You are here

Home » API reference » Apigee Edge 8 » ApigeeEdgeManagementCliService.php » ApigeeEdgeManagementCliService

protected function ApigeeEdgeManagementCliService::setDefaultPermissions in Apigee Edge 8

Set default permissions for a role used for Drupal portal connections.

Parameters

\Symfony\Component\Console\Style\StyleInterface $io: The IO interface of the CLI tool calling the method.

callable $t: The translation function akin to t().

string $org: The Edge org to create the permissions in.

string $email: The email of an Edge user with org admin role to make Edge API calls.

string $password: The password of an Edge user email to make Edge API calls.

string $base_url: The base url of the Edge API.

string $role_name: The role name to add the permissions to.

1 call to ApigeeEdgeManagementCliService::setDefaultPermissions()
ApigeeEdgeManagementCliService::createEdgeRoleForDrupal in src/Command/Util/ApigeeEdgeManagementCliService.php
Create role in Apigee Edge for Drupal to use for Edge connection.

File

src/Command/Util/ApigeeEdgeManagementCliService.php, line 137

Class

ApigeeEdgeManagementCliService
Defines an interface for Edge connection classes.

Namespace

Drupal\apigee_edge\Command\Util

Code

protected function setDefaultPermissions(StyleInterface $io, callable $t, string $org, string $email, string $password, string $base_url, string $role_name) {
  $io
    ->text('Setting permissions on role ' . $role_name . '.');
  $permissions = [
    // GET access by default for all resources.
    '/' => [
      'get',
    ],
    // Read only access to environments for analytics.
    '/environments/' => [
      'get',
    ],
    '/environments/*/stats/*' => [
      'get',
    ],
    // We do not need to update/edit roles, just read them.
    '/userroles' => [
      'get',
    ],
    // No need to create API products, only read and edit.
    '/apiproducts' => [
      'get',
      'put',
    ],
    // Full CRUD for developers.
    '/developers' => [
      'get',
      'put',
      'delete',
    ],
    // Full CRUD for developer's apps.
    '/developers/*/apps' => [
      'get',
      'put',
      'delete',
    ],
    '/developers/*/apps/*' => [
      'get',
      'put',
      'delete',
    ],
    // Full CRUD for companies.
    '/companies' => [
      'get',
      'put',
    ],
    '/companies/*' => [
      'get',
      'put',
      'delete',
    ],
    // Full CRUD for company apps.
    '/companies/*/apps' => [
      'get',
      'put',
    ],
    '/companies/*/apps/*' => [
      'get',
      'put',
      'delete',
    ],
  ];

  // Resource URL for modifying permissions.
  $url = $base_url . '/o/' . $org . '/userroles/' . $role_name . '/permissions';
  try {
    foreach ($permissions as $path => $permission_verbs) {
      $body = json_encode([
        'path' => $path,
        'permissions' => $permission_verbs,
      ]);
      $io
        ->text($path . ' -> ' . implode(',', $permission_verbs));
      $this->httpClient
        ->post($url, [
        'body' => $body,
        'auth' => [
          $email,
          $password,
        ],
        'headers' => [
          'Accept' => 'application/json',
          'Content-Type' => 'application/json',
        ],
      ]);
    }
  } catch (TransferException $exception) {
    $this
      ->handleHttpClientExceptions($exception, $io, $t, $url, $org, $email);
    return;
  }
}