src/cassim.erl - couchdb-cassim - Git at Google

 % Licensed under the Apache License, Version 2.0 (the "License"); you may not
 % use this file except in compliance with the License. You may obtain a copy of
 % the License at
 %
 % http://www.apache.org/licenses/LICENSE-2.0
 %
 % Unless required by applicable law or agreed to in writing, software
 % distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 % WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 % License for the specific language governing permissions and limitations under
 % the License.

 -module(cassim).


 -export([
     is_enabled/0,
     is_active/0,
     metadata_db_exists/0
 ]).

 -export([
     is_server_admin/1,
     verify_is_admin/1,
     verify_is_server_admin/1
 ]).

 -export([
     has_admin_role/1,
     verify_admin_role/1
 ]).

 -export([
     get_security/1,
     get_security/2,
     set_security/2,
     set_security/3
 ]).

 -export([
     migrate_database/1,
     migrate_databases/0
 ]).


 -include_lib("couch/include/couch_db.hrl").


 is_active() ->
     is_enabled() andalso metadata_db_exists().


 is_enabled() ->
     config:get_boolean("cassim", "enable", true).


 metadata_db_exists() ->
     cassim_metadata_cache:metadata_db_exists().


 verify_is_admin(#httpd{}=Req) ->
     chttpd:verify_is_server_admin(Req).


 is_server_admin(#httpd{user_ctx=#user_ctx{roles=Roles}}) ->
     lists:member(server_admin, Roles).


 verify_is_server_admin(#httpd{}=Req) ->
     case is_server_admin(Req) of
         true -> ok;
         false -> throw({unauthorized, <<"You are not a server admin.">>})
     end.


 has_admin_role(#user_ctx{roles=Roles}) ->
     has_admin_role(Roles);
 has_admin_role(Roles) when is_list(Roles) ->
     lists:member(<<"_admin">>, Roles) orelse lists:member(server_admin, Roles).


 verify_admin_role(Obj) ->
     case has_admin_role(Obj) of
         true -> ok;
         false -> throw({unauthorized, <<"You are not a db or server admin.">>})
     end.


 get_security(DbName) ->
     cassim_security:get_security(DbName).


 get_security(DbName, Options) ->
     cassim_security:get_security(DbName, Options).


 set_security(DbName, SecObj) ->
     cassim_security:set_security(DbName, SecObj).


 set_security(DbName, SecObj, Options) ->
     cassim_security:set_security(DbName, SecObj, Options).


 migrate_databases() ->
     {ok, Dbs} = fabric:all_dbs(),
     lists:foldl(
         fun(DbName, Errors) ->
             try
                 MetaId = cassim_metadata_cache:security_meta_id(DbName),
                 case cassim_metadata_cache:fetch_cached_meta(MetaId) of
                     undefined ->
                         ok = migrate_database(DbName);
                     _ ->
                         ok
                 end,
                 Errors
             catch Error:Reason ->
                 [{DbName, Error, Reason} | Errors]
             end
         end,
         [],
         Dbs
     ).


 migrate_database(DbName) ->
     SecProps = fabric:get_security(DbName),
     {ok, _Props} = cassim_security:migrate_security_props(DbName, SecProps),
     ok.
	% Licensed under the Apache License, Version 2.0 (the "License"); you may not
	% use this file except in compliance with the License. You may obtain a copy of
	% the License at
	%
	% http://www.apache.org/licenses/LICENSE-2.0
	%
	% Unless required by applicable law or agreed to in writing, software
	% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	% License for the specific language governing permissions and limitations under
	% the License.

	-module(cassim).


	-export([
	is_enabled/0,
	is_active/0,
	metadata_db_exists/0
	]).

	-export([
	is_server_admin/1,
	verify_is_admin/1,
	verify_is_server_admin/1
	]).

	-export([
	has_admin_role/1,
	verify_admin_role/1
	]).

	-export([
	get_security/1,
	get_security/2,
	set_security/2,
	set_security/3
	]).

	-export([
	migrate_database/1,
	migrate_databases/0
	]).


	-include_lib("couch/include/couch_db.hrl").


	is_active() ->
	is_enabled() andalso metadata_db_exists().


	is_enabled() ->
	config:get_boolean("cassim", "enable", true).


	metadata_db_exists() ->
	cassim_metadata_cache:metadata_db_exists().


	verify_is_admin(#httpd{}=Req) ->
	chttpd:verify_is_server_admin(Req).


	is_server_admin(#httpd{user_ctx=#user_ctx{roles=Roles}}) ->
	lists:member(server_admin, Roles).


	verify_is_server_admin(#httpd{}=Req) ->
	case is_server_admin(Req) of
	true -> ok;
	false -> throw({unauthorized, <<"You are not a server admin.">>})
	end.


	has_admin_role(#user_ctx{roles=Roles}) ->
	has_admin_role(Roles);
	has_admin_role(Roles) when is_list(Roles) ->
	lists:member(<<"_admin">>, Roles) orelse lists:member(server_admin, Roles).


	verify_admin_role(Obj) ->
	case has_admin_role(Obj) of
	true -> ok;
	false -> throw({unauthorized, <<"You are not a db or server admin.">>})
	end.


	get_security(DbName) ->
	cassim_security:get_security(DbName).


	get_security(DbName, Options) ->
	cassim_security:get_security(DbName, Options).


	set_security(DbName, SecObj) ->
	cassim_security:set_security(DbName, SecObj).


	set_security(DbName, SecObj, Options) ->
	cassim_security:set_security(DbName, SecObj, Options).


	migrate_databases() ->
	{ok, Dbs} = fabric:all_dbs(),
	lists:foldl(
	fun(DbName, Errors) ->
	try
	MetaId = cassim_metadata_cache:security_meta_id(DbName),
	case cassim_metadata_cache:fetch_cached_meta(MetaId) of
	undefined ->
	ok = migrate_database(DbName);
	_ ->
	ok
	end,
	Errors
	catch Error:Reason ->
	[{DbName, Error, Reason} \| Errors]
	end
	end,
	[],
	Dbs
	).


	migrate_database(DbName) ->
	SecProps = fabric:get_security(DbName),
	{ok, _Props} = cassim_security:migrate_security_props(DbName, SecProps),
	ok.