1 <?php
2
3 /**
4 * ArangoDB PHP client: user document handler
5 *
6 * @package triagens\ArangoDb
7 * @author Frank Mayer
8 * @since 1.2
9 */
10
11 namespace triagens\ArangoDb;
12
13 /**
14 * A handler that manages users
15 * .
16 * A user-document handler that fetches vertices from the server and
17 * persists them on the server. It does so by issuing the
18 * appropriate HTTP requests to the server.
19 *
20 * @package triagens\ArangoDb
21 * @since 1.2
22 */
23 class UserHandler extends
24 Handler
25 {
26
27 /**
28 * save a user to the user-collection
29 *
30 * This will save the user to the users collection. It will additionally grant the user permissions
31 * for the current database
32 *
33 * This will throw if the user cannot be saved
34 *
35 * @throws Exception
36 *
37 * @param string $username - The name of the user as a string. This is mandatory.
38 * @param mixed $passwd - The user password as a string. If no password is specified, the empty string will be used.
39 * @param mixed $active - an optional flag that specifies whether the user is active. If not specified, this will default to true.
40 * @param array $extra - an optional array with arbitrary extra data about the user.
41 *
42 * @return boolean - true, if user could be saved
43 * @since 1.2
44 */
45 public function addUser($username, $passwd = null, $active = null, $extra = null)
46 {
47 $userDocument = new User();
48 $userDocument->user = $username;
49 $userDocument->passwd = $passwd;
50 $userDocument->active = $active;
51 $userDocument->extra = $extra;
52 $data = $userDocument->getAll();
53
54 $this->getConnection()->post(Urls::URL_USER, $this->json_encode_wrapper($data));
55
56 try {
57 // additionally set user permissions in the current databases
58 $this->grantPermissions($username, $this->getConnection()->getDatabase());
59 } catch (\Exception $e) {
60 }
61
62 return true;
63 }
64
65 /**
66 * Replace an existing user, identified by its username
67 *
68 * This will replace the user-document on the server
69 *
70 * This will throw if the document cannot be replaced
71 *
72 * @throws Exception
73 *
74 * @param string $username - The name of the user as a string, who's user-data is going to be replaced. This is mandatory.
75 * @param mixed $passwd - The user password as a string. If no password is specified, the empty string will be used.
76 * @param mixed $active - an optional flag that specifies whether the user is active. If not specified, this will default to true.
77 * @param array $extra - an optional array with arbitrary extra data about the user.
78 *
79 * @return bool - always true, will throw if there is an error
80 */
81 public function replaceUser($username, $passwd = null, $active = null, $extra = null)
82 {
83 $userDocument = new User();
84 $userDocument->passwd = $passwd;
85 $userDocument->active = $active;
86 $userDocument->extra = $extra;
87 $data = $userDocument->getAll();
88 $url = UrlHelper::buildUrl(Urls::URL_USER, [$username]);
89 $this->getConnection()->put($url, $this->json_encode_wrapper($data));
90
91 return true;
92 }
93
94
95 /**
96 * Update an existing user, identified by the username
97 *
98 * This will update the user-document on the server
99 *
100 * This will throw if the document cannot be updated
101 *
102 * @throws Exception
103 *
104 * @param string $username - The name of the user as a string, who's user-data is going to be updated. This is mandatory.
105 * @param mixed $passwd - The user password as a string. If no password is specified, the empty string will be used.
106 * @param mixed $active - an optional flag that specifies whether the user is active. If not specified, this will default to true.
107 * @param array $extra - an optional array with arbitrary extra data about the user.
108 *
109 * @return bool - always true, will throw if there is an error
110 */
111 public function updateUser($username, $passwd = null, $active = null, $extra = null)
112 {
113 $userDocument = new User();
114 $userDocument->active = $active;
115 if (null !== $passwd) {
116 $userDocument->passwd = $passwd;
117 }
118 if (null !== $active) {
119 $userDocument->active = $active;
120 }
121 if (null !== $extra) {
122 $userDocument->extra = $extra;
123 }
124
125 $url = UrlHelper::buildUrl(Urls::URL_USER, [$username]);
126 $this->getConnection()->patch($url, $this->json_encode_wrapper($userDocument->getAll()));
127
128 return true;
129 }
130
131
132 /**
133 * Get a single user-document, identified by the username
134 *
135 * This will throw if the document cannot be fetched from the server
136 *
137 * @throws Exception
138 *
139 * @param string $username - username as a string
140 *
141 * @return User - the user-document fetched from the server
142 */
143 public function get($username)
144 {
145 $url = UrlHelper::buildUrl(Urls::URL_USER, [$username]);
146 $response = $this->getConnection()->get($url);
147
148 $data = $response->getJson();
149
150 $options = ['_isNew' => false];
151
152 return User::createFromArray($data, $options);
153 }
154
155
156 /**
157 * Remove a user, identified by the username
158 *
159 * @throws Exception
160 *
161 * @param string $username - username as a string, of the user that is to be deleted
162 *
163 * @return bool - always true, will throw if there is an error
164 */
165 public function removeUser($username)
166 {
167 // This preserves compatibility for the old policy parameter.
168 $params = [];
169
170 $url = UrlHelper::buildUrl(Urls::URL_USER, [$username]);
171 $url = UrlHelper::appendParamsUrl($url, $params);
172 $this->getConnection()->delete($url);
173
174 return true;
175 }
176
177
178 /**
179 * Grant R/W permissions to a user, for a specific database
180 *
181 * @throws Exception
182 *
183 * @param string $username - username as a string
184 * @param string $databaseName - name of database as a string
185 *
186 * @return bool - always true, will throw if there is an error
187 */
188 public function grantPermissions($username, $databaseName)
189 {
190 $data = [
191 'grant' => 'rw'
192 ];
193
194 $url = UrlHelper::buildUrl(Urls::URL_USER, [$username, 'database', $databaseName]);
195 $this->getConnection()->put($url, $this->json_encode_wrapper($data));
196
197 return true;
198 }
199
200 /**
201 * Revoke R/W permissions for a user, for a specific database
202 *
203 * @throws Exception
204 *
205 * @param string $username - username as a string
206 * @param string $databaseName - name of database as a string
207 *
208 * @return bool - always true, will throw if there is an error
209 */
210 public function revokePermissions($username, $databaseName)
211 {
212 $data = [
213 'grant' => 'none'
214 ];
215
216 $url = UrlHelper::buildUrl(Urls::URL_USER, [$username, 'database', $databaseName]);
217 $this->getConnection()->put($url, $this->json_encode_wrapper($data));
218
219 return true;
220 }
221
222
223 /**
224 * Gets the list of databases a user has access to
225 *
226 * @throws Exception
227 *
228 * @param string $username - username as a string
229 *
230 * @return array of database names for the databases the user has access to
231 */
232 public function getDatabases($username)
233 {
234 $url = UrlHelper::buildUrl(Urls::URL_USER, [$username, 'database']);
235 $response = $this->getConnection()->get($url);
236
237 $data = $response->getJson();
238
239 return $data['result'];
240 }
241
242 }
243