Close #684. Return the permissions when listing a db user

src/api/http/api.go

@@ -607,8 +607,10 @@ type ApiUser struct {
 }
 
 type UserDetail struct {
-	Name    string `json:"name"`
-	IsAdmin bool   `json:"isAdmin"`
+	Name     string `json:"name"`
+	IsAdmin  bool   `json:"isAdmin"`
+	WriteTo  string `json:"writeTo"`
+	ReadFrom string `json:"readFrom"`
 }
 
 type ContinuousQuery struct {
@@ -772,7 +774,7 @@ func (self *HttpServer) listDbUsers(w libhttp.ResponseWriter, r *libhttp.Request
 
 		users := make([]*UserDetail, 0, len(dbUsers))
 		for _, dbUser := range dbUsers {
-			users = append(users, &UserDetail{dbUser.GetName(), dbUser.IsDbAdmin(db)})
+			users = append(users, &UserDetail{dbUser.GetName(), dbUser.IsDbAdmin(db), dbUser.GetWritePermission(), dbUser.GetReadPermission()})
 		}
 		return libhttp.StatusOK, users
 	})
@@ -788,7 +790,7 @@ func (self *HttpServer) showDbUser(w libhttp.ResponseWriter, r *libhttp.Request)
 			return errorToStatusCode(err), err.Error()
 		}
 
-		userDetail := &UserDetail{user.GetName(), user.IsDbAdmin(db)}
+		userDetail := &UserDetail{user.GetName(), user.IsDbAdmin(db), user.GetWritePermission(), user.GetReadPermission()}
 
 		return libhttp.StatusOK, userDetail
 	})

src/api/http/api_test.go

@@ -802,7 +802,7 @@ func (self *ApiSuite) TestDbUsersIndex(c *C) {
 	err = json.Unmarshal(body, &users)
 	c.Assert(err, IsNil)
 	c.Assert(users, HasLen, 1)
-	c.Assert(users[0], DeepEquals, &UserDetail{"db_user1", false})
+	c.Assert(users[0], DeepEquals, &UserDetail{"db_user1", false, ".*", ".*"})
 }
 
 func (self *ApiSuite) TestPrettyDbUsersIndex(c *C) {
@@ -831,7 +831,7 @@ func (self *ApiSuite) TestDbUserShow(c *C) {
 	userDetail := &UserDetail{}
 	err = json.Unmarshal(body, &userDetail)
 	c.Assert(err, IsNil)
-	c.Assert(userDetail, DeepEquals, &UserDetail{"db_user1", false})
+	c.Assert(userDetail, DeepEquals, &UserDetail{"db_user1", false, ".*", ".*"})
 }
 
 func (self *ApiSuite) TestDatabasesIndex(c *C) {

src/api/http/mock_user_manager_test.go

@@ -41,10 +41,18 @@ func (self MockDbUser) HasWriteAccess(_ string) bool {
 	return true
 }
 
+func (self MockDbUser) GetWritePermission() string {
+	return ".*"
+}
+
 func (self MockDbUser) HasReadAccess(_ string) bool {
 	return true
 }
 
+func (self MockDbUser) GetReadPermission() string {
+	return ".*"
+}
+
 type MockUserManager struct {
 	UserManager
 	dbUsers       map[string]map[string]MockDbUser

src/cluster/user.go

@@ -96,10 +96,18 @@ func (self *ClusterAdmin) HasWriteAccess(_ string) bool {
 	return true
 }
 
+func (self *ClusterAdmin) GetWritePermission() string {
+	return ".*"
+}
+
 func (self *ClusterAdmin) HasReadAccess(_ string) bool {
 	return true
 }
 
+func (self *ClusterAdmin) GetReadPermission() string {
+	return ".*"
+}
+
 type DbUser struct {
 	CommonUser `json:"common"`
 	Db         string     `json:"db"`
@@ -122,6 +130,14 @@ func (self *DbUser) HasWriteAccess(name string) bool {
 	return false
 }
 
+func (self *DbUser) GetWritePermission() string {
+	if len(self.WriteTo) > 0 {
+		matcher := self.WriteTo[0]
+		return matcher.Name
+	}
+	return ""
+}
+
 func (self *DbUser) HasReadAccess(name string) bool {
 	for _, matcher := range self.ReadFrom {
 		if matcher.Matches(name) {
@@ -132,6 +148,14 @@ func (self *DbUser) HasReadAccess(name string) bool {
 	return false
 }
 
+func (self *DbUser) GetReadPermission() string {
+	if len(self.ReadFrom) > 0 {
+		matcher := self.ReadFrom[0]
+		return matcher.Name
+	}
+	return ""
+}
+
 func (self *DbUser) GetDb() string {
 	return self.Db
 }

src/common/user.go

@@ -7,5 +7,7 @@ type User interface {
 	IsDbAdmin(db string) bool
 	GetDb() string
 	HasWriteAccess(name string) bool
+	GetWritePermission() string
 	HasReadAccess(name string) bool
+	GetReadPermission() string
 }

src/integration/single_server_test.go

@@ -211,10 +211,24 @@ func (self *SingleServerSuite) TestSingleServerHostnameChange(c *C) {
 func (self *SingleServerSuite) TestUserWritePermissions(c *C) {
 	rootUser := self.server.GetClient("", c)
 
+	verifyPermissions := func(db string, name string, readFrom string, writeTo string) {
+		users, _ := rootUser.GetDatabaseUserList(db)
+		matched := false
+		for _, user := range users {
+			if user["name"] == name {
+				c.Assert(user["readFrom"], DeepEquals, readFrom)
+				c.Assert(user["writeTo"], DeepEquals, writeTo)
+				matched = true
+			}
+		}
+		c.Assert(matched, Equals, true)
+	}
+
 	// create two users one that can only read and one that can only write. both can access test_should_read
 	// series only
 	/* c.Assert(rootUser.CreateDatabase("db1"), IsNil) */
 	c.Assert(rootUser.CreateDatabaseUser("db1", "limited_user", "pass", "^$", "^$"), IsNil)
+	verifyPermissions("db1", "limited_user", "^$", "^$")
 
 	config := &influxdb.ClientConfig{
 		Username: "limited_user",
@@ -251,6 +265,7 @@ func (self *SingleServerSuite) TestUserWritePermissions(c *C) {
 	content := self.server.RunQueryAsRoot("select * from test_should_write", "m", c)
 	c.Assert(content, HasLen, 0)
 	rootUser.ChangeDatabaseUser("db1", "limited_user", "pass", false, "^$", "test_should_write")
+	verifyPermissions("db1", "limited_user", "^$", "test_should_write")
 	// write the data to test the write permissions
 	c.Assert(user.WriteSeries(series), IsNil)
 	self.server.WaitForServerToSync()
@@ -263,6 +278,7 @@ func (self *SingleServerSuite) TestUserWritePermissions(c *C) {
 	content = self.server.RunQueryAsRoot("select * from test_should_not_write", "m", c)
 	c.Assert(content, HasLen, 0)
 	rootUser.ChangeDatabaseUser("db1", "limited_user", "pass", false, "^$", "test_.*")
+	verifyPermissions("db1", "limited_user", "^$", "test_.*")
 	c.Assert(user.WriteSeries(invalidSeries), IsNil)
 	self.server.WaitForServerToSync()
 	content = self.server.RunQueryAsRoot("select * from test_should_not_write", "m", c)