Revision acfbc458
Added by Marek Hulán about 10 years ago
| test/unit/host_test.rb | ||
|---|---|---|
|
assert host.disabled?
|
||
|
end
|
||
|
|
||
|
def setup_user_and_host
|
||
|
@one = users(:one)
|
||
|
@one.hostgroups.destroy_all
|
||
|
@one.domains.destroy_all
|
||
|
@one.user_facts.destroy_all
|
||
|
@one.save!
|
||
|
@host = hosts(:one)
|
||
|
@host.owner = users(:two)
|
||
|
@host.save!
|
||
|
User.current = @one
|
||
|
end
|
||
|
|
||
|
def setup_filtered_user
|
||
|
# Can't use `setup_user_and_host` as it deletes the UserFacts
|
||
|
@one = users(:one)
|
||
|
@one.hostgroups.destroy_all
|
||
|
@one.domains.destroy_all
|
||
|
@one.user_facts = [user_facts(:one)]
|
||
|
@one.facts_andor = "and"
|
||
|
@one.save!
|
||
|
User.current = @one
|
||
|
end
|
||
|
|
||
|
test "host cannot be edited without permission" do
|
||
|
setup_user_and_host
|
||
|
as_admin do
|
||
|
@one.roles = [Role.find_by_name("Viewer")]
|
||
|
end
|
||
|
assert !@host.update_attributes(:comment => "blahblahblah")
|
||
|
assert_match /do not have permission/, @host.errors.full_messages.join("\n")
|
||
|
end
|
||
|
|
||
|
test "any host can be edited when permitted" do
|
||
|
setup_user_and_host
|
||
|
as_admin do
|
||
|
@one.roles = [Role.find_by_name("Edit hosts")]
|
||
|
end
|
||
|
assert @host.update_attributes(:comment => "blahblahblah")
|
||
|
assert_no_match /do not have permission/, @host.errors.full_messages.join("\n")
|
||
|
end
|
||
|
|
||
|
test "hosts can be edited when domains permit" do
|
||
|
setup_user_and_host
|
||
|
as_admin do
|
||
|
@one.roles = [Role.find_by_name("Edit hosts")]
|
||
|
@one.domains = [Domain.find_by_name("mydomain.net")]
|
||
|
end
|
||
|
assert @host.update_attributes(:comment => "blahblahblah")
|
||
|
assert_no_match /do not have permission/, @host.errors.full_messages.join("\n")
|
||
|
end
|
||
|
|
||
|
test "hosts cannot be edited when domains deny" do
|
||
|
setup_user_and_host
|
||
|
as_admin do
|
||
|
@one.roles = [Role.find_by_name("Edit hosts")]
|
||
|
@one.domains = [Domain.find_by_name("yourdomain.net")]
|
||
|
end
|
||
|
assert !@host.update_attributes(:comment => "blahblahblah")
|
||
|
assert_match /do not have permission/, @host.errors.full_messages.join("\n")
|
||
|
end
|
||
|
|
||
|
test "host cannot be created without permission" do
|
||
|
setup_user_and_host
|
||
|
as_admin do
|
||
|
@one.roles = [Role.find_by_name("Viewer")]
|
||
|
end
|
||
|
host = Host.create(:name => "blahblah", :mac => "aabbecddee19", :ip => "2.3.4.09",
|
||
|
:domain => domains(:mydomain), :operatingsystem => operatingsystems(:centos5_3),
|
||
|
:architecture => architectures(:x86_64), :environment => environments(:production), :puppet_proxy => smart_proxies(:puppetmaster),
|
||
|
:subnet => subnets(:one), :disk => "empty partition")
|
||
|
assert host.new_record?
|
||
|
assert_match /do not have permission/, host.errors.full_messages.join("\n")
|
||
|
end
|
||
|
|
||
|
test "any host can be created when permitted" do
|
||
|
setup_user_and_host
|
||
|
as_admin do
|
||
|
@one.roles = [Role.find_by_name("Create hosts")]
|
||
|
end
|
||
|
host = Host.create(:name => "blahblah", :mac => "aabbecddee19", :ip => "2.3.4.11",
|
||
|
:domain => domains(:mydomain), :operatingsystem => operatingsystems(:centos5_3), :puppet_proxy => smart_proxies(:puppetmaster),
|
||
|
:architecture => architectures(:x86_64), :environment => environments(:production),
|
||
|
:subnet => subnets(:one), :disk => "empty partition")
|
||
|
assert !host.new_record?
|
||
|
assert_no_match /do not have permission/, host.errors.full_messages.join("\n")
|
||
|
end
|
||
|
|
||
|
test "hosts can be created when hostgroups permit" do
|
||
|
setup_user_and_host
|
||
|
as_admin do
|
||
|
@one.roles = [Role.find_by_name("Create hosts")]
|
||
|
@one.hostgroups = [Hostgroup.find_by_name("Common")]
|
||
|
end
|
||
|
host = Host.create(:name => "blahblah", :mac => "aabbecddee19", :ip => "2.3.4.4",
|
||
|
:domain => domains(:mydomain), :operatingsystem => operatingsystems(:centos5_3),
|
||
|
:architecture => architectures(:x86_64), :environment => environments(:production),
|
||
|
:subnet => subnets(:one),
|
||
|
:disk => "empty partition", :hostgroup => hostgroups(:common))
|
||
|
assert !host.new_record?
|
||
|
assert_no_match /do not have permission/, host.errors.full_messages.join("\n")
|
||
|
end
|
||
|
|
||
|
test "hosts cannot be created when hostgroups deny" do
|
||
|
setup_user_and_host
|
||
|
as_admin do
|
||
|
@one.roles = [Role.find_by_name("Create hosts")]
|
||
|
@one.hostgroups = [Hostgroup.find_by_name("Unusual")]
|
||
|
end
|
||
|
host = Host.create(:name => "blahblah", :mac => "aabbecddee19", :ip => "2.3.4.9",
|
||
|
:domain => domains(:mydomain), :operatingsystem => operatingsystems(:centos5_3),
|
||
|
:architecture => architectures(:x86_64), :environment => environments(:production),
|
||
|
:subnet => subnets(:one),
|
||
|
:disk => "empty partition", :hostgroup => hostgroups(:common))
|
||
|
assert host.new_record?
|
||
|
assert_match /do not have permission/, host.errors.full_messages.join("\n")
|
||
|
end
|
||
|
|
||
|
test "host cannot be destroyed without permission" do
|
||
|
setup_user_and_host
|
||
|
as_admin do
|
||
|
@one.roles = [Role.find_by_name("Viewer")]
|
||
|
end
|
||
|
assert !@host.destroy
|
||
|
assert_match /do not have permission/, @host.errors.full_messages.join("\n")
|
||
|
end
|
||
|
|
||
|
test "any host can be destroyed when permitted" do
|
||
|
setup_user_and_host
|
||
|
as_admin do
|
||
|
@one.roles = [Role.find_by_name("Destroy hosts")]
|
||
|
@host.host_classes.delete_all
|
||
|
assert @host.destroy
|
||
|
end
|
||
|
assert_no_match /do not have permission/, @host.errors.full_messages.join("\n")
|
||
|
end
|
||
|
|
||
|
test "hosts can be destroyed when ownership permits" do
|
||
|
setup_user_and_host
|
||
|
as_admin do
|
||
|
@one.roles = [Role.find_by_name("Destroy hosts")]
|
||
|
@host.update_attribute :owner, users(:one)
|
||
|
@host.host_classes.delete_all
|
||
|
assert @host.destroy
|
||
|
end
|
||
|
assert_no_match /do not have permission/, @host.errors.full_messages.join("\n")
|
||
|
end
|
||
|
|
||
|
test "hosts cannot be destroyed when ownership denies" do
|
||
|
setup_user_and_host
|
||
|
as_admin do
|
||
|
@one.roles = [Role.find_by_name("Destroy hosts")]
|
||
|
@one.domains = [domains(:yourdomain)] # This does not grant access but does ensure that access is constrained
|
||
|
@host.owner = users(:two)
|
||
|
@host.save!
|
||
|
end
|
||
|
assert !@host.destroy
|
||
|
assert_match /do not have permission/, @host.errors.full_messages.join("\n")
|
||
|
end
|
||
|
|
||
|
test "fact filters restrict the my_hosts scope" do
|
||
|
setup_filtered_user
|
||
|
assert_equal 1, Host.my_hosts.count
|
||
|
assert_equal 'my5name.mydomain.net', Host.my_hosts.first.name
|
||
|
end
|
||
|
|
||
|
test "sti types altered in memory with becomes are still contained in my_hosts scope" do
|
||
|
class Host::Valid < Host::Base ; belongs_to :domain ; end
|
||
|
h = Host::Valid.new :name => "mytestvalidhost.foo.com"
|
||
|
setup_user_and_host
|
||
|
as_admin do
|
||
|
@one.domains = [domains(:yourdomain)] # ensure it matches the user filters
|
||
|
h.update_attribute :domain, domains(:yourdomain)
|
||
|
end
|
||
|
h_new = h.becomes(Host::Managed) # change the type to break normal AR `==` method
|
||
|
assert Host::Base.my_hosts.include?(h_new)
|
||
|
end
|
||
|
|
||
|
test "host can be edited when user fact filter permits" do
|
||
|
setup_filtered_user
|
||
|
as_admin do
|
||
|
@one.roles = [Role.find_by_name("Edit hosts")]
|
||
|
@host = hosts(:one)
|
||
|
@host.owner = users(:two)
|
||
|
@host.save!
|
||
|
end
|
||
|
assert @host.update_attributes(:comment => "blahblahblah")
|
||
|
assert_no_match /do not have permission/, @host.errors.full_messages.join("\n")
|
||
|
end
|
||
|
|
||
|
test "host cannot be edited when user fact filter denies" do
|
||
|
setup_filtered_user
|
||
|
as_admin do
|
||
|
@one.roles = [Role.find_by_name("Edit hosts")]
|
||
|
@host = hosts(:two)
|
||
|
@host.owner = users(:two)
|
||
|
@host.save!
|
||
|
end
|
||
|
assert !@host.update_attributes(:comment => "blahblahblah")
|
||
|
assert_match /do not have permission/, @host.errors.full_messages.join("\n")
|
||
|
end
|
||
|
|
||
|
test "a fqdn Host should be assigned to a domain if such domain exists" do
|
||
|
domain = domains(:mydomain)
|
||
|
host = Host.create :name => "host.mydomain.net", :mac => "aabbccddeaff", :ip => "2.3.04.03",
|
||
| ... | ... | |
|
@one = users(:one)
|
||
|
# add permission for user :one
|
||
|
as_admin do
|
||
|
filter = FactoryGirl.build(:filter)
|
||
|
filter.permissions = [ Permission.find_by_name('edit_hosts') ]
|
||
|
filter.save!
|
||
|
role = Role.find_or_create_by_name :name => "testing_role"
|
||
|
role.permissions = [:edit_hosts]
|
||
|
@one.roles = [role]
|
||
|
role.filters = [ filter ]
|
||
|
role.save!
|
||
|
@one.roles = [ role ]
|
||
|
@one.save!
|
||
|
end
|
||
|
h = hosts(:one)
|
||
Also available in: Unified diff
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity
Contributions from: