Skip to content

Commit

Permalink
finally ready for someone other than me to review :D
Browse files Browse the repository at this point in the history
  • Loading branch information
@dsmith4-godaddy
dsmith4-godaddy committed Oct 31, 2024
1 parent 607456d commit c623fb8
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 194 deletions.
190 changes: 6 additions & 184 deletions src/API/Accounts/AccountsClient.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,88 +13,38 @@ public function getCollaborators(string $accessToken, string $accountId)
return $this->guzzle($this->getBearerTokenMiddleware($accessToken))->get("accounts/{$accountId}/access");
}

public function getCollabRole(string $accessToken, int $accountId, int $collabId, int $appId = 0): int
// this whole function feels super hacky but I don't think there's an API way to get this info
private function getCollabRole(string $accessToken, int $accountId, int $collabId, int $appId = 0): int
{
$r = $this->getCollaborators($accessToken, $accountId);
$collabInfo = json_decode($r->getBody()->getContents(), true);
foreach(@$collabInfo['whoCanAccess'] as $tidbit) {
// print_r($tidbit);
// should this output be validated or similar?
if (($tidbit['appId'] == $appId) && ($tidbit['sourceId'] == $collabId)) {
return $tidbit['role'];
}
}
return 0;
}

public function addCollaboratorToAcct(string $accessToken, string $newAcctEmail, string $newAcctName, int $newAcctRole, int $newAcctId)
public function addCollaboratorToAcct(string $accessToken, string $newAcctEmail, string $newAcctName, int $newAcctId, int $newAcctRole, int $newAppId)
{
return $this->guzzle($this->getBearerTokenMiddleware($accessToken))
->post("accounts/{$newAcctId}/collaborators", ['json' => [
'email' => $newAcctEmail,
'name' => $newAcctName,
'role' => $newAcctRole,
'appId' => 0
'appId' => $newAppId
],
]);
}

public function removeCollaboratorFromAcct(string $accessToken, int $acctId, int $collabId, int $appId = 0) {
// $role = 6; // this is a temp hack, need to actually get user's role somehow
public function removeCollaboratorFromAcct(string $accessToken, int $acctId, int $collabId, int $appId = 0)
{
$role = $this->getCollabRole($accessToken, $acctId, $collabId, $appId);
return $this->guzzle($this->getBearerTokenMiddleware($accessToken))
->delete("accounts/{$acctId}/collaborators/{$collabId}/{$role}/{$appId}");
}

public function removeCollaboratorsForApp(string $accessToken, string $accountId, int $appId)
{
return $this->guzzle($this->getBearerTokenMiddleware($accessToken))
->delete("accounts/{$accountId}/collaborators/apps/{$appId}");
}

// This API is both for removing access from individual apps, as well
// as removing access for whole accounts. fun!
/**
* @param string $accessToken
* @param int|string $targetAccountId
* @param ?int $sourceAccountId
* @param null $role
* @param int $appId
* @return \Psr\Http\Message\ResponseInterface
* @throws \Exception
*/
public function removeAccess(string $accessToken, $targetAccountId, $sourceAccountId = null, $role = null, $appId = 0)
{
if ($sourceAccountId) {
return $this->guzzle($this->getBearerTokenMiddleware($accessToken))
->delete("accounts/{$targetAccountId}/collaborators/{$sourceAccountId}/{$role}/{$appId}");
}

// returned, so at thsi point we know no sourceAccountId was given.

if ($appId) {
return $this->guzzle($this->getBearerTokenMiddleware($accessToken))
->delete("accounts/{$targetAccountId}/collaborators/apps/{$appId}");
}

throw new \Exception('Invalid arguments - must include source & role [& app], or app by itself');
}

public function listSshPublicKeys(
string $accessToken,
string $accountId,
?string $orchestration = null,
) {
return $this->guzzle($this->getBearerTokenMiddleware($accessToken))
->get("accounts/{$accountId}/ssh/keys", [
'json' => array_filter(
compact(
'orchestration',
)
),
]);
}

public function createSshPublicKey(
string $accessToken,
string $accountId,
Expand All @@ -112,132 +62,4 @@ public function createSshPublicKey(
]);
}

public function deleteSshPublicKey(
string $accessToken,
string $accountId,
string $sshKeyId,
?string $orchestration = null,
) {
return $this->guzzle($this->getBearerTokenMiddleware($accessToken))
->delete("accounts/{$accountId}/ssh/keys/{$sshKeyId}", [
'json' => array_filter(compact(
'orchestration',
)),
]);
}

public function createSshUser(
string $accessToken,
string $sshUsername,
string $ownerId,
string $ownerType,
string $sshUserType,
bool $sftpOnly = false,
array $appIds = [],
bool $replace = false,
bool $disabled = false,
bool $generatePassword = false,
?string $password = null,
?\DateTimeInterface $expiry = null
) {
$expiry = $expiry ? $expiry->format(\DateTimeInterface::ATOM) : null;

$nonNullParams = array_filter(compact(
'sshUsername',
'ownerType',
'sshUserType',
'sftpOnly',
'appIds',
'replace',
'disabled',
'generatePassword',
'password',
'expiry',
), function ($value) {
return $value !== null;
});

return $this->guzzle($this->getBearerTokenMiddleware($accessToken))
->post("accounts/{$ownerId}/ssh/user", [
'json' => $nonNullParams,
]);
}

public function getSshUser(
string $accessToken,
string $sshUsername,
) {
return $this->guzzle($this->getBearerTokenMiddleware($accessToken))
->get("accounts/ssh/users/{$sshUsername}");
}

public function updateSshUser(
string $accessToken,
string $ownerId,
#[\SensitiveParameter]
?string $password = null,
?bool $sftpOnly = null,
?bool $disabled = null,
?\DateTimeInterface $expiry = null
) {
$expiry = $expiry ? $expiry->format(\DateTimeInterface::ATOM) : null;

$nonNullParams = array_filter(compact(
'password',
'sftpOnly',
'disabled',
'expiry',
), function ($value) {
return $value !== null;
});

return $this->guzzle($this->getBearerTokenMiddleware($accessToken))
->patch("accounts/{$ownerId}/ssh/user", [
'json' => $nonNullParams,
]);
}

public function createSshApps(
string $accessToken,
string $sshUsername,
array $appIds,
) {
return $this->guzzle($this->getBearerTokenMiddleware($accessToken))
->post('accounts/ssh/apps/create', [
'json' => [
'sshUsername' => $sshUsername,
'appIds' => $appIds,
],
]);
}

public function listApps(
string $accessToken,
string $sshUsername,
) {
return $this->guzzle($this->getBearerTokenMiddleware($accessToken))
->get("accounts/ssh/users/{$sshUsername}/apps");
}

public function deleteSshUser(
string $accessToken,
string $accountId,
) {
return $this->guzzle($this->getBearerTokenMiddleware($accessToken))
->delete("accounts/{$accountId}/ssh/user");
}

public function deleteSshApps(
string $accessToken,
array $appIds,
) {
return $this->guzzle($this->getBearerTokenMiddleware($accessToken))
->post('accounts/ssh/apps', [
'json' => [
'appIds' => $appIds,
],
]);
}


}
56 changes: 48 additions & 8 deletions src/Command/Accounts/AddCollabToAcctCommand.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,33 +26,73 @@ public function __construct(AuthApi $authApi, AccountsClient $apps, $name = 'acc
parent::__construct($name);
}

// TODO the role should probably be an enum with actually useful text values instead of random ints
public function configure()
{
parent::configure();
$this
->setDescription('Add collaborator to account')
->setDescription('Add collaborator to account or app')
->addArgument('email', InputArgument::REQUIRED, 'Email address')
->addArgument('accountId', InputArgument::REQUIRED, 'Account ID')
->addArgument('roleId', InputArgument::REQUIRED, 'Role ID')
->addArgument('name', InputArgument::OPTIONAL, 'Display Name', 0)
->addArgument('roleId', InputArgument::REQUIRED, 'Role')
->addArgument('appId', InputArgument::OPTIONAL, 'App ID (acct-level if omitted)', 0)
->addArgument('displayName', InputArgument::OPTIONAL, 'Display Name', 0)
;
$this->addOauthOptions();
}

public function execute(InputInterface $input, OutputInterface $output): int
{
$newAcctEmail = $input->getArgument('email');
$newAcctName = $input->getArgument('name');
$newAcctName = $input->getArgument('displayName');
if ($newAcctName === 0) { $newAcctName = $input->getArgument('email'); }
$newAcctAppId = $input->getArgument('accountId');
$newAcctRole = $input->getArgument('roleId');
$newAcctId = $input->getArgument('accountId');
$newAcctRole = $this->roleToInt($input->getArgument('roleId'));
if ($newAcctRole === false) {
$output->writeln ("Invalid role, must be one of 'app-only-minimal', 'app-only', 'billing', 'tech', 'sub-admin', 'super-admin', 'owner'");
return Command::FAILURE;
}
$newAppId = $input->getArgument('appId');
$token = $this->token->token;

$r = $this->api->addCollaboratorToAcct($token,
$newAcctEmail, $newAcctName, $newAcctRole, $newAcctAppId);
$newAcctEmail, $newAcctName, $newAcctId, $newAcctRole, $newAppId);
$output->writeln(json_encode(json_decode($r->getBody()->getContents()), JSON_PRETTY_PRINT));

return 0;
}

private function roleToInt(string $role)
{
$role = strtolower($role);
switch($role) {
case "app-only-minimal":
case "apponlyminimal":
case "1":
return 1; break;
case "app-only":
case "apponly":
case "2":
return 2; break;
case "billing":
case "4":
return 4; break;
case "tech":
case "6":
return 6; break;
case "sub-admin":
case "subadmin":
case "8":
return 8; break;
case "super-admin":
case "superadmin":
case "9":
return 9; break;
case "owner":
case "10":
return 10; break;
default:
return false; break;
}
return false;
}
}
4 changes: 2 additions & 2 deletions src/Command/Accounts/RemoveCollabFromAcctCommand.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,10 @@ public function configure()
{
parent::configure();
$this
->setDescription('Remove collaborator from account')
->setDescription('Remove collaborator from account or app')
->addArgument('accountId', InputArgument::REQUIRED, 'Account ID')
->addArgument('collabId', InputArgument::REQUIRED, 'Collab User ID')
->addArgument('appId', InputArgument::OPTIONAL, 'App ID, or 0 for all apps', 0)
->addArgument('appId', InputArgument::OPTIONAL, 'App ID (acct-level if omitted)', 0)
;
$this->addOauthOptions();
}
Expand Down

0 comments on commit c623fb8

Please sign in to comment.