MXS-1354: Add creation of basic/admin users to maxctrl

The type of the created user can now be specified with the --type option.

Expanded tests that cover the user creation. Also added a test case that
checks that basic users are only allowed to read through the REST API.

maxctrl/lib/create.js

@@ -174,6 +174,13 @@ exports.builder = function(yargs) {
                 return doRequest(host, 'services/' + argv.service + '/listeners', null, {method: 'POST', body: listener})
             })
         })
+        .group(['type'], 'Create user options:')
+        .option('type', {
+            describe: 'Type of user to create',
+            type: 'string',
+            default: 'basic',
+            choices: ['admin', 'basic']
+        })
         .command('user <name> <password>', 'Create a new network user', {}, function(argv) {
 
             var user = {
@@ -181,7 +188,8 @@ exports.builder = function(yargs) {
                     'id': argv.name,
                     'type': 'inet',
                     'attributes': {
-                        'password': argv.password
+                        'password': argv.password,
+                        'account': argv.type
                     }
                 }
             }

maxctrl/lib/enable.js

@@ -35,11 +35,21 @@ exports.builder = function(yargs) {
                 })
             }
         })
+        .group(['type'], 'Enable account options:')
+        .option('type', {
+            describe: 'Type of user to create',
+            type: 'string',
+            default: 'basic',
+            choices: ['admin', 'basic']
+        })
         .command('account <name>', 'Activate a Linux user account for administrative use', {}, function(argv) {
             var req_body = {
                 data: {
                     id: argv.name,
-                    type: 'unix'
+                    type: 'unix',
+                    attributes: {
+                        'account': argv.type
+                    }
                 }
             }
             maxctrl(argv, function(host) {

maxctrl/test/createdestroy.js

@@ -131,14 +131,38 @@ describe("Create/Destroy Commands", function() {
     })
 
     it('create user', function() {
-        return verifyCommand('create user testuser test',
-                             'users/inet/testuser')
-            .should.be.fulfilled
+        return verifyCommand('create user testuser test', 'users/inet/testuser')
     })
 
     it('destroy user', function() {
         return doCommand('destroy user testuser')
-            .should.be.fulfilled
+    })
+
+    it('create admin user', function() {
+        return verifyCommand('create user testadmin test --type=admin', 'users/inet/testadmin')
+            .then((res) => {
+                res.data.attributes.account.should.equal('admin')
+            })
+    })
+
+    it('destroy admin user', function() {
+        return doCommand('destroy user testadmin')
+    })
+
+    it('create basic user', function() {
+        return verifyCommand('create user testbasic test --type=basic', 'users/inet/testbasic')
+            .then((res) => {
+                res.data.attributes.account.should.equal('basic')
+            })
+    })
+
+    it('destroy basic user', function() {
+        return doCommand('destroy user testbasic')
+    })
+
+    it('create user with bad type', function() {
+        return doCommand('create user testadmin test --type=superuser')
+            .should.be.rejected
     })
 
     after(stopMaxScale)

server/core/admin.cc

@@ -226,7 +226,7 @@ int handle_client(void *cls,
 {
     if (!do_auth(connection, url, method))
     {
-        return MHD_YES;
+        return MHD_NO;
     }
 
     if (*con_cls == NULL)

server/core/test/rest-api/test/auth.js

@@ -25,7 +25,8 @@ describe("Authentication", function() {
             id: "user1",
             type: "inet",
             attributes: {
-                password: "pw1"
+                password: "pw1",
+                account: "admin"
             }
         }
     }
@@ -35,13 +36,26 @@ describe("Authentication", function() {
             id: "user2",
             type: "inet",
             attributes: {
-                password: "pw2"
+                password: "pw2",
+                account: "admin"
+            }
+        }
+    }
+
+    var user3 = {
+        data: {
+            id: "user3",
+            type: "inet",
+            attributes: {
+                password: "pw3",
+                account: "basic"
             }
         }
     }
 
     var auth1 = "http://" + user1.data.id + ":" + user1.data.attributes.password + "@"
     var auth2 = "http://" + user2.data.id + ":" + user2.data.attributes.password + "@"
+    var auth3 = "http://" + user3.data.id + ":" + user3.data.attributes.password + "@"
 
     it("unauthorized request without authentication", function() {
         return request.get(base_url + "/maxscale")
@@ -88,6 +102,25 @@ describe("Authentication", function() {
             .should.be.fulfilled
     })
 
+    it("create basic user", function() {
+        return request.post(auth2 + host + "/users/inet", { json: user3 })
+            .should.be.fulfilled
+    })
+
+    it("accept read request with basic user", function() {
+        return request.get(auth3 + host + "/servers/server1/")
+            .should.be.fulfilled
+    })
+
+    it("reject write request with basic user", function() {
+        return request.get(auth3 + host + "/servers/server1/")
+            .then(function(res) {
+                var obj = JSON.parse(res)
+                return request.patch(auth3 + host + "/servers/server1/", {json: obj})
+                    .should.be.rejected
+            })
+    })
+
     it("request with wrong user", function() {
         return request.get(auth1 + host + "/maxscale")
             .should.be.rejected

server/core/test/rest-api/test/users.js

@@ -9,6 +9,7 @@ describe("Users", function() {
             id: "user1",
             type: "inet",
             attributes: {
+                account: "admin"
             }
         }
     }