Revision 1a6e0963
Added by Marek Hulán about 10 years ago
app/services/foreman/access_control.rb | ||
---|---|---|
end
|
||
|
||
class Permission
|
||
attr_reader :name, :actions, :security_block
|
||
attr_reader :name, :actions, :security_block, :resource_type, :engine
|
||
|
||
def initialize(name, hash, options)
|
||
@name = name
|
||
... | ... | |
@public = options[:public] || false
|
||
@require = options[:require]
|
||
@security_block = options[:security_block]
|
||
@resource_type = options[:resource_type]
|
||
@engine = options[:engine]
|
||
hash.each do |controller, actions|
|
||
if actions.is_a? Array
|
||
@actions << actions.collect {|action| "#{controller}/#{action}"}
|
app/services/foreman/plugin.rb | ||
---|---|---|
# class to which this permissions is related, rest of options is passed
|
||
# to AccessControl
|
||
def permission(name, hash, options={})
|
||
resource_type = options.delete(:resource_type)
|
||
Permission.first rescue return false
|
||
Permission.find_or_create_by_name_and_resource_type(name, resource_type)
|
||
return false if pending_migrations
|
||
|
||
options[:engine] ||= self.id.to_s
|
||
Permission.find_or_create_by_name_and_resource_type(name, options[:resource_type])
|
||
options.merge!(:security_block => @security_block)
|
||
Foreman::AccessControl.map do |map|
|
||
map.permission name, hash, options
|
||
... | ... | |
|
||
# Add a new role if it doesn't exist
|
||
def role(name, permissions)
|
||
Permission.first rescue return false
|
||
return false if pending_migrations
|
||
|
||
Role.transaction do
|
||
role = Role.find_or_create_by_name(name)
|
||
role.add_permissions!(permissions) if role.permissions.empty?
|
||
end
|
||
end
|
||
|
||
def pending_migrations
|
||
migrations = ActiveRecord::Migrator.new(:up, ActiveRecord::Migrator.migrations_paths).pending_migrations
|
||
migrations.size > 0
|
||
end
|
||
|
||
# List of helper methods allowed for templates in safe mode
|
||
def allowed_template_helpers(*helpers)
|
||
Foreman::Renderer::ALLOWED_HELPERS.concat(helpers)
|
db/migrate/20140219183343_migrate_permissions.rb | ||
---|---|---|
class MigratePermissions < ActiveRecord::Migration
|
||
def self.up
|
||
if old_permissions_present
|
||
make_sure_all_permissions_are_present
|
||
migrate_roles
|
||
migrate_user_filters
|
||
|
||
... | ... | |
end
|
||
end
|
||
|
||
# STEP 0 - add missing permissions to DB
|
||
# some engines could have defined new permissions during their initialization
|
||
# but permissions table hadn't existed yet so we check all registered
|
||
# permissions and create those that are missing in database
|
||
def self.make_sure_all_permissions_are_present
|
||
engine_permissions = Foreman::AccessControl.permissions.select { |p| p.engine.present? }
|
||
engine_permissions.each do |permission|
|
||
FakePermission.find_or_create_by_name_and_resource_type(permission.name, permission.resource_type)
|
||
end
|
||
end
|
||
|
||
# STEP 1 - migrate roles
|
||
# for all role permissions we'll create unlimited filters
|
||
# we'll group permissions into filters by their resource
|
Also available in: Unified diff
Fixes #5689 - Plugin permissions are migrated too