Project

General

Profile

« Previous | Next » 

Revision acfbc458

Added by Marek Hulán about 10 years ago

fixes #812 - new permissions model, user group role and nest support, role filters for better granularity

Contributions from:

View differences:

app/controllers/api/v2/hosts_controller.rb
include Api::TaxonomyScope
include Foreman::Controller::SmartProxyAuth
before_filter :find_resource, :except => [:index, :create, :facts]
before_filter :find_resource, :except => %w{index create facts}
before_filter :permissions_check, :only => %w{power boot puppetrun}
add_puppetmaster_filters :facts
api :GET, "/hosts/", "List all hosts."
......
render :json => { :status => @host.host_status }.to_json if @host
end
# we need to limit resources for a current user
def resource_scope
Host.my_hosts
end
api :PUT, "/hosts/:id/puppetrun", "Force a puppet run on the agent."
param :id, :identifier_dottable, :required => true
......
private
def resource_scope(controller = controller_name)
Host.authorized("#{action_permission}_#{controller}", Host)
end
def action_permission
case params[:action]
when 'puppetrun'
:puppetrun
when 'power'
:power
when 'boot'
:ipmi_boot
when 'console'
:console
else
super
end
end
# this is required for template generation (such as pxelinux) which is not done via a web request
def forward_request_url
@host.request_url = request.host_with_port if @host.respond_to?(:request_url)
......
raise ::Foreman::Exception.new("A problem occurred when detecting host type: #{e.message}")
end
def permissions_check
permission = "#{params[:action]}_hosts".to_sym
deny_access unless Host.authorized(permission).find(@host.id)
end
end
end
end

Also available in: Unified diff