foreman/app/models/concerns/authorization.rb @ 355bce36
9fd7478e | Paul Kelly | module Authorization
|
|
dc457681 | Joseph Mitchell Magen | extend ActiveSupport::Concern
|
|
included do
|
|||
before_save :enforce_edit_permissions
|
|||
before_destroy :enforce_destroy_permissions
|
|||
before_create :enforce_create_permissions
|
|||
9fd7478e | Paul Kelly | end
|
|
# We must enforce the security model
|
|||
def enforce_edit_permissions
|
|||
enforce_permissions("edit") if enforce?
|
|||
end
|
|||
def enforce_destroy_permissions
|
|||
enforce_permissions("destroy") if enforce?
|
|||
end
|
|||
def enforce_create_permissions
|
|||
enforce_permissions("create") if enforce?
|
|||
end
|
|||
def enforce_permissions operation
|
|||
# We get called again with the operation being set to create
|
|||
return true if operation == "edit" and new_record?
|
|||
klass = self.class.name.downcase
|
|||
6c492cce | Joseph Mitchell Magen | klasses = self.class.name.tableize
|
|
355bce36 | Ohad Levy | #TODO: Extract all fo the specific implementations into each individual class
|
|
6c492cce | Joseph Mitchell Magen | klasses.gsub!(/auth_source.*/, "authenticators")
|
|
klasses.gsub!(/common_parameters.*/, "global_variables")
|
|||
ff2677e3 | Joseph Mitchell Magen | klasses.gsub!(/lookup_key.*/, "external_variables")
|
|
klasses.gsub!(/lookup_value.*/, "external_variables")
|
|||
355bce36 | Ohad Levy | # editing own user is a special case
|
|
if User.current
|
|||
action = if klass == 'user'
|
|||
{ :controller => 'users', :action => operation }
|
|||
else
|
|||
"#{operation}_#{klasses}".to_sym
|
|||
end
|
|||
return true if User.current.allowed_to?(action)
|
|||
end
|
|||
9fd7478e | Paul Kelly | ||
bfbf7ed8 | Lukas Zapletal | errors.add :base, _("You do not have permission to %{operation} this %{klass}") % { :operation => operation, :klass => klass }
|
|
b2b47290 | Petr Chalupa | @permission_failed = operation
|
|
9fd7478e | Paul Kelly | false
|
|
end
|
|||
b2b47290 | Petr Chalupa | # @return false or name of failed operation
|
|
def permission_failed?
|
|||
return false unless @permission_failed
|
|||
@permission_failed
|
|||
end
|
|||
9fd7478e | Paul Kelly | private
|
|
def enforce?
|
|||
2d9308eb | Paul Kelly | return false if (User.current and User.current.admin?)
|
|
return true if defined?(Rake) and Rails.env == "test"
|
|||
return false if defined?(Rake)
|
|||
true
|
|||
9fd7478e | Paul Kelly | end
|
|
end
|