Revision acfbc458
Added by Marek Hulán about 10 years ago
| app/models/compute_resource.rb | ||
|---|---|---|
|
class ComputeResource < ActiveRecord::Base
|
||
|
include Taxonomix
|
||
|
include Encryptable
|
||
|
include Authorizable
|
||
|
encrypts :password
|
||
|
SUPPORTED_PROVIDERS = %w[Libvirt Ovirt EC2 Vmware Openstack Rackspace GCE]
|
||
|
PROVIDERS = SUPPORTED_PROVIDERS.reject { |p| !SETTINGS[p.downcase.to_sym] }
|
||
| ... | ... | |
|
STI_PREFIX= "Foreman::Model"
|
||
|
|
||
|
before_destroy EnsureNotUsedBy.new(:hosts)
|
||
|
include Authorization
|
||
|
has_and_belongs_to_many :users, :join_table => "user_compute_resources"
|
||
|
validates :name, :uniqueness => true, :format => { :with => /\A(\S+)\Z/, :message => N_("can't be blank or contain white spaces.") }
|
||
|
validates :provider, :presence => true, :inclusion => { :in => PROVIDERS }
|
||
|
validates :url, :presence => true
|
||
|
scoped_search :on => :name, :complete_value => :true
|
||
|
scoped_search :on => :id, :complete_value => :true
|
||
|
before_save :sanitize_url
|
||
|
has_many_hosts
|
||
|
has_many :images, :dependent => :destroy
|
||
| ... | ... | |
|
end
|
||
|
}
|
||
|
|
||
|
scope :my_compute_resources, lambda {
|
||
|
user = User.current
|
||
|
if user.admin?
|
||
|
conditions = { }
|
||
|
else
|
||
|
conditions = sanitize_sql_for_conditions([" (compute_resources.id in (?))", user.compute_resource_ids])
|
||
|
conditions.sub!(/\s*\(\)\s*/, "")
|
||
|
conditions.sub!(/^(?:\(\))?\s?(?:and|or)\s*/, "")
|
||
|
conditions.sub!(/\(\s*(?:or|and)\s*\(/, "((")
|
||
|
end
|
||
|
where(conditions).reorder('type, name')
|
||
|
}
|
||
|
|
||
|
# allows to create a specific compute class based on the provider.
|
||
|
def self.new_provider args
|
||
|
raise ::Foreman::Exception.new(N_("must provide a provider")) unless provider = args[:provider]
|
||
| ... | ... | |
|
|
||
|
private
|
||
|
|
||
|
def enforce_permissions operation
|
||
|
# We get called again with the operation being set to create
|
||
|
return true if operation == "edit" and new_record?
|
||
|
current = User.current
|
||
|
if current.allowed_to?("#{operation}_compute_resources".to_sym)
|
||
|
# If you can create compute resources then you can create them anywhere
|
||
|
return true if operation == "create"
|
||
|
# edit or delete
|
||
|
if current.allowed_to?("#{operation}_compute_resources".to_sym)
|
||
|
return true if ComputeResource.my_compute_resources.include? self
|
||
|
end
|
||
|
end
|
||
|
errors.add :base, _("You do not have permission to %s this compute resource") % operation
|
||
|
false
|
||
|
end
|
||
|
|
||
|
def set_attributes_hash
|
||
|
self.attrs ||= {}
|
||
|
end
|
||
Also available in: Unified diff
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity
Contributions from: