Sample Code

The PHP SDK now lets you create users, assign them roles and associated privileges, and remove them from the system.

User-Management APIs

Users who have been assigned the Admin role for the cluster are able to create, edit, and remove users. The PHP SDK provides APIs to support these activities. A high-level summary of the APIs can be found in User-Management.

PHP User-Management Example

The following code-example demonstrates how the user-management APIs can be used. It assumes that Couchbase Server is established on localhost; that the Full Administrator username and password are Administrator and password respectively; and that the travel-sample bucket is installed. For information on installing the travel-sample bucket, see 6.0@server:settings:install-sample-buckets.adoc.

Use of the Full Administrator username and password gives an application complete access to all resources within the Couchbase Server-environment: use of the Full Administrator username and password may therefore be useful during code-development. However, for production purposes, the Full Administrator username and password should only be used when absolutely essential: in all other circumstances, the specified username and password should correspond to some lesser role, which appropriately delimits access to server-resources. Creation of such a role, and the establishment of its associated username and password, is demonstrated in the following code-example.
<?php

// Access the cluster that is running on the local host, authenticating with
// the username and password of the Full Administrator. This
// provides all privileges.

$cluster = new \Couchbase\Cluster('couchbase://localhost');

// Make sure that 'default' bucket exists.
echo("Authenticating as administrator.\n");
$cluster->authenticateAs("Administrator", "password");

// Create a user and assign roles.
echo("Upserting new user.\n");
$userSettings = new \Couchbase\UserSettings();
$userSettings
    ->password('cbtestuserpwd')
    // Roles required for the reading of data from the bucket.
    ->role('data_reader', 'travel-sample')
    ->role('query_select', 'travel-sample')
    // Roles required for the writing data into the bucket.
    ->role('data_writer', 'travel-sample')
    ->role('query_insert', 'travel-sample')
    ->role('query_delete', 'travel-sample')
    // Role required for the creation of indexes on the bucket.
    ->role('query_manage_index', 'travel-sample');
$cluster->manager()->upsertUser('cbtestuser', $userSettings);

// List current users.
echo("Listing current users.\n");
$listOfUsers = $cluster->manager()->listUsers();
for ($j = 0; $j < count($listOfUsers); $j++) {
    $currentUser = $listOfUsers[$j];

    echo("\n\nUSER #" . $j .":\n\n");

    if (array_key_exists('name', $currentUser)) {
        echo("User's name is: " . $currentUser['name'] . "\n");
    }
    echo("User's id is: " . $currentUser['id'] . "\n");
    echo("User's domain is: " . $currentUser['domain'] . "\n");

    $currentRoles = $currentUser['roles'];

    for ($i = 0; $i < count($currentRoles); $i++) {
        echo("User has the role: " . $currentRoles[$i]['role'] . ", applicable to bucket " .
             $currentRoles[$i]['bucket_name'] . "\n");
    }
}

// Access the cluster that is running on the local host, specifying
// the username and password already assigned by the administrator
echo("Authenticating as user.\n");
$cluster->authenticateAs("cbtestuser", "cbtestuserpwd");

// Open a known, existing bucket (created by the administrator).
echo("Opening travel-sample bucket as user.\n");
$travelSample = $cluster->openBucket("travel-sample");

// Create a N1QL Primary Index (but ignore if one already exists).
$travelSample->manager()->createN1qlPrimaryIndex('', true, false);

// Read out a known, existing document within the bucket (created
// by the administrator).
echo("Reading out airline_10 document\n");
$returnedAirline10doc = $travelSample->get("airline_10");
echo("Found: \n");
print_r($returnedAirline10doc);

// Create a new document.
echo("Creating new document as user.\n");
$airline11Object = [
    "callsign" => "MILE-AIR",
    "iata" => "Q5",
    "icao" => "MLA",
    "id" => 11,
    "name" => "40-Mile Air",
    "type" => "airline"
];

// Upsert the document to the bucket.
echo("Upserting new document as user.\n");
$travelSample->upsert("airline_11", $airline11Object);

echo("Reading out airline11Document as user.\n");
$returnedAirline11Doc = $travelSample->get("airline_11");
echo("Found: \n");
print_r($returnedAirline11Doc);

// Perform a N1QL Query.
echo("Performing query as user.\n");

$result = $travelSample->query(
    \Couchbase\N1qlQuery::fromString("SELECT * FROM `travel-sample` LIMIT 5")
);

echo("Query-results are:\n");
// Print each row returned by the query.
foreach ($result->rows as $row) {
    print_r($row);
}

// Access the cluster that is running on the local host, authenticating with
// the username and password of the Full Administrator. This
// provides all privileges.
echo("Re-authenticating as administrator.\n");
$cluster->authenticateAs("Administrator", "password");

// Remove known user.
echo("Removing user as administrator.\n");
$userToBeRemoved = "cbtestuser";
try {
    $cluster->manager()->removeUser($userToBeRemoved);
    echo("Deleted user " . $userToBeRemoved . ".\n");
} catch (\Couchbase\Exception $ex) {
    echo("Could not delete user " . $userToBeRemoved . ".\n");
}

API Reference

The API reference is generated for each version. The API reference for version 2.6.0 is at http://docs.couchbase.com/sdk-api/couchbase-php-client-2.6.0/files/couchbase.html