Project

General

Profile

« Previous | Next » 

Revision 3321c2e6

Added by Shira Maximov about 4 years ago

Refs #28568 - removing external_variables permissions

View differences:

app/controllers/concerns/api/v2/lookup_keys_common_controller.rb
before_action :find_smart_class_parameters, :if => :smart_class_parameter_id?
before_action :find_smart_class_parameter, :if => :smart_class_parameter_id?
before_action :find_smart_variables, :if => :smart_variable_id?
before_action :find_smart_variable, :if => :smart_variable_id?
before_action :find_smarts
before_action :find_smart
......
end
end
def find_smart_variable
id = params.key?('smart_variable_id') ? params['smart_variable_id'] : params['id']
@smart_variable = VariableLookupKey.authorized(:view_external_variables).smart_variables.find_by_id(id.to_i) if id.to_i > 0
@smart_variable ||= begin
puppet_cond = { :puppetclass_id => @puppetclass.id } if @puppetclass
VariableLookupKey.authorized(:view_external_variables).smart_variables.where(puppet_cond).find_by_key(id.to_s)
end
@smart_variable
end
def find_smart_variables
@smart_variables = smart_variables_resource_scope.search_for(*search_options).paginate(paginate_options)
end
def smart_variables_resource_scope
return VariableLookupKey.authorized(:view_external_variables).smart_variables unless (@puppetclass || @host || @hostgroup)
puppetclass_ids = @puppetclass.id if @puppetclass
puppetclass_ids ||= @hostgroup.all_puppetclasses.map(&:id) if @hostgroup
puppetclass_ids ||= @host.all_puppetclasses.map(&:id) if @host
VariableLookupKey.authorized(:view_external_variables).global_parameters_for_class(puppetclass_ids)
end
def find_smart_class_parameter
id = params.key?('smart_class_parameter_id') ? params['smart_class_parameter_id'] : params['id']
@smart_class_parameter = PuppetclassLookupKey.authorized(:view_external_parameters).smart_class_parameters.find_by_id(id.to_i) if id.to_i > 0
app/models/lookup_keys/variable_lookup_key.rb
scoped_search :relation => :puppetclass, :on => :name, :complete_value => true, :rename => :puppetclass
def editable_by_user?
VariableLookupKey.authorized(:edit_external_variables).where(:id => id).exists?
VariableLookupKey.where(:id => id).exists?
end
def self.title_name
test/fixtures/filterings.yml
manager_3_4:
filter: manager_3
permission: import_environments
manager_4_0:
filter: manager_4
permission: view_external_variables
manager_4_1:
filter: manager_4
permission: create_external_variables
manager_4_2:
filter: manager_4
permission: edit_external_variables
manager_4_3:
filter: manager_4
permission: destroy_external_variables
manager_5_0:
filter: manager_5
permission: view_domains
......
viewer_6_0:
filter: viewer_6
permission: view_environments
viewer_7_0:
filter: viewer_7
permission: view_external_variables
viewer_8_0:
filter: viewer_8
permission: view_facts
test/fixtures/filters.yml
role_id: 1
manager_3:
role_id: 1
manager_4:
role_id: 1
manager_5:
role_id: 1
manager_6:
......
role_id: 5
viewer_6:
role_id: 5
viewer_7:
role_id: 5
viewer_8:
role_id: 5
viewer_9:
test/fixtures/permissions.yml
resource_type: Environment
created_at: "2013-12-04 08:41:04.656654"
updated_at: "2013-12-04 08:41:04.656654"
view_external_variables:
name: view_external_variables
resource_type: VariableLookupKey
created_at: "2013-12-04 08:41:04.664806"
updated_at: "2013-12-04 08:41:04.664806"
create_external_variables:
name: create_external_variables
resource_type: VariableLookupKey
created_at: "2013-12-04 08:41:04.673323"
updated_at: "2013-12-04 08:41:04.673323"
edit_external_variables:
name: edit_external_variables
resource_type: VariableLookupKey
created_at: "2013-12-04 08:41:04.681526"
updated_at: "2013-12-04 08:41:04.681526"
destroy_external_variables:
name: destroy_external_variables
resource_type: VariableLookupKey
created_at: "2013-12-04 08:41:04.690155"
updated_at: "2013-12-04 08:41:04.690155"
view_external_parameters:
name: view_external_parameters
resource_type: PuppetclassLookupKey
test/models/lookup_key_test.rb
assert_equal key.hidden_value, key.safe_value
end
test 'external_variables permissions can be filtered' do
filter = FactoryBot.build_stubbed(:filter, :search => 'key ~ a*', :unlimited => '0', :permissions => Permission.where(:name => 'view_external_variables'))
assert filter.valid?
assert_equal 'key ~ a*', filter.search
end
context "when key is a boolean and default_value is a string" do
def setup
@key = FactoryBot.create(:puppetclass_lookup_key, :as_smart_class_param,
test/models/puppetclass_test.rb
assert_equal [], Puppetclass.search_for("host = imaginaryhost.nodomain.what")
end
test "user with create external_variables permission can create smart variable for puppetclass" do
@one = users(:one)
# add permission for user :one
as_admin do
filter1 = FactoryBot.build(:filter)
filter1.permissions = Permission.where(:name => ['create_external_variables'])
filter2 = FactoryBot.build(:filter)
filter2.permissions = Permission.where(:name => ['edit_puppetclasses'])
role = Role.where(:name => "testing_role").first_or_create
role.filters = [ filter1, filter2 ]
role.save!
filter1.role = role
filter1.save!
filter2.role = role
filter2.save!
@one.roles = [ role ]
@one.save!
end
as_user :one do
nested_lookup_key_params = {:new_1372154591368 => {:key => "test_param", :key_type => "string", :default_value => "7777", :path => "fqdn\r\nhostgroup\r\nos\r\ndomain"}}
assert Puppetclass.first.update(:lookup_keys_attributes => nested_lookup_key_params)
end
end
test "create puppetclass with smart variable as nested attribute" do
as_admin do
puppetclass = Puppetclass.new(:name => "PuppetclassWithSmartVariable", :lookup_keys_attributes => {"new_1372154591368" => {:key => 'smart_variable1'}})

Also available in: Unified diff