Revision e170c321
Added by Olivier Favre about 12 years ago
- ID e170c3210ceccccc43ef0795c89a14f472a074f9
| app/models/host.rb | ||
|---|---|---|
|
user = User.current
|
||
|
return { :conditions => "" } if user.admin? # Admin can see all hosts
|
||
|
|
||
|
owner_conditions = sanitize_sql_for_conditions(["((hosts.owner_id in (?) AND hosts.owner_type = 'Usergroup') OR (hosts.owner_id = ? AND hosts.owner_type = 'User'))", user.my_usergroups.map(&:id), user.id])
|
||
|
domain_conditions = sanitize_sql_for_conditions([" (hosts.domain_id in (?))",dms = (user.domains).map(&:id)])
|
||
|
hostgroup_conditions = sanitize_sql_for_conditions([" (hosts.hostgroup_id in (?))",(hgs = user.hostgroups).map(&:id)])
|
||
|
owner_conditions = sanitize_sql_for_conditions(["((hosts.owner_id in (?) AND hosts.owner_type = 'Usergroup') OR (hosts.owner_id = ? AND hosts.owner_type = 'User'))", user.my_usergroups.map(&:id), user.id])
|
||
|
domain_conditions = sanitize_sql_for_conditions([" (hosts.domain_id in (?))",dms = (user.domains).map(&:id)])
|
||
|
compute_resource_conditions = sanitize_sql_for_conditions([" (hosts.compute_resource_id in (?))",(crs = user.compute_resources).map(&:id)])
|
||
|
hostgroup_conditions = sanitize_sql_for_conditions([" (hosts.hostgroup_id in (?))",(hgs = user.hostgroups).map(&:id)])
|
||
|
|
||
|
fact_conditions = ""
|
||
|
for user_fact in (ufs = user.user_facts)
|
||
| ... | ... | |
|
|
||
|
conditions = ""
|
||
|
if user.filtering?
|
||
|
conditions = "#{owner_conditions}" if user.filter_on_owner
|
||
|
(conditions = (user.domains_andor == "and") ? "(#{conditions}) and #{domain_conditions} " : "#{conditions} or #{domain_conditions} ") unless dms.empty?
|
||
|
(conditions = (user.hostgroups_andor == "and") ? "(#{conditions}) and #{hostgroup_conditions} " : "#{conditions} or #{hostgroup_conditions} ") unless hgs.empty?
|
||
|
(conditions = (user.facts_andor == "and") ? "(#{conditions}) and #{fact_conditions} " : "#{conditions} or #{fact_conditions} ") unless ufs.empty?
|
||
|
conditions = "#{owner_conditions}" if user.filter_on_owner
|
||
|
(conditions = (user.domains_andor == "and") ? "(#{conditions}) and #{domain_conditions} " : "#{conditions} or #{domain_conditions} ") unless dms.empty?
|
||
|
(conditions = (user.compute_resources_andor == "and") ? "(#{conditions}) and #{compute_resource_conditions} " : "#{conditions} or #{compute_resource_conditions} ") unless crs.empty?
|
||
|
(conditions = (user.hostgroups_andor == "and") ? "(#{conditions}) and #{hostgroup_conditions} " : "#{conditions} or #{hostgroup_conditions} ") unless hgs.empty?
|
||
|
(conditions = (user.facts_andor == "and") ? "(#{conditions}) and #{fact_conditions} " : "#{conditions} or #{fact_conditions} ") unless ufs.empty?
|
||
|
conditions.sub!(/\s*\(\)\s*/, "")
|
||
|
conditions.sub!(/^(?:\(\))?\s?(?:and|or)\s*/, "")
|
||
|
conditions.sub!(/\(\s*(?:or|and)\s*\(/, "((")
|
||
Also available in: Unified diff
fixes #1597 - Restrict compute resources access by user
And add some rights to give non admin users so they can perform some normal actions on the hosts they own.
unit/domain_parameter_test.rb self-broke... added a tiny fix.
Removing compute_resources/vms nesting, it is such a nightmare for functional tests.
Signed-off-by: Olivier Favre <olivier@yakaz.com>