Filter tenants and groups in Access Control by current region

Closes #4720
ManageIQ · Oct 30, 2018 · 759e1bf · 759e1bf
1 parent ec520f4
commit 759e1bf
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 2 deletions.
diff --git a/app/controllers/ops_controller/ops_rbac.rb b/app/controllers/ops_controller/ops_rbac.rb
@@ -831,9 +831,9 @@ def rbac_get_info
       @right_cell_text = _("Access Control Region \"%{name}\"") %
                          {:name => "#{MiqRegion.my_region.description} [#{MiqRegion.my_region.region}]"}
       @users_count   = Rbac.filtered(User.in_my_region).count
-      @groups_count  = Rbac.filtered(MiqGroup.non_tenant_groups).count
+      @groups_count  = Rbac.filtered(MiqGroup.non_tenant_groups_in_my_region).count
       @roles_count   = Rbac.filtered(MiqUserRole).count
-      @tenants_count = Rbac.filtered(Tenant).count
+      @tenants_count = Rbac.filtered(Tenant.in_my_region).count
     end
   end
 

diff --git a/spec/controllers/ops_controller/ops_rbac_spec.rb b/spec/controllers/ops_controller/ops_rbac_spec.rb
@@ -575,4 +575,44 @@
       end
     end
   end
+
+  describe "#rbac_get_info" do
+    let!(:child_tenant) { FactoryGirl.create(:tenant, :parent => Tenant.root_tenant) }
+    let(:group) { FactoryGirl.create(:miq_group) }
+    let(:inactive_region) { FactoryGirl.create(:miq_region) }
+    let!(:tenant_root_in_inactive_region) do
+      root_in_inactive_region = Tenant.root_tenant.dup
+      root_in_inactive_region.id = Tenant.id_in_region(Tenant.count + 1_000_000, inactive_region.region)
+      root_in_inactive_region.name = "Root Tenant in inactive region"
+      root_in_inactive_region.parent = Tenant.root_tenant
+      root_in_inactive_region.subdomain = "root_in_inactive_region"
+      root_in_inactive_region.save!
+      root_in_inactive_region
+    end
+    let!(:group_in_inactive_region) do
+      group_in_inactive_region = group.dup
+      group_in_inactive_region.id = MiqGroup.id_in_region(MiqGroup.count + 1_000_000, inactive_region.region)
+      group_in_inactive_region.save!
+      group_in_inactive_region
+    end
+    let(:admin_user) { FactoryGirl.create(:user, :role => "super_administrator") }
+
+    before do
+      EvmSpecHelper.local_miq_server
+      login_as admin_user
+      MiqRegion.seed
+    end
+
+    it 'counts only Tenants in active region' do
+      allow(controller).to receive(:x_node).and_return('root')
+      controller.send(:rbac_get_info)
+      expect(controller.instance_variable_get(:@tenants_count)).to eq(Tenant.in_my_region.count)
+    end
+
+    it 'counts only MiqGroups in active region' do
+      allow(controller).to receive(:x_node).and_return('root')
+      controller.send(:rbac_get_info)
+      expect(controller.instance_variable_get(:@groups_count)).to eq(MiqGroup.non_tenant_groups_in_my_region.count)
+    end
+  end
 end