return [:include_docs,:descending,:endkey,:conflicts,:inclusive_end,:key,:limit,:skip,:startkey,:keys]  
-          when "changes"
-            return [:include_docs,:descending,:feed,:filter,:heartbeat,:conflicts,:limit,:since,:style,:timeout,:doc_ids]  
-          when "doc"
-            return [:local_seq,:attachments,:att_encoding_info,:atts_since,:conflicts,:deleted_conflicts,:latest,:meta,:open_revs,:rev,:revs,:revs_info]  
-        end
+      query_str
+    end
+
+    # TODO: This will be expanded to calls other than /_view.
+    def get_fields(type)
+      case type
+        when "view"
+          return [:reduce,:include_docs,:descending,:endkey,:endkey_docid,:group,:group_level,:inclusive_end,:key,:keys,:limit,:skip,:stale,:startkey,:startkey_docid]  
+        when "all_docs"
+          return [:include_docs,:descending,:endkey,:conflicts,:inclusive_end,:key,:limit,:skip,:startkey,:keys]  
+        when "changes"
+          return [:include_docs,:descending,:feed,:filter,:heartbeat,:conflicts,:limit,:since,:style,:timeout,:doc_ids]  
+        when "doc"
+          return [:local_seq,:attachments,:att_encoding_info,:atts_since,:conflicts,:deleted_conflicts,:latest,:meta,:open_revs,:rev,:revs,:revs_info]  
       end
     end
   end

data/lib/cloudant/security.rb

@@ -0,0 +1,89 @@
+module Cloudant
+  module Security
+    # The Security Module contains methods to read and modify existing users,
+    # permissions, and credentials. 
+    # The default credentials provided upon account creaton have _admin level
+    # access to all account databases; any subsequent users or API keys created
+    # must have permissions explicitly set.
+    #
+    # View permissions for the current user
+    # Can only be accessed after performing cookie auth
+    def permissions
+      @conn.query({url_path: "_session", method: :get})
+    end
+
+    # View existing user permissions in the database
+    # Returns {"cloudant" => {"key" => ["_permission"]}}
+    def roles
+      @conn.query({url_path: "_api/v2/db/#{database}/_security", method: :get})
+    end
+
+    # Grant or revoke permissions
+    # Accepts a document: {"cloudant" => {"key" => ["_permission"]}} 
+    def update_roles(doc)
+      @conn.query({url_path: "_api/v2/db/#{database}/_security", opts: doc, method: :put})
+    end
+
+    # Returns {"password" => "str", "key" => "str", "ok" => true}
+    def create_api_keys
+      @conn.query({url_path: "_api/v2/api_keys", method: :post})
+    end
+
+    # Methd to create and authorize a new set of credentials.
+    # :new_user accepts and array of either symbols or hashes, corresponding to the roles
+    # available in Cloudant as see in all_roles below.
+    # Returns the credentials and roles {"password" => "str", "key" => "str", "ok" => true, "roles": []}
+    def new_user(user_roles)
+      checked = Security.check_roles(user_roles)
+
+      if checked
+        users = roles
+        keys  = create_api_keys
+
+        existing_users    = users["cloudant"]
+        users["cloudant"] = {} unless existing_users # If no users exist a blank has is returned instead of {"cloudant": {}}
+
+        users["cloudant"][keys["key"]] = checked
+        keys["roles"] = checked
+        
+        update_roles(users)
+      else
+        raise ArgumentError.new('invalid - permitted roles: reader, writer, admin, replicator, db_updates, design, shards, security')
+      end
+
+      keys
+    end
+    
+    # Accepts a string - a key with permissions already existing in the database
+    # If the key isn't found within the database, no changes are made. 
+    def delete_user(user)
+      users    = roles
+      existing = users["cloudant"]
+      
+      existing.delete(user) if existing
+      update_roles(users)
+    end
+
+    # Checks input array to make sure it contains only valid roles.
+    # Any invalid roles will be removed. If there are a mix of valid and invalid
+    # roles in the array, the new user will be created with only the valid roles.
+    # If the input is empty, or no valid roles are present, no user will be created.
+    def self.check_roles(roles)
+      all_roles = ["_reader","_writer","_admin","_replicator","_db_updates","_design","_shards","_security"]
+      validated = []
+
+      if roles && roles.is_a?(Array)
+        roles.each do |role| 
+          role_str = role.to_s
+          role_str = role_str[1..-1] if role_str[0] == "_"
+          role_str = "_#{role_str}" 
+
+          validated <<  role_str if all_roles.include?(role_str)
+        end
+      end
+
+      validated = nil if validated.empty?
+      validated
+    end
+  end
+end

data/lib/cloudant/version.rb

@@ -1,3 +1,3 @@
 module Cloudant
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cloudant
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Alex Yanai
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-10-15 00:00:00.000000000 Z
+date: 2016-10-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -112,9 +112,11 @@ files:
 - bin/setup
 - cloudant.gemspec
 - lib/cloudant.rb
+- lib/cloudant/api.rb
 - lib/cloudant/client.rb
 - lib/cloudant/connection.rb
 - lib/cloudant/query_builder.rb
+- lib/cloudant/security.rb
 - lib/cloudant/version.rb
 homepage: https://github.com/AlexYanai/cloudant
 licenses: