Revision 29a52c6c
Added by Marek Hulán about 10 years ago
| db/migrate/20140219183343_migrate_permissions.rb | ||
|---|---|---|
|
# we need permissions to be seeded already
|
||
|
require Rails.root + 'db/seeds.d/20-permissions'
|
||
|
require Rails.root + 'db/seeds.d/11-permissions'
|
||
|
|
||
|
# Fake models to make sure that this migration can be executed even when
|
||
|
# original models changes later (e.g. add validation on columns that are not
|
||
| db/seeds.d/11-permissions.rb | ||
|---|---|---|
|
permissions = [
|
||
|
['Architecture', 'view_architectures'],
|
||
|
['Architecture', 'create_architectures'],
|
||
|
['Architecture', 'edit_architectures'],
|
||
|
['Architecture', 'destroy_architectures'],
|
||
|
['Audit', 'view_audit_logs'],
|
||
|
['AuthSourceLdap', 'view_authenticators'],
|
||
|
['AuthSourceLdap', 'create_authenticators'],
|
||
|
['AuthSourceLdap', 'edit_authenticators'],
|
||
|
['AuthSourceLdap', 'destroy_authenticators'],
|
||
|
['Bookmark', 'view_bookmarks'],
|
||
|
['Bookmark', 'create_bookmarks'],
|
||
|
['Bookmark', 'edit_bookmarks'],
|
||
|
['Bookmark', 'destroy_bookmarks'],
|
||
|
['ComputeProfile', 'view_compute_profiles'],
|
||
|
['ComputeProfile', 'create_compute_profiles'],
|
||
|
['ComputeProfile', 'edit_compute_profiles'],
|
||
|
['ComputeProfile', 'destroy_compute_profiles'],
|
||
|
['ComputeResource', 'view_compute_resources'],
|
||
|
['ComputeResource', 'create_compute_resources'],
|
||
|
['ComputeResource', 'edit_compute_resources'],
|
||
|
['ComputeResource', 'destroy_compute_resources'],
|
||
|
['ComputeResource', 'view_compute_resources_vms'],
|
||
|
['ComputeResource', 'create_compute_resources_vms'],
|
||
|
['ComputeResource', 'edit_compute_resources_vms'],
|
||
|
['ComputeResource', 'destroy_compute_resources_vms'],
|
||
|
['ComputeResource', 'power_compute_resources_vms'],
|
||
|
['ComputeResource', 'console_compute_resources_vms'],
|
||
|
['ConfigTemplate', 'view_templates'],
|
||
|
['ConfigTemplate', 'create_templates'],
|
||
|
['ConfigTemplate', 'edit_templates'],
|
||
|
['ConfigTemplate', 'destroy_templates'],
|
||
|
['ConfigTemplate', 'deploy_templates'],
|
||
|
[nil, 'access_dashboard'],
|
||
|
['Domain', 'view_domains'],
|
||
|
['Domain', 'create_domains'],
|
||
|
['Domain', 'edit_domains'],
|
||
|
['Domain', 'destroy_domains'],
|
||
|
['Environment', 'view_environments'],
|
||
|
['Environment', 'create_environments'],
|
||
|
['Environment', 'edit_environments'],
|
||
|
['Environment', 'destroy_environments'],
|
||
|
['Environment', 'import_environments'],
|
||
|
['LookupKey', 'view_external_variables'],
|
||
|
['LookupKey', 'create_external_variables'],
|
||
|
['LookupKey', 'edit_external_variables'],
|
||
|
['LookupKey', 'destroy_external_variables'],
|
||
|
['FactValue', 'view_facts'],
|
||
|
['FactValue', 'upload_facts'],
|
||
|
['Filter', 'view_filters'],
|
||
|
['Filter', 'create_filters'],
|
||
|
['Filter', 'edit_filters'],
|
||
|
['Filter', 'destroy_filters'],
|
||
|
['CommonParameter', 'view_globals'],
|
||
|
['CommonParameter', 'create_globals'],
|
||
|
['CommonParameter', 'edit_globals'],
|
||
|
['CommonParameter', 'destroy_globals'],
|
||
|
['HostClass', 'edit_classes'],
|
||
|
['Parameter', 'create_params'],
|
||
|
['Parameter', 'edit_params'],
|
||
|
['Parameter', 'destroy_params'],
|
||
|
['Hostgroup', 'view_hostgroups'],
|
||
|
['Hostgroup', 'create_hostgroups'],
|
||
|
['Hostgroup', 'edit_hostgroups'],
|
||
|
['Hostgroup', 'destroy_hostgroups'],
|
||
|
['Host', 'view_hosts'],
|
||
|
['Host', 'create_hosts'],
|
||
|
['Host', 'edit_hosts'],
|
||
|
['Host', 'destroy_hosts'],
|
||
|
['Host', 'build_hosts'],
|
||
|
['Host', 'power_hosts'],
|
||
|
['Host', 'console_hosts'],
|
||
|
['Host', 'ipmi_boot'],
|
||
|
['Host', 'puppetrun_hosts'],
|
||
|
['Image', 'view_images'],
|
||
|
['Image', 'create_images'],
|
||
|
['Image', 'edit_images'],
|
||
|
['Image', 'destroy_images'],
|
||
|
['Location', 'view_locations'],
|
||
|
['Location', 'create_locations'],
|
||
|
['Location', 'edit_locations'],
|
||
|
['Location', 'destroy_locations'],
|
||
|
['Location', 'assign_locations'],
|
||
|
['Medium', 'view_media'],
|
||
|
['Medium', 'create_media'],
|
||
|
['Medium', 'edit_media'],
|
||
|
['Medium', 'destroy_media'],
|
||
|
['Model', 'view_models'],
|
||
|
['Model', 'create_models'],
|
||
|
['Model', 'edit_models'],
|
||
|
['Model', 'destroy_models'],
|
||
|
['Operatingsystem', 'view_operatingsystems'],
|
||
|
['Operatingsystem', 'create_operatingsystems'],
|
||
|
['Operatingsystem', 'edit_operatingsystems'],
|
||
|
['Operatingsystem', 'destroy_operatingsystems'],
|
||
|
['Organization', 'view_organizations'],
|
||
|
['Organization', 'create_organizations'],
|
||
|
['Organization', 'edit_organizations'],
|
||
|
['Organization', 'destroy_organizations'],
|
||
|
['Organization', 'assign_organizations'],
|
||
|
['Ptable', 'view_ptables'],
|
||
|
['Ptable', 'create_ptables'],
|
||
|
['Ptable', 'edit_ptables'],
|
||
|
['Ptable', 'destroy_ptables'],
|
||
|
[nil, 'view_plugins'],
|
||
|
['Puppetclass', 'view_puppetclasses'],
|
||
|
['Puppetclass', 'create_puppetclasses'],
|
||
|
['Puppetclass', 'edit_puppetclasses'],
|
||
|
['Puppetclass', 'destroy_puppetclasses'],
|
||
|
['Puppetclass', 'import_puppetclasses'],
|
||
|
['Realm', 'view_realms'],
|
||
|
['Realm', 'create_realms'],
|
||
|
['Realm', 'edit_realms'],
|
||
|
['Realm', 'destroy_realms'],
|
||
|
['Report', 'view_reports'],
|
||
|
['Report', 'destroy_reports'],
|
||
|
['Report', 'upload_reports'],
|
||
|
['Role', 'view_roles'],
|
||
|
['Role', 'create_roles'],
|
||
|
['Role', 'edit_roles'],
|
||
|
['Role', 'destroy_roles'],
|
||
|
[nil, 'access_settings'],
|
||
|
['SmartProxy', 'view_smart_proxies'],
|
||
|
['SmartProxy', 'create_smart_proxies'],
|
||
|
['SmartProxy', 'edit_smart_proxies'],
|
||
|
['SmartProxy', 'destroy_smart_proxies'],
|
||
|
['SmartProxy', 'view_smart_proxies_autosign'],
|
||
|
['SmartProxy', 'create_smart_proxies_autosign'],
|
||
|
['SmartProxy', 'destroy_smart_proxies_autosign'],
|
||
|
['SmartProxy', 'view_smart_proxies_puppetca'],
|
||
|
['SmartProxy', 'edit_smart_proxies_puppetca'],
|
||
|
['SmartProxy', 'destroy_smart_proxies_puppetca'],
|
||
|
[nil, 'view_statistics'],
|
||
|
['Subnet', 'view_subnets'],
|
||
|
['Subnet', 'create_subnets'],
|
||
|
['Subnet', 'edit_subnets'],
|
||
|
['Subnet', 'destroy_subnets'],
|
||
|
['Subnet', 'import_subnets'],
|
||
|
[nil, 'view_tasks'],
|
||
|
['Trend', 'view_trends'],
|
||
|
['Trend', 'create_trends'],
|
||
|
['Trend', 'edit_trends'],
|
||
|
['Trend', 'destroy_trends'],
|
||
|
['Trend', 'update_trends'],
|
||
|
['Usergroup', 'view_usergroups'],
|
||
|
['Usergroup', 'create_usergroups'],
|
||
|
['Usergroup', 'edit_usergroups'],
|
||
|
['Usergroup', 'destroy_usergroups'],
|
||
|
['User', 'view_users'],
|
||
|
['User', 'create_users'],
|
||
|
['User', 'edit_users'],
|
||
|
['User', 'destroy_users'],
|
||
|
]
|
||
|
permissions.each do |resource, permission|
|
||
|
Permission.find_or_create_by_resource_type_and_name resource, permission
|
||
|
end
|
||
| db/seeds.d/11-roles.rb | ||
|---|---|---|
|
# Roles
|
||
|
default_permissions =
|
||
|
{ 'Manager' => [:view_architectures, :create_architectures, :edit_architectures, :destroy_architectures,
|
||
|
:view_authenticators, :create_authenticators, :edit_authenticators, :destroy_authenticators,
|
||
|
:view_bookmarks, :create_bookmarks, :edit_bookmarks, :destroy_bookmarks,
|
||
|
:view_compute_resources, :create_compute_resources, :edit_compute_resources, :destroy_compute_resources,
|
||
|
:view_compute_resources_vms, :create_compute_resources_vms, :edit_compute_resources_vms, :destroy_compute_resources_vms, :power_compute_resources_vms, :console_compute_resources_vms,
|
||
|
:view_templates, :create_templates, :edit_templates, :destroy_templates, :deploy_templates,
|
||
|
:view_domains, :create_domains, :edit_domains, :destroy_domains,
|
||
|
:view_realms, :create_realms, :edit_realms, :destroy_realms,
|
||
|
:view_environments, :create_environments, :edit_environments, :destroy_environments, :import_environments,
|
||
|
:view_external_variables, :create_external_variables, :edit_external_variables, :destroy_external_variables,
|
||
|
:view_globals, :create_globals, :edit_globals, :destroy_globals,
|
||
|
:view_hostgroups, :create_hostgroups, :edit_hostgroups, :destroy_hostgroups,
|
||
|
:view_hosts, :create_hosts, :edit_hosts, :destroy_hosts, :build_hosts, :power_hosts, :console_hosts, :ipmi_boot, :puppetrun_hosts,
|
||
|
:edit_classes, :create_params, :edit_params, :destroy_params,
|
||
|
:view_images, :create_images, :edit_images, :destroy_images,
|
||
|
:view_locations, :create_locations, :edit_locations, :destroy_locations, :assign_locations,
|
||
|
:view_media, :create_media, :edit_media, :destroy_media,
|
||
|
:view_models, :create_models, :edit_models, :destroy_models,
|
||
|
:view_operatingsystems, :create_operatingsystems, :edit_operatingsystems, :destroy_operatingsystems,
|
||
|
:view_ptables, :create_ptables, :edit_ptables, :destroy_ptables,
|
||
|
:view_puppetclasses, :create_puppetclasses, :edit_puppetclasses, :destroy_puppetclasses, :import_puppetclasses,
|
||
|
:view_smart_proxies, :create_smart_proxies, :edit_smart_proxies, :destroy_smart_proxies,
|
||
|
:view_smart_proxies_autosign, :create_smart_proxies_autosign, :destroy_smart_proxies_autosign,
|
||
|
:view_smart_proxies_puppetca, :edit_smart_proxies_puppetca, :destroy_smart_proxies_puppetca,
|
||
|
:view_subnets, :create_subnets, :edit_subnets, :destroy_subnets, :import_subnets,
|
||
|
:view_organizations, :create_organizations, :edit_organizations, :destroy_organizations, :assign_organizations,
|
||
|
:view_usergroups, :create_usergroups, :edit_usergroups, :destroy_usergroups,
|
||
|
:view_users, :create_users, :edit_users, :destroy_users, :access_settings, :access_dashboard,
|
||
|
:view_reports, :destroy_reports, :upload_reports,
|
||
|
:view_facts, :upload_facts, :view_audit_logs,
|
||
|
:view_statistics, :view_trends, :create_trends, :edit_trends, :destroy_trends, :update_trends,
|
||
|
:view_tasks, :view_plugins],
|
||
|
'Edit partition tables' => [:view_ptables, :create_ptables, :edit_ptables, :destroy_ptables],
|
||
|
'View hosts' => [:view_hosts],
|
||
|
'Edit hosts' => [:view_hosts, :edit_hosts, :create_hosts, :destroy_hosts, :build_hosts],
|
||
|
'Viewer' => [:view_hosts, :view_puppetclasses, :view_hostgroups, :view_domains, :view_operatingsystems,
|
||
|
:view_locations, :view_media, :view_models, :view_environments, :view_architectures,
|
||
|
:view_ptables, :view_globals, :view_external_variables, :view_authenticators,
|
||
|
:access_settings, :access_dashboard, :view_reports, :view_facts, :view_smart_proxies,
|
||
|
:view_subnets, :view_statistics, :view_organizations, :view_usergroups, :view_users,
|
||
|
:view_audit_logs, :view_realms],
|
||
|
'Site manager' => [:view_architectures, :view_audit_logs, :view_authenticators, :access_dashboard,
|
||
|
:view_domains, :view_environments, :import_environments, :view_external_variables,
|
||
|
:create_external_variables, :edit_external_variables, :destroy_external_variables,
|
||
|
:view_facts, :view_globals, :view_hostgroups, :view_hosts, :view_smart_proxies_puppetca,
|
||
|
:view_smart_proxies_autosign, :create_hosts, :edit_hosts, :destroy_hosts,
|
||
|
:build_hosts, :view_media, :create_media, :edit_media, :destroy_media,
|
||
|
:view_models, :view_operatingsystems, :view_ptables, :view_puppetclasses,
|
||
|
:import_puppetclasses, :view_reports, :destroy_reports, :access_settings,
|
||
|
:view_smart_proxies, :edit_smart_proxies, :view_subnets, :edit_subnets,
|
||
|
:view_statistics, :view_usergroups, :create_usergroups, :edit_usergroups,
|
||
|
:destroy_usergroups, :view_users, :edit_users, :view_realms],
|
||
|
}
|
||
|
|
||
|
default_user_permissions = [:view_hosts, :view_puppetclasses, :view_hostgroups, :view_domains,
|
||
|
:view_operatingsystems, :view_media, :view_models, :view_environments,
|
||
|
:view_architectures, :view_ptables, :view_globals, :view_external_variables,
|
||
|
:view_authenticators, :access_settings, :access_dashboard,
|
||
|
:view_reports, :view_subnets, :view_facts, :view_locations,
|
||
|
:view_organizations, :view_statistics, :view_realms]
|
||
|
anonymous_permissions = [:view_hosts, :view_bookmarks, :view_tasks]
|
||
|
|
||
|
Role.without_auditing do
|
||
|
default_permissions.each do |role_name, permission_names|
|
||
|
create_role(role_name, permission_names, 0)
|
||
|
end
|
||
|
create_role('Default user', default_user_permissions, Role::BUILTIN_DEFAULT_USER)
|
||
|
create_role('Anonymous', anonymous_permissions, Role::BUILTIN_ANONYMOUS)
|
||
|
end
|
||
| db/seeds.d/20-permissions.rb | ||
|---|---|---|
|
permissions = [
|
||
|
['Architecture', 'view_architectures'],
|
||
|
['Architecture', 'create_architectures'],
|
||
|
['Architecture', 'edit_architectures'],
|
||
|
['Architecture', 'destroy_architectures'],
|
||
|
['Audit', 'view_audit_logs'],
|
||
|
['AuthSourceLdap', 'view_authenticators'],
|
||
|
['AuthSourceLdap', 'create_authenticators'],
|
||
|
['AuthSourceLdap', 'edit_authenticators'],
|
||
|
['AuthSourceLdap', 'destroy_authenticators'],
|
||
|
['Bookmark', 'view_bookmarks'],
|
||
|
['Bookmark', 'create_bookmarks'],
|
||
|
['Bookmark', 'edit_bookmarks'],
|
||
|
['Bookmark', 'destroy_bookmarks'],
|
||
|
['ComputeProfile', 'view_compute_profiles'],
|
||
|
['ComputeProfile', 'create_compute_profiles'],
|
||
|
['ComputeProfile', 'edit_compute_profiles'],
|
||
|
['ComputeProfile', 'destroy_compute_profiles'],
|
||
|
['ComputeResource', 'view_compute_resources'],
|
||
|
['ComputeResource', 'create_compute_resources'],
|
||
|
['ComputeResource', 'edit_compute_resources'],
|
||
|
['ComputeResource', 'destroy_compute_resources'],
|
||
|
['ComputeResource', 'view_compute_resources_vms'],
|
||
|
['ComputeResource', 'create_compute_resources_vms'],
|
||
|
['ComputeResource', 'edit_compute_resources_vms'],
|
||
|
['ComputeResource', 'destroy_compute_resources_vms'],
|
||
|
['ComputeResource', 'power_compute_resources_vms'],
|
||
|
['ComputeResource', 'console_compute_resources_vms'],
|
||
|
['ConfigTemplate', 'view_templates'],
|
||
|
['ConfigTemplate', 'create_templates'],
|
||
|
['ConfigTemplate', 'edit_templates'],
|
||
|
['ConfigTemplate', 'destroy_templates'],
|
||
|
['ConfigTemplate', 'deploy_templates'],
|
||
|
[nil, 'access_dashboard'],
|
||
|
['Domain', 'view_domains'],
|
||
|
['Domain', 'create_domains'],
|
||
|
['Domain', 'edit_domains'],
|
||
|
['Domain', 'destroy_domains'],
|
||
|
['Environment', 'view_environments'],
|
||
|
['Environment', 'create_environments'],
|
||
|
['Environment', 'edit_environments'],
|
||
|
['Environment', 'destroy_environments'],
|
||
|
['Environment', 'import_environments'],
|
||
|
['LookupKey', 'view_external_variables'],
|
||
|
['LookupKey', 'create_external_variables'],
|
||
|
['LookupKey', 'edit_external_variables'],
|
||
|
['LookupKey', 'destroy_external_variables'],
|
||
|
['FactValue', 'view_facts'],
|
||
|
['FactValue', 'upload_facts'],
|
||
|
['Filter', 'view_filters'],
|
||
|
['Filter', 'create_filters'],
|
||
|
['Filter', 'edit_filters'],
|
||
|
['Filter', 'destroy_filters'],
|
||
|
['CommonParameter', 'view_globals'],
|
||
|
['CommonParameter', 'create_globals'],
|
||
|
['CommonParameter', 'edit_globals'],
|
||
|
['CommonParameter', 'destroy_globals'],
|
||
|
['HostClass', 'edit_classes'],
|
||
|
['Parameter', 'create_params'],
|
||
|
['Parameter', 'edit_params'],
|
||
|
['Parameter', 'destroy_params'],
|
||
|
['Hostgroup', 'view_hostgroups'],
|
||
|
['Hostgroup', 'create_hostgroups'],
|
||
|
['Hostgroup', 'edit_hostgroups'],
|
||
|
['Hostgroup', 'destroy_hostgroups'],
|
||
|
['Host', 'view_hosts'],
|
||
|
['Host', 'create_hosts'],
|
||
|
['Host', 'edit_hosts'],
|
||
|
['Host', 'destroy_hosts'],
|
||
|
['Host', 'build_hosts'],
|
||
|
['Host', 'power_hosts'],
|
||
|
['Host', 'console_hosts'],
|
||
|
['Host', 'ipmi_boot'],
|
||
|
['Host', 'puppetrun_hosts'],
|
||
|
['Image', 'view_images'],
|
||
|
['Image', 'create_images'],
|
||
|
['Image', 'edit_images'],
|
||
|
['Image', 'destroy_images'],
|
||
|
['Location', 'view_locations'],
|
||
|
['Location', 'create_locations'],
|
||
|
['Location', 'edit_locations'],
|
||
|
['Location', 'destroy_locations'],
|
||
|
['Location', 'assign_locations'],
|
||
|
['Medium', 'view_media'],
|
||
|
['Medium', 'create_media'],
|
||
|
['Medium', 'edit_media'],
|
||
|
['Medium', 'destroy_media'],
|
||
|
['Model', 'view_models'],
|
||
|
['Model', 'create_models'],
|
||
|
['Model', 'edit_models'],
|
||
|
['Model', 'destroy_models'],
|
||
|
['Operatingsystem', 'view_operatingsystems'],
|
||
|
['Operatingsystem', 'create_operatingsystems'],
|
||
|
['Operatingsystem', 'edit_operatingsystems'],
|
||
|
['Operatingsystem', 'destroy_operatingsystems'],
|
||
|
['Organization', 'view_organizations'],
|
||
|
['Organization', 'create_organizations'],
|
||
|
['Organization', 'edit_organizations'],
|
||
|
['Organization', 'destroy_organizations'],
|
||
|
['Organization', 'assign_organizations'],
|
||
|
['Ptable', 'view_ptables'],
|
||
|
['Ptable', 'create_ptables'],
|
||
|
['Ptable', 'edit_ptables'],
|
||
|
['Ptable', 'destroy_ptables'],
|
||
|
[nil, 'view_plugins'],
|
||
|
['Puppetclass', 'view_puppetclasses'],
|
||
|
['Puppetclass', 'create_puppetclasses'],
|
||
|
['Puppetclass', 'edit_puppetclasses'],
|
||
|
['Puppetclass', 'destroy_puppetclasses'],
|
||
|
['Puppetclass', 'import_puppetclasses'],
|
||
|
['Realm', 'view_realms'],
|
||
|
['Realm', 'create_realms'],
|
||
|
['Realm', 'edit_realms'],
|
||
|
['Realm', 'destroy_realms'],
|
||
|
['Report', 'view_reports'],
|
||
|
['Report', 'destroy_reports'],
|
||
|
['Report', 'upload_reports'],
|
||
|
['Role', 'view_roles'],
|
||
|
['Role', 'create_roles'],
|
||
|
['Role', 'edit_roles'],
|
||
|
['Role', 'destroy_roles'],
|
||
|
[nil, 'access_settings'],
|
||
|
['SmartProxy', 'view_smart_proxies'],
|
||
|
['SmartProxy', 'create_smart_proxies'],
|
||
|
['SmartProxy', 'edit_smart_proxies'],
|
||
|
['SmartProxy', 'destroy_smart_proxies'],
|
||
|
['SmartProxy', 'view_smart_proxies_autosign'],
|
||
|
['SmartProxy', 'create_smart_proxies_autosign'],
|
||
|
['SmartProxy', 'destroy_smart_proxies_autosign'],
|
||
|
['SmartProxy', 'view_smart_proxies_puppetca'],
|
||
|
['SmartProxy', 'edit_smart_proxies_puppetca'],
|
||
|
['SmartProxy', 'destroy_smart_proxies_puppetca'],
|
||
|
[nil, 'view_statistics'],
|
||
|
['Subnet', 'view_subnets'],
|
||
|
['Subnet', 'create_subnets'],
|
||
|
['Subnet', 'edit_subnets'],
|
||
|
['Subnet', 'destroy_subnets'],
|
||
|
['Subnet', 'import_subnets'],
|
||
|
[nil, 'view_tasks'],
|
||
|
['Trend', 'view_trends'],
|
||
|
['Trend', 'create_trends'],
|
||
|
['Trend', 'edit_trends'],
|
||
|
['Trend', 'destroy_trends'],
|
||
|
['Trend', 'update_trends'],
|
||
|
['Usergroup', 'view_usergroups'],
|
||
|
['Usergroup', 'create_usergroups'],
|
||
|
['Usergroup', 'edit_usergroups'],
|
||
|
['Usergroup', 'destroy_usergroups'],
|
||
|
['User', 'view_users'],
|
||
|
['User', 'create_users'],
|
||
|
['User', 'edit_users'],
|
||
|
['User', 'destroy_users'],
|
||
|
]
|
||
|
permissions.each do |resource, permission|
|
||
|
Permission.find_or_create_by_resource_type_and_name resource, permission
|
||
|
end
|
||
| db/seeds.d/25-roles.rb | ||
|---|---|---|
|
# Roles
|
||
|
default_permissions =
|
||
|
{ 'Manager' => [:view_architectures, :create_architectures, :edit_architectures, :destroy_architectures,
|
||
|
:view_authenticators, :create_authenticators, :edit_authenticators, :destroy_authenticators,
|
||
|
:view_bookmarks, :create_bookmarks, :edit_bookmarks, :destroy_bookmarks,
|
||
|
:view_compute_resources, :create_compute_resources, :edit_compute_resources, :destroy_compute_resources,
|
||
|
:view_compute_resources_vms, :create_compute_resources_vms, :edit_compute_resources_vms, :destroy_compute_resources_vms, :power_compute_resources_vms, :console_compute_resources_vms,
|
||
|
:view_templates, :create_templates, :edit_templates, :destroy_templates, :deploy_templates,
|
||
|
:view_domains, :create_domains, :edit_domains, :destroy_domains,
|
||
|
:view_realms, :create_realms, :edit_realms, :destroy_realms,
|
||
|
:view_environments, :create_environments, :edit_environments, :destroy_environments, :import_environments,
|
||
|
:view_external_variables, :create_external_variables, :edit_external_variables, :destroy_external_variables,
|
||
|
:view_globals, :create_globals, :edit_globals, :destroy_globals,
|
||
|
:view_hostgroups, :create_hostgroups, :edit_hostgroups, :destroy_hostgroups,
|
||
|
:view_hosts, :create_hosts, :edit_hosts, :destroy_hosts, :build_hosts, :power_hosts, :console_hosts, :ipmi_boot, :puppetrun_hosts,
|
||
|
:edit_classes, :create_params, :edit_params, :destroy_params,
|
||
|
:view_images, :create_images, :edit_images, :destroy_images,
|
||
|
:view_locations, :create_locations, :edit_locations, :destroy_locations, :assign_locations,
|
||
|
:view_media, :create_media, :edit_media, :destroy_media,
|
||
|
:view_models, :create_models, :edit_models, :destroy_models,
|
||
|
:view_operatingsystems, :create_operatingsystems, :edit_operatingsystems, :destroy_operatingsystems,
|
||
|
:view_ptables, :create_ptables, :edit_ptables, :destroy_ptables,
|
||
|
:view_puppetclasses, :create_puppetclasses, :edit_puppetclasses, :destroy_puppetclasses, :import_puppetclasses,
|
||
|
:view_smart_proxies, :create_smart_proxies, :edit_smart_proxies, :destroy_smart_proxies,
|
||
|
:view_smart_proxies_autosign, :create_smart_proxies_autosign, :destroy_smart_proxies_autosign,
|
||
|
:view_smart_proxies_puppetca, :edit_smart_proxies_puppetca, :destroy_smart_proxies_puppetca,
|
||
|
:view_subnets, :create_subnets, :edit_subnets, :destroy_subnets, :import_subnets,
|
||
|
:view_organizations, :create_organizations, :edit_organizations, :destroy_organizations, :assign_organizations,
|
||
|
:view_usergroups, :create_usergroups, :edit_usergroups, :destroy_usergroups,
|
||
|
:view_users, :create_users, :edit_users, :destroy_users, :access_settings, :access_dashboard,
|
||
|
:view_reports, :destroy_reports, :upload_reports,
|
||
|
:view_facts, :upload_facts, :view_audit_logs,
|
||
|
:view_statistics, :view_trends, :create_trends, :edit_trends, :destroy_trends, :update_trends,
|
||
|
:view_tasks, :view_plugins],
|
||
|
'Edit partition tables' => [:view_ptables, :create_ptables, :edit_ptables, :destroy_ptables],
|
||
|
'View hosts' => [:view_hosts],
|
||
|
'Edit hosts' => [:view_hosts, :edit_hosts, :create_hosts, :destroy_hosts, :build_hosts],
|
||
|
'Viewer' => [:view_hosts, :view_puppetclasses, :view_hostgroups, :view_domains, :view_operatingsystems,
|
||
|
:view_locations, :view_media, :view_models, :view_environments, :view_architectures,
|
||
|
:view_ptables, :view_globals, :view_external_variables, :view_authenticators,
|
||
|
:access_settings, :access_dashboard, :view_reports, :view_facts, :view_smart_proxies,
|
||
|
:view_subnets, :view_statistics, :view_organizations, :view_usergroups, :view_users,
|
||
|
:view_audit_logs, :view_realms],
|
||
|
'Site manager' => [:view_architectures, :view_audit_logs, :view_authenticators, :access_dashboard,
|
||
|
:view_domains, :view_environments, :import_environments, :view_external_variables,
|
||
|
:create_external_variables, :edit_external_variables, :destroy_external_variables,
|
||
|
:view_facts, :view_globals, :view_hostgroups, :view_hosts, :view_smart_proxies_puppetca,
|
||
|
:view_smart_proxies_autosign, :create_hosts, :edit_hosts, :destroy_hosts,
|
||
|
:build_hosts, :view_media, :create_media, :edit_media, :destroy_media,
|
||
|
:view_models, :view_operatingsystems, :view_ptables, :view_puppetclasses,
|
||
|
:import_puppetclasses, :view_reports, :destroy_reports, :access_settings,
|
||
|
:view_smart_proxies, :edit_smart_proxies, :view_subnets, :edit_subnets,
|
||
|
:view_statistics, :view_usergroups, :create_usergroups, :edit_usergroups,
|
||
|
:destroy_usergroups, :view_users, :edit_users, :view_realms],
|
||
|
}
|
||
|
|
||
|
default_user_permissions = [:view_hosts, :view_puppetclasses, :view_hostgroups, :view_domains,
|
||
|
:view_operatingsystems, :view_media, :view_models, :view_environments,
|
||
|
:view_architectures, :view_ptables, :view_globals, :view_external_variables,
|
||
|
:view_authenticators, :access_settings, :access_dashboard,
|
||
|
:view_reports, :view_subnets, :view_facts, :view_locations,
|
||
|
:view_organizations, :view_statistics, :view_realms]
|
||
|
anonymous_permissions = [:view_hosts, :view_bookmarks, :view_tasks]
|
||
|
|
||
|
Role.without_auditing do
|
||
|
default_permissions.each do |role_name, permission_names|
|
||
|
create_role(role_name, permission_names, 0)
|
||
|
end
|
||
|
create_role('Default user', default_user_permissions, Role::BUILTIN_DEFAULT_USER)
|
||
|
create_role('Anonymous', anonymous_permissions, Role::BUILTIN_ANONYMOUS)
|
||
|
end
|
||
| test/unit/authorizer_test.rb | ||
|---|---|---|
|
def setup
|
||
|
User.current = User.admin
|
||
|
|
||
|
@user_role = FactoryGirl.create(:user_user_role)
|
||
|
@user = @user_role.owner
|
||
|
@role = @user_role.role
|
||
|
@user_role = FactoryGirl.create(:user_user_role)
|
||
|
@user = @user_role.owner
|
||
|
@role = @user_role.role
|
||
|
@permission = FactoryGirl.create(:permission, :host)
|
||
|
end
|
||
|
|
||
|
# limited, unlimited, permission with resource, without resource...
|
||
|
test "#can?(:view_hosts) with unlimited filter" do
|
||
|
permission = Permission.find_by_name('view_hosts')
|
||
|
filter = FactoryGirl.create(:filter, :role => @role, :permissions => [permission])
|
||
|
filter = FactoryGirl.create(:filter, :role => @role, :permissions => [@permission])
|
||
|
auth = Authorizer.new(@user)
|
||
|
|
||
|
assert auth.can?(:view_hosts)
|
||
|
assert auth.can?(@permission.name.to_sym)
|
||
|
refute auth.can?(:view_domains)
|
||
|
end
|
||
|
|
||
|
test "#can?(:view_hosts) with unlimited filter" do
|
||
|
permission = Permission.find_by_name('view_hosts')
|
||
|
filter = FactoryGirl.create(:filter, :on_name_all, :role => @role, :permissions => [permission])
|
||
|
filter = FactoryGirl.create(:filter, :on_name_all, :role => @role, :permissions => [@permission])
|
||
|
auth = Authorizer.new(@user)
|
||
|
|
||
|
assert auth.can?(:view_hosts)
|
||
|
assert auth.can?(@permission.name.to_sym)
|
||
|
refute auth.can?(:view_domains)
|
||
|
end
|
||
|
|
||
|
test "#can?(:view_hosts) on permission without resource" do
|
||
|
permission = Permission.find_by_name('view_hosts')
|
||
|
filter = FactoryGirl.create(:filter, :on_name_all, :role => @role, :permissions => [permission])
|
||
|
filter = FactoryGirl.create(:filter, :on_name_all, :role => @role, :permissions => [@permission])
|
||
|
auth = Authorizer.new(@user)
|
||
|
|
||
|
assert auth.can?(:view_hosts)
|
||
|
assert auth.can?(@permission.name.to_sym)
|
||
|
refute auth.can?(:view_domains)
|
||
|
end
|
||
|
|
||
|
test "#can?(:view_hosts) is limited by particular user" do
|
||
|
permission = Permission.find_by_name('view_hosts')
|
||
|
filter = FactoryGirl.create(:filter, :on_name_all, :role => @role, :permissions => [permission])
|
||
|
filter = FactoryGirl.create(:filter, :on_name_all, :role => @role, :permissions => [@permission])
|
||
|
auth = Authorizer.new(FactoryGirl.create(:user))
|
||
|
|
||
|
refute auth.can?(:view_hosts)
|
||
|
refute auth.can?(@permission.name.to_sym)
|
||
|
end
|
||
|
|
||
|
test "#can?(:view_domains, @host) for unlimited filter" do
|
||
Also available in: Unified diff
Fixes #5391 - Authorizer test should use testing permission
Also change order of seed so admin user can be saved and
existing Anonymous role is assigned.