Skip to content

Commit

Permalink
Check allowed roles during storing
Browse files Browse the repository at this point in the history
  • Loading branch information
@lpichler
lpichler committed Jan 30, 2017
1 parent 1b7d5bd commit 34ee860
Showing 1 changed file with 12 additions and 1 deletion.
13 changes: 12 additions & 1 deletion app/controllers/ops_controller/ops_rbac.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1031,6 +1031,10 @@ def valid_tenant?(tenant_id)
Rbac.filtered(Tenant.in_my_region.where(:id => tenant_id)).present?
end

def valid_role?(group_id)
Rbac::Filterer.filtered(group_id, :class => MiqUserRole).present?
end

# Get variables from group edit form
def rbac_group_get_form_vars
if %w(up down).include?(params[:button])
Expand All @@ -1039,7 +1043,14 @@ def rbac_group_get_form_vars
else
@edit[:new][:ldap_groups_user] = params[:ldap_groups_user] if params[:ldap_groups_user]
@edit[:new][:description] = params[:description] if params[:description]
@edit[:new][:role] = params[:group_role] if params[:group_role]

if params[:group_role]
if valid_role?(new_role_id = params[:group_role].to_i)
@edit[:new][:role] = new_role_id
else
raise "Invalid group selected."
end
end

if params[:group_tenant]
if valid_tenant?(new_tenant_id = params[:group_tenant].to_i)
Expand Down

0 comments on commit 34ee860

Please sign in to comment.