Project

General

Profile

« Previous | Next » 

Revision acfbc458

Added by Marek Hulán about 10 years ago

fixes #812 - new permissions model, user group role and nest support, role filters for better granularity

Contributions from:

View differences:

.gitignore
coverage/
tags
_build
zeus.json
custom_plan.rb
Gemfile
gem "audited-activerecord", "3.0.0"
gem "will_paginate", "~> 3.0.2"
gem "ancestry", "~> 2.0"
gem 'scoped_search', '>= 2.5'
gem 'scoped_search', '>= 2.6.2'
gem 'net-ldap'
gem 'uuidtools'
gem "apipie-rails", "~> 0.0.23"
gem 'rabl', '>= 0.7.5', '<= 0.9.0'
gem 'oauth'
gem 'deep_cloneable'
gem 'foreigner', '~> 1.4.2'
if RUBY_VERSION =~ /^1\.8/
app/assets/javascripts/filters.js
$(document).ready(function () {
$('#filter_resource_type').change(function () {
$.ajax({
url: $(this).data('url'),
data: {
resource_type: $('#filter_resource_type').val()
},
dataType: "script"
});
});
$('#filter_unlimited').change(function () {
$('#search').prop('disabled', $(this).prop('checked'));
});
});
app/controllers/about_controller.rb
skip_before_filter :authorize, :only => :index
def index
@proxies = SmartProxy.my_proxies.includes(:features)
@compute_resources = ComputeResource.my_compute_resources
@smart_proxies = SmartProxy.authorized(:view_smart_proxies).includes(:features)
@compute_resources = ComputeResource.authorized(:view_compute_resources)
@plugins = Foreman::Plugin.all
end
app/controllers/api/base_controller.rb
@resource_class ||= resource_name.classify.constantize
end
def resource_scope
@resource_scope ||= resource_class.scoped
def resource_scope(controller = controller_name)
@resource_scope ||= begin
scope = resource_class.scoped
if resource_class.respond_to?(:authorized)
scope.authorized("#{action_permission}_#{controller}", resource_class)
else
scope
end
end
end
def api_request?
......
#
# example:
# @host = Host.find_resource params[:id]
def find_resource
def find_resource(controller = controller_name)
resource = resource_identifying_attributes.find do |key|
next if key=='name' and (params[:id] =~ /\A\d+\z/)
method = "find_by_#{key}"
id = key=='id' ? params[:id].to_i : params[:id]
resource_scope.respond_to?(method) and
(resource = resource_scope.send method, id) and
break resource
scope = resource_scope(controller)
if scope.respond_to?(method)
(resource = scope.send method, id) and break resource
end
end
if resource
......
if allowed_nested_id.include?(param)
resource_identifying_attributes.each do |key|
find_method = "find_by_#{key}"
@nested_obj ||= md[1].classify.constantize.send(find_method, params[param])
model = md[1].classify.constantize
controller = "#{md[1].pluralize}_#{controller_name}"
authorized_scope = model.authorized("#{action_permission}_#{controller}")
@nested_obj ||= authorized_scope.send(find_method, params[param])
end
else
# there should be a route error before getting here, but just in case,
......
[]
end
def action_permission
case params[:action]
when 'new', 'create'
'create'
when 'edit', 'update'
'edit'
when 'destroy'
'destroy'
when 'index', 'show', 'status'
'view'
else
raise ::Foreman::Exception.new(N_("unknown permission for %s"), "#{params[:controller]}##{params[:action]}")
end
end
end
end
app/controllers/api/v1/architectures_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@architectures = Architecture.includes(:operatingsystems).
@architectures = Architecture.
authorized(:view_architectures).
includes(:operatingsystems).
search_for(*search_options).paginate(paginate_options)
end
app/controllers/api/v1/audits_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
Audit.unscoped { @audits = Audit.search_for(*search_options).paginate(paginate_options) }
Audit.unscoped { @audits = Audit.authorized(:view_audit_logs).search_for(*search_options).paginate(paginate_options) }
end
api :GET, "/audits/:id/", "Show an audit"
app/controllers/api/v1/common_parameters_controller.rb
module Api
module V1
class CommonParametersController < V1::BaseController
before_filter :find_resource, :only => [:show, :update, :destroy]
before_filter(:only => %w{show update destroy}) { find_resource('globals') }
api :GET, "/common_parameters/", "List all common parameters."
param :search, String, :desc => "filter results"
......
param :per_page, String, :desc => "number of entries per request"
def index
@common_parameters = CommonParameter.search_for(*search_options).paginate(paginate_options)
@common_parameters = CommonParameter.
authorized(:view_globals).
search_for(*search_options).
paginate(paginate_options)
end
api :GET, "/common_parameters/:id/", "Show a common parameter."
app/controllers/api/v1/compute_resources_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@compute_resources = ComputeResource.my_compute_resources.search_for(*search_options).paginate(paginate_options)
@compute_resources = ComputeResource.
authorized(:view_compute_resources).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/compute_resources/:id/", "Show an compute resource."
......
process_response @compute_resource.destroy
end
def resource_scope
resource_class.my_compute_resources
end
end
end
end
app/controllers/api/v1/config_templates_controller.rb
class ConfigTemplatesController < V1::BaseController
include Foreman::Renderer
before_filter :find_resource, :only => [:show, :update, :destroy]
before_filter(:only => %w{show update destroy}) { find_resource('templates') }
before_filter :handle_template_upload, :only => [:create, :update]
before_filter :process_template_kind, :only => [:create, :update]
......
param :per_page, String, :desc => "number of entries per request"
def index
@config_templates = ConfigTemplate.search_for(*search_options).paginate(paginate_options).
@config_templates = ConfigTemplate.
authorized(:view_templates).
search_for(*search_options).paginate(paginate_options).
includes(:operatingsystems, :template_combinations, :template_kind)
end
......
param :version, String, :desc => "template version"
def revision
audit = Audit.find(params[:version])
audit = Audit.authorized(:view_audit_logs).find(params[:version])
render :json => audit.revision.template
end
......
api :GET, "/config_templates/build_pxe_default", "Change the default PXE menu on all configured TFTP servers"
def build_pxe_default
status, msg = ConfigTemplate.build_pxe_default(self)
status, msg = ConfigTemplate.authorized(:deploy_templates).build_pxe_default(self)
render :json => msg, :status => status
end
app/controllers/api/v1/domains_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@domains = Domain.search_for(*search_options).paginate(paginate_options)
@domains = Domain.
authorized(:view_domains).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/domains/:id/", "Show a domain."
app/controllers/api/v1/environments_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@environments = Environment.search_for(*search_options).paginate(paginate_options)
@environments = Environment.
authorized(:view_environments).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/environments/:id/", "Show an environment."
app/controllers/api/v1/fact_values_controller.rb
module Api
module V1
class FactValuesController < V1::BaseController
before_filter :find_resource, :only => %w{show update destroy}
before_filter :setup_search_options, :only => :index
api :GET, "/fact_values/", "List all fact values."
......
param :per_page, String, :desc => "number of entries per request"
def index
values = FactValue.my_facts.no_timestamp_facts.
values = FactValue.
authorized(:view_facts).
my_facts.
no_timestamp_facts.
search_for(*search_options).paginate(paginate_options).
includes(:fact_name, :host)
render :json => FactValue.build_facts_hash(values.all)
app/controllers/api/v1/hostgroups_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@hostgroups = Hostgroup.includes(:hostgroup_classes, :group_parameters).
@hostgroups = Hostgroup.
authorized(:view_hostgroups).
includes(:hostgroup_classes, :group_parameters).
search_for(*search_options).paginate(paginate_options)
end
app/controllers/api/v1/hosts_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@hosts = Host.my_hosts.search_for(*search_options).paginate(paginate_options)
@hosts = Host.
authorized(:view_hosts, Host).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/hosts/:id/", "Show a host."
......
render :json => { :status => @host.host_status }.to_json if @host
end
# we need to limit resources for a current user
def resource_scope
resource_class.my_hosts
end
private
def resource_scope(controller = controller_name)
Host.authorized("#{action_permission}_#{controller}", Host)
end
# this is required for template generation (such as pxelinux) which is not done via a web request
def forward_request_url
@host.request_url = request.host_with_port if @host.respond_to?(:request_url)
app/controllers/api/v1/images_controller.rb
param :compute_resource_id, :identifier, :required => true
def index
@images = @compute_resource.images.search_for(*search_options).paginate(paginate_options)
@images = @compute_resource.
images.
authorized(:view_images).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/compute_resources/:compute_resource_id/images/:id/", "Show an image"
......
private
def find_compute_resource
@compute_resource = ComputeResource.find(params[:compute_resource_id])
@compute_resource = ComputeResource.authorized(:view_compute_resources).find(params[:compute_resource_id])
end
end
app/controllers/api/v1/lookup_keys_controller.rb
module Api
module V1
class LookupKeysController < V1::BaseController
before_filter :find_resource, :only => %w{show update destroy}
before_filter(:only => %w{show update destroy}) { find_resource('external_variables') }
before_filter :setup_search_options, :only => :index
api :GET, "/lookup_keys/", "List all lookup_keys."
......
param :per_page, String, :desc => "number of entries per request"
def index
@lookup_keys = LookupKey.search_for(*search_options).paginate(paginate_options)
@lookup_keys = LookupKey.
authorized(:view_external_variables).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/lookup_keys/:id/", "Show a lookup key."
app/controllers/api/v1/media_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@media = Medium.search_for(*search_options).paginate(paginate_options)
@media = Medium.
authorized(:view_media).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/media/:id/", "Show a medium."
app/controllers/api/v1/models_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@models = Model.search_for(*search_options).paginate(paginate_options)
@models = Model.
authorized(:view_models).
search_for(*search_options).
paginate(paginate_options)
end
api :GET, "/models/:id/", "Show a model."
app/controllers/api/v1/operatingsystems_controller.rb
def index
@operatingsystems = Operatingsystem.
authorized(:view_operatingsystems).
includes(:media, :architectures, :ptables, :config_templates, :os_default_templates).
search_for(*search_options).paginate(paginate_options)
end
......
param :architecture, String
def bootfiles
medium = Medium.find_by_name(params[:medium])
arch = Architecture.find_by_name(params[:architecture])
medium = Medium.authorized(:view_media).find_by_name(params[:medium])
arch = Architecture.authorized(:view_architectures).find_by_name(params[:architecture])
render :json => @operatingsystem.pxe_files(medium, arch)
rescue => e
render :json => e.to_s, :status => :unprocessable_entity
app/controllers/api/v1/ptables_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@ptables = Ptable.search_for(*search_options).paginate(paginate_options)
@ptables = Ptable.
authorized(:view_ptables).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/ptables/:id/", "Show a ptable."
app/controllers/api/v1/puppetclasses_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
values = Puppetclass.search_for(*search_options).paginate(paginate_options).
values = Puppetclass.
authorized(:view_puppetclasses).
search_for(*search_options).paginate(paginate_options).
select([:name, :id]).
includes(:lookup_keys)
render :json => Puppetclass.classes2hash(values.all)
app/controllers/api/v1/reports_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@reports = Report.my_reports.includes(:logs => [:source, :message]).
@reports = Report.
authorized(:view_reports).
my_reports.
includes(:logs => [:source, :message]).
search_for(*search_options).paginate(paginate_options)
end
......
def last
conditions = { :host_id => Host.find_by_name(params[:host_id]).try(:id) } unless params[:host_id].blank?
max_id = Report.my_reports.where(conditions).maximum(:id)
@report = Report.includes(:logs => [:message, :source]).find(max_id)
max_id = Report.authorized(:view_reports).my_reports.where(conditions).maximum(:id)
@report = Report.authorized(:view_reports).includes(:logs => [:message, :source]).find(max_id)
render :show
end
app/controllers/api/v1/smart_proxies_controller.rb
end
private
def action_permission
case params[:action]
when 'refresh'
:edit
else
super
end
end
def proxies_by_type(type)
return SmartProxy.includes(:features).try(type.downcase+"_proxies") if not type.nil?
return SmartProxy.includes(:features).all
return SmartProxy.authorized(:view_smart_proxies).includes(:features).try(type.downcase+"_proxies") if not type.nil?
return SmartProxy.authorized(:view_smart_proxies).includes(:features).all
end
def check_feature_type
app/controllers/api/v1/statistics_controller.rb
api :GET, "/statistics/", "Get statistics"
def index
@os_count = Host.my_hosts.count_distribution :operatingsystem
@arch_count = Host.my_hosts.count_distribution :architecture
@env_count = Host.my_hosts.count_distribution :environment
@klass_count = Host.my_hosts.count_habtm "puppetclass"
@cpu_count = FactValue.my_facts.count_each "processorcount"
@model_count = FactValue.my_facts.count_each "manufacturer"
@mem_size = FactValue.my_facts.mem_average "memorysize"
@mem_free = FactValue.my_facts.mem_average "memoryfree"
@swap_size = FactValue.my_facts.mem_average "swapsize"
@swap_free = FactValue.my_facts.mem_average "swapfree"
@mem_totsize = FactValue.my_facts.mem_sum "memorysize"
@mem_totfree = FactValue.my_facts.mem_sum "memoryfree"
render :json => { :statistics => { :os_count => @os_count, :arch_count => @arch_count,
:env_count => @env_count, :klass_count => @klass_count, :cpu_count => @cpu_count,
:model_count => @model_count, :mem_size => @mem_size, :mem_free => @mem_free, :swap_size => @swap_size,
:swap_free => @swap_free, :mem_totsize => @mem_totsize, :mem_totfree => @mem_totfree } }
@os_count = Host.authorized(:view_hosts).count_distribution :operatingsystem
@arch_count = Host.authorized(:view_hosts).count_distribution :architecture
@env_count = Host.authorized(:view_hosts).count_distribution :environment
@klass_count = Host.authorized(:view_hosts).count_habtm "puppetclass"
@cpu_count = FactValue.authorized(:view_facts).my_facts.count_each "processorcount"
@model_count = FactValue.authorized(:view_facts).my_facts.count_each "manufacturer"
@mem_size = FactValue.authorized(:view_facts).my_facts.mem_average "memorysize"
@mem_free = FactValue.authorized(:view_facts).my_facts.mem_average "memoryfree"
@swap_size = FactValue.authorized(:view_facts).my_facts.mem_average "swapsize"
@swap_free = FactValue.authorized(:view_facts).my_facts.mem_average "swapfree"
@mem_totsize = FactValue.authorized(:view_facts).my_facts.mem_sum "memorysize"
@mem_totfree = FactValue.authorized(:view_facts).my_facts.mem_sum "memoryfree"
render :json => { :os_count => @os_count, :arch_count => @arch_count, :swap_size => @swap_size,
:env_count => @env_count, :klass_count => @klass_count, :cpu_count => @cpu_count,
:model_count => @model_count, :mem_size => @mem_size, :mem_free => @mem_free,
:swap_free => @swap_free, :mem_totsize => @mem_totsize, :mem_totfree => @mem_totfree }
end
end
app/controllers/api/v1/subnets_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@subnets = Subnet.includes(:tftp, :dhcp, :dns).
@subnets = Subnet.
authorized(:view_subnets).
includes(:tftp, :dhcp, :dns).
search_for(*search_options).paginate(paginate_options)
end
app/controllers/api/v1/usergroups_controller.rb
param :order, String, :desc => "sort results"
def index
@usergroups = Usergroup.search_for(*search_options).paginate(paginate_options)
@usergroups = Usergroup.
authorized(:view_usergroups).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/usergroups/:id/", "Show a usergroup."
app/controllers/api/v1/users_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@users = User.search_for(*search_options).paginate(paginate_options)
@users = User.
authorized(:view_users).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/users/:id/", "Show an user."
param :id, String, :required => true
def show
@user
end
api :POST, "/users/", "Create an user."
app/controllers/api/v2/architectures_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@architectures = Architecture.includes(:operatingsystems).
@architectures = Architecture.
authorized(:view_architectures).
includes(:operatingsystems).
search_for(*search_options).paginate(paginate_options)
end
app/controllers/api/v2/audits_controller.rb
module Api
module V2
class AuditsController < V2::BaseController
before_filter :find_resource, :only => %w{show update destroy}
before_filter :find_resource, :only => %w{show}
before_filter(:only => %w{show}) { find_resource('audit_logs') }
before_filter :setup_search_options, :only => :index
api :GET, "/audits/", "List all audits."
......
param :per_page, String, :desc => "number of entries per request"
def index
Audit.unscoped { @audits = Audit.search_for(*search_options).paginate(paginate_options) }
Audit.unscoped { @audits = Audit.authorized(:view_audit_logs).search_for(*search_options).paginate(paginate_options) }
end
api :GET, "/audits/:id/", "Show an audit"
app/controllers/api/v2/common_parameters_controller.rb
module Api
module V2
class CommonParametersController < V2::BaseController
before_filter :find_resource, :only => [:show, :update, :destroy]
before_filter(:only => %w{show update destroy}) { find_resource('globals') }
api :GET, "/common_parameters/", "List all common parameters."
param :search, String, :desc => "filter results"
......
param :per_page, String, :desc => "number of entries per request"
def index
@common_parameters = CommonParameter.search_for(*search_options).paginate(paginate_options)
@common_parameters = CommonParameter.
authorized(:view_globals).
search_for(*search_options).
paginate(paginate_options)
end
api :GET, "/common_parameters/:id/", "Show a common parameter."
app/controllers/api/v2/compute_resources_controller.rb
param_group :compute_resource, :as => :create
def create
@compute_resource = ComputeResource.new_provider(params[:compute_resource])
process_response @compute_resource.save
@compute_resource = ComputeResource.new_provider(params[:compute_resource])
process_response @compute_resource.save
end
......
render :available_storage_domains, :layout => 'api/v2/layouts/index_layout'
end
def resource_scope
ComputeResource.my_compute_resources
private
def action_permission
case params[:action]
when 'available_images', 'available_clusters', 'available_networks', 'available_storage_domains'
:view
else
super
end
end
end
end
app/controllers/api/v2/config_templates_controller.rb
include Api::TaxonomyScope
include Foreman::Renderer
before_filter :find_resource, :only => [:show, :update, :destroy]
before_filter(:only => %w{show update destroy}) { find_resource('templates') }
before_filter :handle_template_upload, :only => [:create, :update]
before_filter :process_template_kind, :only => [:create, :update]
before_filter :process_operatingsystems, :only => [:create, :update]
......
param :per_page, String, :desc => "number of entries per request"
def index
@config_templates = ConfigTemplate.search_for(*search_options).paginate(paginate_options).
@config_templates = ConfigTemplate.
authorized(:view_templates).
search_for(*search_options).paginate(paginate_options).
includes(:operatingsystems, :template_combinations, :template_kind)
end
......
param :version, String, :desc => "template version"
def revision
audit = Audit.find(params[:version])
audit = Audit.authorized(:view_audit_logs).find(params[:version])
render :json => audit.revision.template
end
......
api :GET, "/config_templates/build_pxe_default", "Change the default PXE menu on all configured TFTP servers"
def build_pxe_default
status, msg = ConfigTemplate.build_pxe_default(self)
status, msg = ConfigTemplate.authorized(:deploy_templates).build_pxe_default(self)
render :json => msg, :status => status
end
app/controllers/api/v2/domains_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@domains = Domain.search_for(*search_options).paginate(paginate_options)
@domains = Domain.
authorized(:view_domains).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/domains/:id/", "Show a domain."
app/controllers/api/v2/environments_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@environments = Environment.search_for(*search_options).paginate(paginate_options)
@environments = Environment.
authorized(:view_environments).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/environments/:id/", "Show an environment."
app/controllers/api/v2/fact_values_controller.rb
module Api
module V2
class FactValuesController < V2::BaseController
before_filter :find_resource, :only => %w{show update destroy}
before_filter :setup_search_options, :only => :index
api :GET, "/fact_values/", "List all fact values."
......
@fact_values = FactValue.build_facts_hash(values.all)
end
def resource_scope
FactValue.my_facts.no_timestamp_facts
def resource_scope(controller = controller_name)
FactValue.authorized(:view_facts).my_facts.no_timestamp_facts
end
end
app/controllers/api/v2/filters_controller.rb
module Api
module V2
class FiltersController < V2::BaseController
include Api::Version2
include Api::TaxonomyScope
before_filter :find_role
before_filter :find_resource, :only => %w{show update destroy}
api :GET, "/filters/", "List all filters."
param :search, String, :desc => "filter results", :required => false
param :page, String, :desc => "paginate results"
param :per_page, String, :desc => "number of entries per request"
def index
@filters = resource_scope.search_for(*search_options).paginate(paginate_options)
end
api :GET, "/filters/:id/", "Show a filter."
param :id, :identifier, :required => true
def show
end
def_param_group :filter do
param :filter, Hash, :action_aware => true, :required => true do
param :role_id, String, :required => true
param :search, String
param :permission_ids, Array
param :organization_ids, Array
param :location_ids, Array
end
end
api :POST, "/filters/", "Create a filter."
param_group :filter, :as => :create
def create
@filter = Filter.new(params[:filter])
process_response @filter.save
end
api :PUT, "/filters/:id/", "Update a filter."
param :id, String, :required => true
param_group :filter
def update
process_response @filter.update_attributes(params[:filter])
end
api :DELETE, "/filters/:id/", "Delete a filter."
param :id, String, :required => true
def destroy
process_response @filter.destroy
end
private
def find_role
@role = Role.find_by_id(role_id)
end
def resource_scope(controller = controller_name)
@resource_scope ||= @role.present? ?
@role.filters.authorized("#{action_permission}_#{controller}") :
resource_class.scoped.authorized("#{action_permission}_#{controller}")
end
def role_id
params[:role_id]
end
end
end
end
app/controllers/api/v2/host_classes_controller.rb
api :GET, "/hosts/:host_id/puppetclass_ids/", "List all puppetclass id's for host"
def index
render :json => { root_node_name => HostClass.where(:host_id => host_id).pluck('puppetclass_id') }
render :json => { root_node_name => HostClass.authorized(:edit_classes).where(:host_id => host_id).pluck('puppetclass_id') }
end
api :POST, "/hosts/:host_id/puppetclass_ids", "Add a puppetclass to host"
......
param :id, String, :required => true, :desc => "id of puppetclass"
def destroy
@host_class = HostClass.where(:host_id => host_id, :puppetclass_id => params[:id])
@host_class = HostClass.authorized(:edit_classes).where(:host_id => host_id, :puppetclass_id => params[:id])
process_response @host_class.destroy_all
end
......
if params[:host_id] =~ /^\d+$/
return @host_id = params[:host_id].to_i
else
@host ||= Host::Managed.find_by_name(params[:host_id])
@host ||= Host::Managed.authorized(:view_hosts).find_by_name(params[:host_id])
return @host_id = @host.id if @host
not_found
end
app/controllers/api/v2/hostgroups_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@hostgroups = Hostgroup.includes(:hostgroup_classes, :group_parameters).
@hostgroups = Hostgroup.
authorized(:view_hostgroups).
includes(:hostgroup_classes, :group_parameters).
search_for(*search_options).paginate(paginate_options)
end
app/controllers/api/v2/hosts_controller.rb
include Api::TaxonomyScope
include Foreman::Controller::SmartProxyAuth
before_filter :find_resource, :except => [:index, :create, :facts]
before_filter :find_resource, :except => %w{index create facts}
before_filter :permissions_check, :only => %w{power boot puppetrun}
add_puppetmaster_filters :facts
api :GET, "/hosts/", "List all hosts."
......
render :json => { :status => @host.host_status }.to_json if @host
end
# we need to limit resources for a current user
def resource_scope
Host.my_hosts
end
api :PUT, "/hosts/:id/puppetrun", "Force a puppet run on the agent."
param :id, :identifier_dottable, :required => true
......
private
def resource_scope(controller = controller_name)
Host.authorized("#{action_permission}_#{controller}", Host)
end
def action_permission
case params[:action]
when 'puppetrun'
:puppetrun
when 'power'
:power
when 'boot'
:ipmi_boot
when 'console'
:console
else
super
end
end
# this is required for template generation (such as pxelinux) which is not done via a web request
def forward_request_url
@host.request_url = request.host_with_port if @host.respond_to?(:request_url)
......
raise ::Foreman::Exception.new("A problem occurred when detecting host type: #{e.message}")
end
def permissions_check
permission = "#{params[:action]}_hosts".to_sym
deny_access unless Host.authorized(permission).find(@host.id)
end
end
end
end
app/controllers/api/v2/images_controller.rb
param :compute_resource_id, :identifier, :required => true
def index
@images = @compute_resource.images.search_for(*search_options).paginate(paginate_options)
@total = @compute_resource.images.count
base = @compute_resource.images.authorized(:view_images)
@images = base.search_for(*search_options).paginate(paginate_options)
@total = base.count
end
api :GET, "/compute_resources/:compute_resource_id/images/:id/", "Show an image"
......
private
def find_compute_resource
@compute_resource = ComputeResource.find(params[:compute_resource_id])
@compute_resource = ComputeResource.authorized(:view_compute_resources).find(params[:compute_resource_id])
end
end
app/controllers/api/v2/media_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@media = Medium.search_for(*search_options).paginate(paginate_options)
@media = Medium.
authorized(:view_media).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/media/:id/", "Show a medium."
app/controllers/api/v2/models_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@models = Model.search_for(*search_options).paginate(paginate_options)
@models = Model.
authorized(:view_models).
search_for(*search_options).
paginate(paginate_options)
end
api :GET, "/models/:id/", "Show a model."
app/controllers/api/v2/operatingsystems_controller.rb
def index
@operatingsystems = Operatingsystem.
authorized(:view_operatingsystems).
includes(:media, :architectures, :ptables, :config_templates, :os_default_templates).
search_for(*search_options).paginate(paginate_options)
end
......
param :architecture, String
def bootfiles
medium = Medium.find_by_name(params[:medium])
arch = Architecture.find_by_name(params[:architecture])
medium = Medium.authorized(:view_media).find_by_name(params[:medium])
arch = Architecture.authorized(:view_architectures).find_by_name(params[:architecture])
render :json => @operatingsystem.pxe_files(medium, arch)
rescue => e
render :json => e.to_s, :status => :unprocessable_entity
app/controllers/api/v2/override_values_controller.rb
render 'api/v2/override_values/show'
end
private
def find_override_values
if @smart
@override_values = @smart.lookup_values.paginate(paginate_options)
app/controllers/api/v2/parameters_controller.rb
private
def action_permission
case params[:action]
when 'reset'
:destroy
else
super
end
end
def parameters_method
# hostgroup.rb has a method def parameters, so I didn't create has_many :parameters like Host, Domain, Os
nested_obj.is_a?(Hostgroup) ? :group_parameters : :parameters
app/controllers/api/v2/permissions_controller.rb
module Api
module V2
class PermissionsController < V2::BaseController
before_filter :find_resource, :only => %w{show}
api :GET, "/permissions/", "List all permissions."
param :page, String, :desc => "paginate results"
param :per_page, String, :desc => "number of entries per request"
param :resource_type, String
param :name, String
def index
type = params[:resource_type].blank? ? nil : params[:resource_type]
name = params[:name].blank? ? nil : params[:name]
if type
@permissions = Permission.find_all_by_resource_type(type)
elsif name
@permissions = Permission.find_all_by_name(name)
else
@permissions = Permission.all
end
end
api :GET, "/permissions/:id/", "Show a permission."
param :id, :identifier, :required => true
def show
end
end
end
end
app/controllers/api/v2/ptables_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@ptables = Ptable.search_for(*search_options).paginate(paginate_options)
@ptables = Ptable.
authorized(:view_ptables).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/ptables/:id/", "Show a ptable."
app/controllers/api/v2/puppetclasses_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
values = Puppetclass.search_for(*search_options) unless nested_obj
values = Puppetclass.authorized(:view_puppetclasses).search_for(*search_options) unless nested_obj
values ||= case nested_obj
when Host::Base, Hostgroup
#NOTE: no search_for on array generated by all_puppetclasses
app/controllers/api/v2/reports_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@reports = Report.my_reports.includes(:logs => [:source, :message]).
@reports = Report.
authorized(:view_reports).
my_reports.
includes(:logs => [:source, :message]).
search_for(*search_options).paginate(paginate_options)
@total = Report.my_reports.count
end
......
def last
conditions = { :host_id => Host.find_by_name(params[:host_id]).try(:id) } unless params[:host_id].blank?
max_id = Report.my_reports.where(conditions).maximum(:id)
@report = Report.includes(:logs => [:message, :source]).find(max_id)
max_id = Report.authorized(:view_reports).my_reports.where(conditions).maximum(:id)
@report = Report.authorized(:view_reports).includes(:logs => [:message, :source]).find(max_id)
render :show
end
app/controllers/api/v2/roles_controller.rb
module Api
module V2
class RolesController < V2::BaseController
before_filter :require_admin
before_filter :find_resource, :only => %w{show update destroy}
api :GET, "/roles/", "List all roles."
app/controllers/api/v2/smart_proxies_controller.rb
private
def proxies_by_type(type = nil)
return SmartProxy.includes(:features).try(type.downcase+"_proxies") if type.present?
return SmartProxy.includes(:features).scoped
return SmartProxy.authorized(:view_smart_proxies).includes(:features).try(type.downcase+"_proxies") if type.present?
return SmartProxy.authorized(:view_smart_proxies).includes(:features).scoped
end
def action_permission
case params[:action]
when 'refresh'
:edit
else
super
end
end
def check_feature_type
app/controllers/api/v2/statistics_controller.rb
api :GET, "/statistics/", "Get statistics"
def index
@os_count = Host.my_hosts.count_distribution :operatingsystem
@arch_count = Host.my_hosts.count_distribution :architecture
@env_count = Host.my_hosts.count_distribution :environment
@klass_count = Host.my_hosts.count_habtm "puppetclass"
@cpu_count = FactValue.my_facts.count_each "processorcount"
@model_count = FactValue.my_facts.count_each "manufacturer"
@mem_size = FactValue.my_facts.mem_average "memorysize"
@mem_free = FactValue.my_facts.mem_average "memoryfree"
@swap_size = FactValue.my_facts.mem_average "swapsize"
@swap_free = FactValue.my_facts.mem_average "swapfree"
@mem_totsize = FactValue.my_facts.mem_sum "memorysize"
@mem_totfree = FactValue.my_facts.mem_sum "memoryfree"
render :json => { :os_count => @os_count, :arch_count => @arch_count,
:env_count => @env_count, :klass_count => @klass_count, :cpu_count => @cpu_count,
:model_count => @model_count, :mem_size => @mem_size, :mem_free => @mem_free, :swap_size => @swap_size,
:swap_free => @swap_free, :mem_totsize => @mem_totsize, :mem_totfree => @mem_totfree }
@os_count = Host.authorized(:view_hosts).count_distribution :operatingsystem
@arch_count = Host.authorized(:view_hosts).count_distribution :architecture
@env_count = Host.authorized(:view_hosts).count_distribution :environment
@klass_count = Host.authorized(:view_hosts).count_habtm "puppetclass"
@cpu_count = FactValue.authorized(:view_facts).my_facts.count_each "processorcount"
@model_count = FactValue.authorized(:view_facts).my_facts.count_each "manufacturer"
@mem_size = FactValue.authorized(:view_facts).my_facts.mem_average "memorysize"
@mem_free = FactValue.authorized(:view_facts).my_facts.mem_average "memoryfree"
@swap_size = FactValue.authorized(:view_facts).my_facts.mem_average "swapsize"
@swap_free = FactValue.authorized(:view_facts).my_facts.mem_average "swapfree"
@mem_totsize = FactValue.authorized(:view_facts).my_facts.mem_sum "memorysize"
@mem_totfree = FactValue.authorized(:view_facts).my_facts.mem_sum "memoryfree"
render :json => { :os_count => @os_count, :arch_count => @arch_count, :swap_size => @swap_size,
:env_count => @env_count, :klass_count => @klass_count, :cpu_count => @cpu_count,
:model_count => @model_count, :mem_size => @mem_size, :mem_free => @mem_free,
:swap_free => @swap_free, :mem_totsize => @mem_totsize, :mem_totfree => @mem_totfree }
end
end
app/controllers/api/v2/subnets_controller.rb
param :per_page, String, :desc => "number of entries per request"
def index
@subnets = Subnet.includes(:tftp, :dhcp, :dns).
@subnets = Subnet.
authorized(:view_subnets).
includes(:tftp, :dhcp, :dns).
search_for(*search_options).paginate(paginate_options)
end
app/controllers/api/v2/template_combinations_controller.rb
end
def find_parent_config_template
@config_template = ConfigTemplate.find(params[:config_template_id])
@config_template = ConfigTemplate.authorized(:view_templates).find(params[:config_template_id])
not_found unless @config_template
@config_template
end
app/controllers/api/v2/usergroups_controller.rb
param :order, String, :desc => "sort results"
def index
@usergroups = Usergroup.search_for(*search_options).paginate(paginate_options)
@usergroups = Usergroup.
authorized(:view_usergroups).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/usergroups/:id/", "Show a usergroup."
app/controllers/api/v2/users_controller.rb
module Api
module V2
class UsersController < V2::BaseController
before_filter :find_resource, :only => %w{show update destroy}
include Foreman::Controller::UsersMixin
include Api::Version2
include Api::TaxonomyScope
before_filter :find_resource, :only => %w{show update destroy}
api :GET, "/users/", "List all users."
param :search, String, :desc => "filter results"
......
param :per_page, String, :desc => "number of entries per request"
def index
@users = User.search_for(*search_options).paginate(paginate_options)
@users = User.
authorized(:view_users).
search_for(*search_options).paginate(paginate_options)
end
api :GET, "/users/:id/", "Show an user."
param :id, String, :required => true
def show
@user
end
def_param_group :user do
app/controllers/application_controller.rb
# standard layout to all controllers
helper 'layout'
helper_method :authorizer
before_filter :require_ssl, :require_login
before_filter :set_gettext_locale_db, :set_gettext_locale
......
authorized ? true : deny_access
end
def authorizer
@authorizer ||= Authorizer.new(User.current, :collection => instance_variable_get("@#{controller_name}"))
end
def deny_access
(User.current.logged? || request.xhr?) ? render_403 : require_login
end
......
end
def model_of_controller
controller_path.singularize.camelize.gsub('/','::').constantize
@model_of_controller ||= controller_path.singularize.camelize.gsub('/','::').constantize
end
......
not_found and return if params[:id].blank?
name = controller_name.singularize
model = model_of_controller
# determine if we are searching for a numerical id or plain name
cond = "find" + (params[:id] =~ /\A\d+(-.+)?\Z/ ? "" : "_by_name")
not_found and return unless instance_variable_set("@#{name}", model.send(cond, params[:id]))
not_found and return unless instance_variable_set("@#{name}", resource_base.send(cond, params[:id]))
end
def current_permission
[action_permission, controller_permission].join('_')
end
def controller_permission
controller_name
end
def action_permission
case params[:action]
when 'new', 'create'
'create'
when 'edit', 'update'
'edit'
when 'destroy'
'destroy'
when 'index', 'show'
'view'
else
raise ::Foreman::Exception.new(N_("unknown permission for %s"), "#{params[:controller]}##{params[:action]}")
end
end
# not all models includes Authorizable so we detect whether we should apply authorized scope or not
def resource_base
@resource_base ||= model_of_controller.respond_to?(:authorized) ?
model_of_controller.authorized(current_permission) :
model_of_controller.scoped
end
def notice notice
app/controllers/architectures_controller.rb
before_filter :find_by_name, :only => %w{edit update destroy}
def index
@architectures = Architecture.includes(:operatingsystems).search_for(params[:search], :order => params[:order]).paginate(:page => params[:page])
base = resource_base.includes(:operatingsystems).search_for(params[:search], :order => params[:order])
@architectures = base.paginate(:page => params[:page])
end
def new
app/controllers/audits_controller.rb
before_filter :setup_search_options, :only => :index
def index
Audit.unscoped { @audits = Audit.search_for(params[:search], :order => params[:order]).paginate :page => params[:page] }
Audit.unscoped { @audits = resource_base.search_for(params[:search], :order => params[:order]).paginate :page => params[:page] }
end
def show
@audit = Audit.find(params[:id])
@history = Audit.descending.where(:auditable_id => @audit.auditable_id, :auditable_type => @audit.auditable_type)
... This diff was truncated because it exceeds the maximum size that can be displayed.

Also available in: Unified diff