Bug #2863 » hosts_escalation.patch
| app/controllers/api/base_controller.rb | ||
|---|---|---|
|
@resource_class ||= resource_name.camelize.constantize
|
||
|
end
|
||
|
def resource_scope
|
||
|
@resource_scope ||= resource_class.scoped
|
||
|
end
|
||
|
protected
|
||
|
def process_resource_error(options = { })
|
||
| ... | ... | |
|
resource = resource_identifying_attributes.find do |key|
|
||
|
next if key=='id' and params[:id].to_i == 0
|
||
|
method = "find_by_#{key}"
|
||
|
resource_class.respond_to?(method) and
|
||
|
(resource = resource_class.send method, params[:id]) and
|
||
|
resource_scope.respond_to?(method) and
|
||
|
(resource = resource_scope.send method, params[:id]) and
|
||
|
break resource
|
||
|
end
|
||
| app/controllers/api/v1/compute_resources_controller.rb | ||
|---|---|---|
|
process_response @compute_resource.destroy
|
||
|
end
|
||
|
private
|
||
|
def resource_scope
|
||
|
resource_class.my_compute_resources
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|
||
| app/controllers/api/v1/hosts_controller.rb | ||
|---|---|---|
|
@host.request_url = request.host_with_port if @host.respond_to?(:request_url)
|
||
|
end
|
||
|
# we need to limit resources for a current user
|
||
|
def resource_scope
|
||
|
resource_class.my_hosts
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|
||
| test/fixtures/roles.yml | ||
|---|---|---|
|
permissions: |
|
||
|
---
|
||
|
view_compute_resources:
|
||
|
name: View compute resources
|
||
|
id: "11"
|
||
|
builtin: "0"
|
||
|
permissions: |
|
||
|
---
|
||
|
- :view_compute_resources
|
||
| test/fixtures/user_roles.yml | ||
|---|---|---|
|
user_three_viewer_role:
|
||
|
user: three
|
||
|
role_id: 5
|
||
|
user_three_anonymous_role:
|
||
|
user: three
|
||
|
role_id: 7
|
||
|
user_three_view_compute_resources:
|
||
|
user: three
|
||
|
role_id: 11
|
||
| test/fixtures/users.yml | ||
|---|---|---|
|
last_login_on: 2009-10-12 21:50:04
|
||
|
auth_source: one
|
||
|
three:
|
||
|
login: three
|
||
|
firstname: Three
|
||
|
lastname: User
|
||
|
mail: userthree@someware.com
|
||
|
admin: false
|
||
|
last_login_on: 2009-10-12 21:50:04
|
||
|
auth_source: one
|
||
|
filter_on_owner: true
|
||
|
admin:
|
||
|
login: admin
|
||
|
firstname: Admin
|
||
| ... | ... | |
|
last_login_on: 2009-10-12 21:50:04
|
||
|
auth_source: internal
|
||
|
password_hash: 02d7ff9921071af778ff4f8608579dcd6d80dfba
|
||
|
password_salt: 80a167f1effbd82c2485ed81c3cfd68b11bc40dc
|
||
|
password_salt: 80a167f1effbd82c2485ed81c3cfd68b11bc40dc
|
||
| test/functional/api/v1/compute_resources_controller_test.rb | ||
|---|---|---|
|
assert_response :success
|
||
|
end
|
||
|
test "should not allow access to a compute resource out of users compute resources scope" do
|
||
|
as_user(:three) do
|
||
|
get :show, { :id => compute_resources(:one).to_param }
|
||
|
end
|
||
|
assert_response :not_found
|
||
|
end
|
||
|
end
|
||
| test/functional/api/v1/hosts_controller_test.rb | ||
|---|---|---|
|
assert_response :success
|
||
|
end
|
||
|
test "should not allow access to a host out of users hosts scope" do
|
||
|
as_user :three do
|
||
|
get :show, { :id => hosts(:one).to_param }
|
||
|
end
|
||
|
assert_response :not_found
|
||
|
end
|
||
|
end
|
||