-
Notifications
You must be signed in to change notification settings - Fork 48
/
setup.js
135 lines (126 loc) · 4.64 KB
/
setup.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
/* ****************************************************************************
**
** setup.js
**
** Script for setting up and initializing a Data Mechanics Repository instance
** within MongoDB.
**
** This script will not overwrite any existing user data if setup has already
** been run on a MongoDB instance, but it will add new users if they appear.
** To clean an existing instance, use the 'reset.js' script.
**
** Since the distinct user accounts are only for sanity checking and not
** security, their passwords are not material.
**
** Web: datamechanics.org
** Version: 0.0.3
**
*/
// Load the configuration file.
var config = JSON.parse(cat("config.json"));
// Create role capable of evaluating stored functions.
db = new Mongo().getDB('admin');
db.dropRole("evaluator");
db.createRole({
role: 'evaluator',
privileges: [{resource:{anyResource:true}, actions:['anyAction']}],
roles: []
});
// Create administration account for repository.
db = new Mongo().getDB(config.repo.name);
db.dropUser(config.admin.name);
db.createUser({
user: config.admin.name,
pwd: config.admin.pwd,
roles: [
{role: "evaluator", db:'admin'},
{role: "userAdmin", db: config.repo.name},
{role: "readWrite", db: config.repo.name}
]
});
// Create repository users if they are not already present.
listFiles().forEach(function(f) {
if (f.isDirectory) {
var userName = f.baseName;
if (db.system.users.find({user:userName}).count() > 0) {
print("Found '" + userName + "' user in admin database; not creating a new user.");
} else {
db.dropRole(userName);
db.createRole({
role: userName,
privileges: [],
roles: [{role: "read", db: config.repo.name}]
});
db.dropUser(userName);
db.createUser({
user: userName,
pwd: userName, // Accounts/passwords are for convenience/sanity checks and not security.
roles: [{role: userName, db: config.repo.name}]
});
}
}
});
// Save the custom server-side functions.
var currentUser =
// Return the current user as a string.
(function() {
return db.runCommand({connectionStatus:1}).authInfo.authenticatedUsers[0].user;
});
db.system.js.save({_id:"currentUser", value:currentUser});
var createCreate =
(function() {
// Build the function that creates a new collection and
// grants the user that created it write permissions.
return eval(
"(function(collName, user, pwd) {"
+ " /* By default, use current user. */"
+ " if (user == null)"
+ " user = currentUser();"
+ " if (pwd == null)"
+ " pwd = user;"
+ " /* Validate collection name as <user>.<collection>. */"
+ " if (collName.split('.')[0] != user)"
+ " collName = user + '.' + collName;"
+ " var repo = new Mongo().getDB('" + config.repo.name + "');"
+ " repo.auth('" + config.admin.name + "', '" + config.admin.pwd + "');"
+ " repo.createCollection(collName);"
+ " repo.createCollection(collName + '.metadata');"
+ " repo.runCommand({grantPrivilegesToRole:user,"
+ " privileges: ["
+ " { resource:{db:'" + config.repo.name + "', collection:collName },"
+ " actions:['find','insert','remove','update','createIndex'] },"
+ " { resource:{db:'" + config.repo.name + "', collection:collName + '.metadata' },"
+ " actions:['find','insert','remove','update','createIndex'] }"
+ " ]"
+ " });"
+ " repo.auth(user, pwd);"
+ " return collName;"
+ "})"
); // eval()
});
db.system.js.save({_id:"createCollection", value:createCreate()});
var createDrop =
(function() {
// Build the function that drops a collection.
return eval(
"(function(collName, user, pwd) {"
+ " /* By default, use current user. */"
+ " if (user == null)"
+ " user = currentUser();"
+ " if (pwd == null)"
+ " pwd = user;"
+ " /* Validate collection name as <user>.<collection>. */"
+ " if (collName.split('.')[0] != user)"
+ " collName = user + '.' + collName;"
+ " var repo = new Mongo().getDB('" + config.repo.name + "');"
+ " repo.auth('" + config.admin.name + "', '" + config.admin.pwd + "');"
+ " repo[collName].drop();"
+ " repo[collName + '.metadata'].drop();"
+ " repo.auth(user, pwd);"
+ " return collName;"
+ "})"
); // eval()
});
db.system.js.save({_id:"dropCollection", value:createDrop()});
print('Saved custom functions and scripts to "' + config.repo.name + '".');
/* eof */