Add riak_core_security:find_bucket_grants

Returns all grants affecting the specified bucket.
basho · Jan 6, 2017 · 0f113b0 · 0f113b0
1 parent cf38c92
commit 0f113b0
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 1 deletion.
diff --git a/src/riak_core_security.erl b/src/riak_core_security.erl
@@ -43,6 +43,7 @@
          disable/0,
          enable/0,
          find_one_user_by_metadata/2,
+         find_bucket_grants/2,
          get_ciphers/0,
          get_username/1,
          is_enabled/0,
@@ -118,6 +119,13 @@ return_if_user_matches_metadata(Key, Value, {_Username, Options} = User) ->
             {error, not_found}
     end.
 
+-spec find_bucket_grants(bucket(), user | group) -> [{RoleName :: string(), [permission()]}].
+find_bucket_grants(Bucket, Type) ->
+    Grants = match_grants({'_', Bucket}, Type),
+    lists:map(fun ({{Role, _Bucket}, Permissions}) ->
+                      {bin2name(Role), Permissions}
+              end, Grants).
+
 prettyprint_users([all], _) ->
     "all";
 prettyprint_users(Users0, Width) ->
@@ -1339,6 +1347,8 @@ role_exists(Rolename, RoleType) ->
 illegal_name_chars(Name) ->
     [Name] =/= string:tokens(Name, ?ILLEGAL).
 
+bin2name(Bin) ->
+    unicode:characters_to_list(Bin, utf8).
 
 %% Rather than introduce yet another dependency to Riak this late in
 %% the 2.0 cycle, we'll live with string:to_lower/1. It will lowercase

diff --git a/test/riak_core_security_tests.erl b/test/riak_core_security_tests.erl
@@ -38,7 +38,7 @@ security_test_() ->
      fun(S) ->
              stop_manager(S)
      end,
-     [
+     [{timeout, 60, { "test_find_bucket_grants", fun test_find_bucket_grants/0 }},
       {timeout, 60, { "find_one_user_by_metadata", fun test_find_one_user_by_metadata/0 }},
       {timeout, 60, { "trust auth works",
                       fun() ->
@@ -245,6 +245,16 @@ security_test_() ->
                      end}}
     ]}.
 
+test_find_bucket_grants() ->
+    ok = riak_core_security:add_user("testuser1", []),
+    ok = riak_core_security:add_user("testuser2", []),
+    ok = riak_core_security:add_grant(["testuser1", "testuser2"], <<"bucket">>, ["riak_kv.get"]),
+    ok = riak_core_security:add_grant(["testuser2"], <<"bucket">>, ["riak_kv.put"]),
+    Grants = riak_core_security:find_bucket_grants(<<"bucket">>, user),
+    ?assertMatch({_, ["riak_kv.get"]}, lists:keyfind("testuser1", 1, Grants)),
+    {_, Perms} = lists:keyfind("testuser2", 1, Grants),
+    ?assertEqual(lists:sort(["riak_kv.get", "riak_kv.put"]), lists:sort(Perms)).
+
 test_find_one_user_by_metadata() ->
     ok = riak_core_security:add_user("paul", [{"key_and_value", "match"}]),
     ?assertMatch({<<"paul">>, _Options},