Revision acfbc458
Added by Marek Hulán about 10 years ago
| app/models/host/base.rb | ||
|---|---|---|
|
module Host
|
||
|
class Base < ActiveRecord::Base
|
||
|
include Foreman::STI
|
||
|
include Authorizable
|
||
|
self.table_name = :hosts
|
||
|
OWNER_TYPES = %w(User Usergroup)
|
||
|
|
||
| ... | ... | |
|
:allow_blank => true,
|
||
|
:message => (_("Owner type needs to be one of the following: %s") % OWNER_TYPES.join(', '))
|
||
|
|
||
|
scope :my_hosts, lambda {
|
||
|
user = User.current
|
||
|
return if user.admin? # Admin can see all hosts
|
||
|
|
||
|
owner_conditions = sanitize_sql_for_conditions(["((hosts.owner_id in (?) AND hosts.owner_type = 'Usergroup') OR (hosts.owner_id = ? AND hosts.owner_type = 'User'))", user.my_usergroups.map(&:id), user.id])
|
||
|
domain_conditions = sanitize_sql_for_conditions([" (hosts.domain_id in (?))",dms = (user.domain_ids)])
|
||
|
compute_resource_conditions = sanitize_sql_for_conditions([" (hosts.compute_resource_id in (?))",(crs = user.compute_resource_ids)])
|
||
|
hostgroup_conditions = sanitize_sql_for_conditions([" (hosts.hostgroup_id in (?))",(hgs = user.hostgroup_ids)])
|
||
|
organization_conditions = sanitize_sql_for_conditions([" (hosts.organization_id in (?))",orgs = (user.organization_ids)])
|
||
|
location_conditions = sanitize_sql_for_conditions([" (hosts.location_id in (?))",locs = (user.location_ids)])
|
||
|
|
||
|
fact_conditions = ""
|
||
|
for user_fact in (ufs = user.user_facts)
|
||
|
fact_conditions += sanitize_sql_for_conditions ["(hosts.id = fact_values.host_id and fact_values.fact_name_id = ? and fact_values.value #{user_fact.operator} ?)", user_fact.fact_name_id, user_fact.criteria]
|
||
|
fact_conditions = user_fact.andor == "and" ? "(#{fact_conditions}) and " : "#{fact_conditions} or "
|
||
|
end
|
||
|
if (match = fact_conditions.match(/\A(.*).....\Z/))
|
||
|
fact_conditions = "(#{match[1]})"
|
||
|
end
|
||
|
|
||
|
conditions = ""
|
||
|
if user.filtering?
|
||
|
conditions = "#{owner_conditions}" if user.filter_on_owner
|
||
|
(conditions = (user.domains_andor == "and") ? "(#{conditions}) and #{domain_conditions} " : "#{conditions} or #{domain_conditions} ") unless dms.empty?
|
||
|
(conditions = (user.compute_resources_andor == "and") ? "(#{conditions}) and #{compute_resource_conditions} " : "#{conditions} or #{compute_resource_conditions} ") unless crs.empty?
|
||
|
(conditions = (user.hostgroups_andor == "and") ? "(#{conditions}) and #{hostgroup_conditions} " : "#{conditions} or #{hostgroup_conditions} ") unless hgs.empty?
|
||
|
(conditions = (user.facts_andor == "and") ? "(#{conditions}) and #{fact_conditions} " : "#{conditions} or #{fact_conditions} ") unless ufs.empty?
|
||
|
(conditions = (user.organizations_andor == "and") ? "(#{conditions}) and #{organization_conditions} " : "#{conditions} or #{organization_conditions} ") unless orgs.empty?
|
||
|
(conditions = (user.locations_andor == "and") ? "(#{conditions}) and #{location_conditions} " : "#{conditions} or #{location_conditions} ") unless locs.empty?
|
||
|
conditions.sub!(/\s*\(\)\s*/, "")
|
||
|
conditions.sub!(/\A(?:\(\))?\s?(?:and|or)\s*/, "")
|
||
|
conditions.sub!(/\(\s*(?:or|and)\s*\(/, "((")
|
||
|
end
|
||
|
|
||
|
joins(ufs.empty? ? nil : :fact_values).where(conditions)
|
||
|
}
|
||
|
def self.attributes_protected_by_default
|
||
|
super - [ inheritance_column ]
|
||
|
end
|
||
Also available in: Unified diff
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity
Contributions from: