1
// Copyright 2016 Canonical Ltd.
2
// Licensed under the AGPLv3, see LICENCE file for details.
11
"github.com/juju/errors"
12
"github.com/juju/juju/core/description"
13
"gopkg.in/juju/names.v2"
18
const defaultControllerPermission = description.LoginAccess
20
// setAccess changes the user's access permissions on the controller.
21
func (st *State) setControllerAccess(access description.Access, userGlobalKey string) error {
22
if err := access.Validate(); err != nil {
23
return errors.Trace(err)
25
op := updatePermissionOp(controllerGlobalKey, userGlobalKey, access)
26
err := st.runTransaction([]txn.Op{op})
27
if err == txn.ErrAborted {
28
return errors.NotFoundf("existing permissions")
30
return errors.Trace(err)
33
// controllerUser a model userAccessDoc.
34
func (st *State) controllerUser(user names.UserTag) (userAccessDoc, error) {
35
controllerUser := userAccessDoc{}
36
controllerUsers, closer := st.getCollection(controllerUsersC)
39
username := strings.ToLower(user.Canonical())
40
err := controllerUsers.FindId(username).One(&controllerUser)
41
if err == mgo.ErrNotFound {
42
return userAccessDoc{}, errors.NotFoundf("controller user %q", user.Canonical())
44
// DateCreated is inserted as UTC, but read out as local time. So we
45
// convert it back to UTC here.
46
controllerUser.DateCreated = controllerUser.DateCreated.UTC()
47
return controllerUser, nil
50
func createControllerUserOps(controllerUUID string, user, createdBy names.UserTag, displayName string, dateCreated time.Time, access description.Access) []txn.Op {
51
creatorname := createdBy.Canonical()
52
doc := &userAccessDoc{
53
ID: userAccessID(user),
54
ObjectUUID: controllerUUID,
55
UserName: user.Canonical(),
56
DisplayName: displayName,
57
CreatedBy: creatorname,
58
DateCreated: dateCreated,
61
createPermissionOp(controllerGlobalKey, userGlobalKey(userAccessID(user)), access),
64
Id: userAccessID(user),
65
Assert: txn.DocMissing,
72
// RemoveControllerUser removes a user from the database.
73
func (st *State) removeControllerUser(user names.UserTag) error {
75
removePermissionOp(controllerGlobalKey, userGlobalKey(userAccessID(user))),
78
Id: userAccessID(user),
79
Assert: txn.DocExists,
83
err := st.runTransaction(ops)
84
if err == txn.ErrAborted {
85
err = errors.NewNotFound(nil, fmt.Sprintf("controller user %q does not exist", user.Canonical()))
88
return errors.Trace(err)