Project

General

Profile

hosts_escalation.patch

Marek Hulán, 08/01/2013 03:03 AM

View differences:

app/controllers/api/base_controller.rb
35 35
      @resource_class ||= resource_name.camelize.constantize
36 36
    end
37 37

  
38
    def resource_scope
39
      @resource_scope ||= resource_class.scoped
40
    end
41

  
38 42
    protected
39 43

  
40 44
    def process_resource_error(options = { })
......
110 114
      resource = resource_identifying_attributes.find do |key|
111 115
        next if key=='id' and params[:id].to_i == 0
112 116
        method = "find_by_#{key}"
113
        resource_class.respond_to?(method) and
114
          (resource = resource_class.send method, params[:id]) and
117
        resource_scope.respond_to?(method) and
118
          (resource = resource_scope.send method, params[:id]) and
115 119
          break resource
116 120
      end
117 121

  
app/controllers/api/v1/compute_resources_controller.rb
66 66
        process_response @compute_resource.destroy
67 67
      end
68 68

  
69
      private
70

  
71
      def resource_scope
72
        resource_class.my_compute_resources
73
      end
74

  
69 75
    end
70 76
  end
71 77
end
app/controllers/api/v1/hosts_controller.rb
108 108
        @host.request_url = request.host_with_port if @host.respond_to?(:request_url)
109 109
      end
110 110

  
111
      # we need to limit resources for a current user
112
      def resource_scope
113
        resource_class.my_hosts
114
      end
115

  
111 116
    end
112 117
  end
113 118
end
test/fixtures/roles.yml
197 197
  permissions: |
198 198
    ---
199 199

  
200
view_compute_resources:
201
  name: View compute resources
202
  id: "11"
203
  builtin: "0"
204
  permissions: |
205
    ---
206
    - :view_compute_resources
207

  
test/fixtures/user_roles.yml
1
user_three_viewer_role:
2
  user: three
3
  role_id: 5
4

  
5
user_three_anonymous_role:
6
  user: three
7
  role_id: 7
8

  
9
user_three_view_compute_resources:
10
  user: three
11
  role_id: 11
test/fixtures/users.yml
18 18
  last_login_on: 2009-10-12 21:50:04
19 19
  auth_source: one
20 20

  
21
three:
22
  login: three
23
  firstname: Three
24
  lastname: User
25
  mail: userthree@someware.com
26
  admin: false
27
  last_login_on: 2009-10-12 21:50:04
28
  auth_source: one
29
  filter_on_owner: true
30

  
21 31
admin:
22 32
  login: admin
23 33
  firstname: Admin
......
49 59
  last_login_on: 2009-10-12 21:50:04
50 60
  auth_source: internal
51 61
  password_hash: 02d7ff9921071af778ff4f8608579dcd6d80dfba
52
  password_salt: 80a167f1effbd82c2485ed81c3cfd68b11bc40dc
62
  password_salt: 80a167f1effbd82c2485ed81c3cfd68b11bc40dc
test/functional/api/v1/compute_resources_controller_test.rb
47 47
    assert_response :success
48 48
  end
49 49

  
50
  test "should not allow access to a compute resource out of users compute resources scope" do
51
    as_user(:three) do
52
      get :show, { :id => compute_resources(:one).to_param }
53
    end
54
    assert_response :not_found
55
  end
56

  
50 57
end
test/functional/api/v1/hosts_controller_test.rb
63 63
    assert_response :success
64 64
  end
65 65

  
66
  test "should not allow access to a host out of users hosts scope" do
67
    as_user :three do
68
      get :show, { :id => hosts(:one).to_param }
69
    end
70
    assert_response :not_found
71
  end
66 72
end