Add riak_core_security:find_unique_user_by_metadata (#885)

* Add riak_core_security:find_unique_user_by_metadata This functions identically to find_one_user_by_metadata but returns {error, not_unique} if there are multiple users with matching metadata. * Merge branch 'develop' into find-unique-user-by-metadata
basho · Feb 21, 2017 · f79eb14 · f79eb14
1 parent 146de1b
commit f79eb14
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/src/riak_core_security.erl b/src/riak_core_security.erl
@@ -44,6 +44,7 @@
          enable/0,
          find_user/1,
          find_one_user_by_metadata/2,
+         find_unique_user_by_metadata/2,
          find_bucket_grants/2,
          get_ciphers/0,
          get_username/1,
@@ -129,6 +130,24 @@ return_if_user_matches_metadata(Key, Value, {_Username, Options} = User) ->
             {error, not_found}
     end.
 
+-spec find_unique_user_by_metadata(metadata_key(), metadata_value()) ->
+    {Username :: string(), options()} | {error, not_found | not_unique}.
+find_unique_user_by_metadata(Key, Value) ->
+    riak_core_metadata:fold(fun (User, Acc) -> accumulate_matching_user(Key, Value, User, Acc) end,
+                            {error, not_found},
+                            {<<"security">>, <<"users">>},
+                            [{resolver, lww}, {default, []}]).
+
+accumulate_matching_user(Key, Value, {_Username, Options} = User, Acc) ->
+    accumulate_matching_user(lists:member({Key, Value}, Options), User, Acc).
+
+accumulate_matching_user(true, User, {error, not_found}) ->
+    User;
+accumulate_matching_user(true, _User, _Acc) ->
+    throw({break, {error, not_unique}});
+accumulate_matching_user(false, _, Acc) ->
+    Acc.
+
 -spec find_bucket_grants(bucket(), user | group) -> [{RoleName :: string(), [permission()]}].
 find_bucket_grants(Bucket, Type) ->
     Grants = match_grants({'_', Bucket}, Type),

diff --git a/test/riak_core_security_tests.erl b/test/riak_core_security_tests.erl
@@ -41,6 +41,7 @@ security_test_() ->
      [{timeout, 60, { "find_user", fun test_find_user/0 }},
       {timeout, 60, { "test_find_bucket_grants", fun test_find_bucket_grants/0 }},
       {timeout, 60, { "find_one_user_by_metadata", fun test_find_one_user_by_metadata/0 }},
+      {timeout, 60, { "find_unique_user_by_metadata", fun test_find_unique_user_by_metadata/0 }},
       {timeout, 60, { "trust auth works",
                       fun() ->
                               ?assertMatch({error, _}, riak_core_security:authenticate(<<"user">>, <<"password">>,
@@ -276,3 +277,13 @@ test_find_one_user_by_metadata() ->
              riak_core_security:find_one_user_by_metadata("no", "match")).
 
 -endif.
+
+test_find_unique_user_by_metadata() ->
+    ?assertMatch({error, not_found},
+                 riak_core_security:find_unique_user_by_metadata("key", "val")),
+    ok = riak_core_security:add_user("user1", [{"key", "val"}]),
+    ?assertMatch({<<"user1">>, _Options},
+                 riak_core_security:find_unique_user_by_metadata("key", "val")),
+    ok = riak_core_security:add_user("user2", [{"key", "val"}]),
+    ?assertMatch({error, not_unique},
+                 riak_core_security:find_unique_user_by_metadata("key", "val")).