Revision acfbc458
Added by Marek Hulán about 10 years ago
| test/unit/puppetclass_test.rb | ||
|---|---|---|
|
assert !other_puppet_class.save
|
||
|
end
|
||
|
|
||
|
def setup_user operation
|
||
|
@one = users(:one)
|
||
|
as_admin do
|
||
|
role = Role.find_or_create_by_name :name => "#{operation}_puppetclasses"
|
||
|
role.permissions = ["#{operation}_puppetclasses".to_sym]
|
||
|
@one.roles = [role]
|
||
|
@one.save!
|
||
|
end
|
||
|
User.current = @one
|
||
|
end
|
||
|
|
||
|
test "user with create permissions should be able to create" do
|
||
|
setup_user "create"
|
||
|
record = Puppetclass.create :name => "dummy"
|
||
|
assert record.valid?
|
||
|
assert !record.new_record?
|
||
|
end
|
||
|
|
||
|
test "user with view permissions should not be able to create" do
|
||
|
setup_user "view"
|
||
|
record = Puppetclass.create :name => "dummy"
|
||
|
assert record.valid?
|
||
|
assert record.new_record?
|
||
|
end
|
||
|
|
||
|
test "user with destroy permissions should be able to destroy" do
|
||
|
setup_user "destroy"
|
||
|
record = Puppetclass.first
|
||
|
as_admin do
|
||
|
record.hosts.destroy_all
|
||
|
record.lookup_keys.destroy_all
|
||
|
end
|
||
|
assert record.destroy
|
||
|
assert record.frozen?
|
||
|
end
|
||
|
|
||
|
test "user with edit permissions should not be able to destroy" do
|
||
|
setup_user "edit"
|
||
|
record = Puppetclass.first
|
||
|
assert !record.destroy
|
||
|
assert !record.frozen?
|
||
|
end
|
||
|
|
||
|
test "user with edit permissions should be able to edit" do
|
||
|
setup_user "edit"
|
||
|
record = Puppetclass.first
|
||
|
record.name = "renamed"
|
||
|
assert record.save
|
||
|
end
|
||
|
|
||
|
test "user with destroy permissions should not be able to edit" do
|
||
|
setup_user "destroy"
|
||
|
record = Puppetclass.first
|
||
|
record.name = "renamed"
|
||
|
as_admin do
|
||
|
record.hosts.destroy_all
|
||
|
end
|
||
|
assert !record.save
|
||
|
assert record.valid?
|
||
|
end
|
||
|
|
||
|
test "looking for a nonexistent host returns no puppetclasses" do
|
||
|
assert_equal [], Puppetclass.search_for("host = imaginaryhost.nodomain.what")
|
||
|
end
|
||
|
|
||
|
test "user without create external_variables permission cannot create smart variable for puppetclass" do
|
||
|
setup_user "edit"
|
||
|
nested_lookup_key_params = {:new_1372154591368 => {:key=>"test_param", :key_type=>"string", :default_value => "7777", :path =>"fqdn\r\nhostgroup\r\nos\r\ndomain"}}
|
||
|
refute Puppetclass.first.update_attributes(:lookup_keys_attributes => nested_lookup_key_params)
|
||
|
end
|
||
|
|
||
|
test "user with create external_variables permission can create smart variable for puppetclass" do
|
||
|
@one = users(:one)
|
||
|
# add permission for user :one
|
||
|
as_admin do
|
||
|
filter1 = FactoryGirl.build(:filter)
|
||
|
filter1.permissions = Permission.find_all_by_name(['create_external_variables'])
|
||
|
filter2 = FactoryGirl.build(:filter)
|
||
|
filter2.permissions = Permission.find_all_by_name(['edit_puppetclasses'])
|
||
|
role = Role.find_or_create_by_name :name => "testing_role"
|
||
|
role.permissions = [:edit_puppetclasses, :create_external_variables]
|
||
|
@one.roles = [role]
|
||
|
role.filters = [ filter1, filter2 ]
|
||
|
role.save!
|
||
|
filter1.role = role
|
||
|
filter1.save!
|
||
|
filter2.role = role
|
||
|
filter2.save!
|
||
|
@one.roles = [ role ]
|
||
|
@one.save!
|
||
|
end
|
||
|
as_user :one do
|
||
Also available in: Unified diff
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity
Contributions from: