td-client 0.8.20 → 0.8.21

data/ChangeLog

@@ -1,4 +1,10 @@
 
+== 2012-08-06 version 0.8.21
+
+* Added multiuser features: organizations, users, roles
+* Added access control
+
+
 == 2012-07-23 version 0.8.20
 
 * Implemented Zlib::GzipReader#readpartial for compatibility with ruby 1.8

data/lib/td/client.rb

@@ -285,6 +285,118 @@ class Client
     @api.delete_result(name)
   end
 
+  # => [Organization]
+  def organizations
+    list = @api.list_organizations
+    list.map {|name|
+      Organization.new(self, name)
+    }
+  end
+
+  # => true
+  def create_organization(organization)
+    @api.create_organization(organization)
+  end
+
+  # => true
+  def delete_organization(organization)
+    @api.delete_organization(organization)
+  end
+
+  # => [Role]
+  def roles
+    list = @api.list_roles
+    list.map {|name,org,users|
+      Role.new(self, name, org, users)
+    }
+  end
+
+  # => true
+  def create_role(role, org)
+    @api.create_role(role, org)
+  end
+
+  # => true
+  def delete_role(role)
+    @api.delete_role(role)
+  end
+
+  # => true
+  def grant_role(role, user)
+    @api.grant_role(role, user)
+  end
+
+  # => true
+  def revoke_role(role, user)
+    @api.revoke_role(role, user)
+  end
+
+  # => [User]
+  def users
+    list = @api.list_users
+    list.map {|name,org,roles,email|
+      User.new(self, name, org, roles, email)
+    }
+  end
+
+  # => true
+  def add_user(user, org)
+    @api.add_user(user, org)
+  end
+
+  # => true
+  def remove_user(user)
+    @api.remove_user(user)
+  end
+
+  # => true
+  def change_email(user, email)
+    @api.change_email(user, email)
+  end
+
+  # => [apikey:String]
+  def list_apikeys(user)
+    @api.list_apikeys(user)
+  end
+
+  # => true
+  def add_apikey(user)
+    @api.add_apikey(user)
+  end
+
+  # => true
+  def remove_apikey(user, apikey)
+    @api.remove_apikey(user, apikey)
+  end
+
+  # => true
+  def change_password(user, password)
+    @api.change_password(user, password)
+  end
+
+  # => [User]
+  def access_controls
+    list = @api.list_access_controls
+    list.map {|subject,action,scope,grant_option|
+      AccessControl.new(self, subject, action, scope, grant_option)
+    }
+  end
+
+  # => true
+  def grant_access_control(subject, action, scope, grant_option)
+    @api.grant_access_control(subject, action, scope, grant_option)
+  end
+
+  # => true
+  def revoke_access_control(subject, action, scope)
+    @api.revoke_access_control(subject, action, scope)
+  end
+
+  # => true
+  def test_access_control(user, action, scope)
+    @api.test_access_control(user, action, scope)
+  end
+
   # => [AggregationSchema]
   def aggregation_schemas
     list = @api.list_aggregation_schema

data/lib/td/client/api.rb

@@ -852,6 +852,101 @@ class API
   end
 
 
+  ####
+  ## Organization API
+  ##
+
+  # => [name:String]
+  def list_organizations
+    code, body, res = get("/v3/organization/list")
+    if code != "200"
+      raise_error("List aggregation schema failed", res)
+    end
+    js = checked_json(body, %w[organizations])
+    result = js["organizations"].map {|orginfo|
+      name = orginfo['name'].to_s
+      name
+    }
+    return result
+  end
+
+  # => true
+  def create_organization(org)
+    code, body, res = post("/v3/organization/create/#{e org}")
+    if code != "200"
+      raise_error("Creating organization failed", res)
+    end
+    return true
+  end
+
+  # => true
+  def delete_organization(org)
+    code, body, res = post("/v3/organization/delete/#{e org}")
+    if code != "200"
+      raise_error("Deleting organization failed", res)
+    end
+    return true
+  end
+
+
+  ####
+  ## Role API
+  ##
+
+  # => [[name:String,organization:String,[user:String]]]
+  def list_roles
+    code, body, res = get("/v3/role/list")
+    if code != "200"
+      raise_error("List roles failed", res)
+    end
+    js = checked_json(body, %w[roles])
+    result = js["roles"].map {|roleinfo|
+      name = roleinfo['name']
+      organization = roleinfo['organization']
+      users = roleinfo['users']
+      [name, organization, users]
+    }
+    return result
+  end
+
+  # => true
+  def create_role(role, org)
+    params = {'organization'=>org}
+    code, body, res = post("/v3/role/create/#{e role}", params)
+    if code != "200"
+      raise_error("Creating role failed", res)
+    end
+    return true
+  end
+
+  # => true
+  def delete_role(role)
+    code, body, res = post("/v3/role/delete/#{e role}")
+    if code != "200"
+      raise_error("Creating role failed", res)
+    end
+    return true
+  end
+
+  # => true
+  def grant_role(role, user)
+    code, body, res = post("/v3/role/grant/#{e role}/#{e user}")
+    if code != "200"
+      raise_error("Granting role failed", res)
+    end
+    return true
+  end
+
+  # => true
+  def revoke_role(role, user)
+    code, body, res = post("/v3/role/revoke/#{e role}/#{e user}")
+    if code != "200"
+      raise_error("Revoking role failed", res)
+    end
+    return true
+  end
+
+
   ####
   ## User API
   ##
@@ -871,6 +966,150 @@ class API
     return apikey
   end
 
+  # => [[name:String,organization:String,[user:String]]
+  def list_users
+    code, body, res = get("/v3/user/list")
+    if code != "200"
+      raise_error("List aggregation schema failed", res)
+    end
+    js = checked_json(body, %w[users])
+    result = js["users"].map {|roleinfo|
+      name = roleinfo['name']
+      organization = roleinfo['organization']
+      roles = roleinfo['roles']
+      email = roleinfo['email']
+      [name, organization, roles, email]
+    }
+    return result
+  end
+
+  # => true
+  def add_user(user, org)
+    params = {'organization'=>org}
+    code, body, res = post("/v3/user/add/#{e user}", params)
+    if code != "200"
+      raise_error("Adding user failed", res)
+    end
+    return true
+  end
+
+  # => true
+  def remove_user(user)
+    code, body, res = post("/v3/user/remove/#{e user}")
+    if code != "200"
+      raise_error("Removing user failed", res)
+    end
+    return true
+  end
+
+  # => true
+  def change_email(user, email)
+    params = {'email' => email}
+    code, body, res = post("/v3/user/email/change/#{e user}", params)
+    if code != "200"
+      raise_error("Changing email failed", res)
+    end
+    return true
+  end
+
+  # => [apikey:String]
+  def list_apikeys(user)
+    code, body, res = get("/v3/user/apikey/list/#{e user}")
+    if code != "200"
+      raise_error("List API keys failed", res)
+    end
+    js = checked_json(body, %w[apikeys])
+    return js['apikeys']
+  end
+
+  # => true
+  def add_apikey(user)
+    code, body, res = post("/v3/user/apikey/add/#{e user}")
+    if code != "200"
+      raise_error("Adding API key failed", res)
+    end
+    return true
+  end
+
+  # => true
+  def remove_apikey(user, apikey)
+    params = {'apikey' => apikey}
+    code, body, res = post("/v3/user/apikey/remove/#{e user}", params)
+    if code != "200"
+      raise_error("Removing API key failed", res)
+    end
+    return true
+  end
+
+  # => true
+  def change_password(user, password)
+    params = {'password' => password}
+    code, body, res = post("/v3/user/password/change/#{e user}", params)
+    if code != "200"
+      raise_error("Changing password failed", res)
+    end
+    return true
+  end
+
+
+  ####
+  ## Access Control API
+  ##
+
+  def grant_access_control(subject, action, scope, grant_option)
+    params = {'subject'=>subject, 'action'=>action, 'scope'=>scope, 'grant_option'=>grant_option.to_s}
+    code, body, res = post("/v3/acl/grant", params)
+    if code != "200"
+      raise_error("Granting access control failed", res)
+    end
+    return true
+  end
+
+  def revoke_access_control(subject, action, scope)
+    params = {'subject'=>subject, 'action'=>action, 'scope'=>scope}
+    code, body, res = post("/v3/acl/revoke", params)
+    if code != "200"
+      raise_error("Revoking access control failed", res)
+    end
+    return true
+  end
+
+  # [true, [{subject:String,action:String,scope:String}]]
+  def test_access_control(user, action, scope)
+    params = {'user'=>user, 'action'=>action, 'scope'=>scope}
+    code, body, res = get("/v3/acl/test", params)
+    if code != "200"
+      raise_error("Testing access control failed", res)
+    end
+    js = checked_json(body, %w[permission access_controls])
+    perm = js["permission"]
+    acl = js["access_controls"].map {|roleinfo|
+      subject = roleinfo['subject']
+      action = roleinfo['action']
+      scope = roleinfo['scope']
+      [name, action, scope]
+    }
+    return perm, acl
+  end
+
+  # [{subject:String,action:String,scope:String}]
+  def list_access_controls
+    code, body, res = get("/v3/acl/list")
+    if code != "200"
+      raise_error("Listing access control failed", res)
+    end
+    js = checked_json(body, %w[access_controls])
+    acl = js["access_controls"].map {|roleinfo|
+      subject = roleinfo['subject']
+      action = roleinfo['action']
+      scope = roleinfo['scope']
+      grant_option = roleinfo['grant_option']
+      [subject, action, scope, grant_option]
+    }
+    return acl
+  end
+
+
   ####
   ## Server Status API
   ##
@@ -886,6 +1125,7 @@ class API
     return status
   end
 
+
   private
   def get(url, params=nil, &block)
     http, header = new_http

data/lib/td/client/model.rb

@@ -376,6 +376,54 @@ class BulkImport < Model
 end
 
 
+class Organization < Model
+  def initialize(client, name)
+    super(client)
+    @name = name
+  end
+
+  attr_reader :client, :name
+end
+
+
+class Role < Model
+  def initialize(client, name, org_name, user_names)
+    super(client)
+    @name = name
+    @org_name = org_name
+    @user_names = user_names
+  end
+
+  attr_reader :client, :name, :org_name, :user_names
+end
+
+
+class User < Model
+  def initialize(client, name, org_name, role_names, email)
+    super(client)
+    @name = name
+    @org_name = org_name
+    @role_names = role_names
+    @email = email
+  end
+
+  attr_reader :client, :name, :org_name, :role_names, :email
+end
+
+
+class AccessControl < Model
+  def initialize(client, subject, action, scope, grant_option)
+    super(client)
+    @subject = subject
+    @action = action
+    @scope = scope
+    @grant_option = grant_option
+  end
+
+  attr_reader :subject, :action, :scope, :grant_option
+end
+
+
 class AggregationSchema < Model
   def initialize(client, name, relation_key, logs=nil, attributes=nil, timezone=nil)
     super(client)

data/lib/td/client/version.rb

@@ -1,5 +1,5 @@
 module TreasureData
 
-VERSION = '0.8.20'
+VERSION = '0.8.21'
 
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: td-client
 version: !ruby/object:Gem::Version
-  version: 0.8.20
+  version: 0.8.21
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-07-24 00:00:00.000000000 Z
+date: 2012-08-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: msgpack