Project

General

Profile

Download (1.57 KB) Statistics
| Branch: | Tag: | Revision:

foreman/app/models/concerns/authorization.rb @ 3484613f

module Authorization
def self.included(base)
base.class_eval do
before_save :enforce_edit_permissions
before_destroy :enforce_destroy_permissions
before_create :enforce_create_permissions
end
end

# We must enforce the security model
def enforce_edit_permissions
enforce_permissions("edit") if enforce?
end

def enforce_destroy_permissions
enforce_permissions("destroy") if enforce?
end

def enforce_create_permissions
enforce_permissions("create") if enforce?
end

def enforce_permissions operation
# We get called again with the operation being set to create
return true if operation == "edit" and new_record?

klass = self.class.name.downcase
klasses = self.class.name.tableize
klasses.gsub!(/auth_source.*/, "authenticators")
klasses.gsub!(/common_parameters.*/, "global_variables")
klasses.gsub!(/lookup_key.*/, "external_variables")
klasses.gsub!(/lookup_value.*/, "external_variables")
return true if User.current and User.current.allowed_to?("#{operation}_#{klasses}".to_sym)

errors.add :base, _("You do not have permission to %{operation} this %{klass}") % { :operation => operation, :klass => klass }
@permission_failed = operation
false
end

# @return false or name of failed operation
def permission_failed?
return false unless @permission_failed
@permission_failed
end

private
def enforce?
return false if (User.current and User.current.admin?)
return true if defined?(Rake) and Rails.env == "test"
return false if defined?(Rake)
true
end
end
(1-1/6)