Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add RBAC check to ops controllers method #939

Merged
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions app/controllers/ops_controller/ops_rbac.rb
Original file line number Diff line number Diff line change
@@ -637,15 +637,13 @@ def rbac_edit_cancel(what)

def rbac_edit_reset(operation, what, klass)
key = what.to_sym
obj = find_checked_items
obj[0] = params[:id] if obj.blank? && params[:id]
record = klass.find_by_id(from_cid(obj[0])) if obj[0]

record = find_record_with_rbac(klass, checked_or_params_id)
if [:group, :role].include?(key) && record && record.read_only && operation != 'copy'
add_flash(_("Read Only %{model} \"%{name}\" can not be edited") % {:model => key == :role ? ui_lookup(:model => "MiqUserRole") : ui_lookup(:model => "MiqGroup"), :name => key == :role ? record.name : record.description}, :warning)
javascript_flash
return
end

case operation
when "new"
# create new record
@@ -670,12 +668,14 @@ def rbac_edit_reset(operation, what, klass)
@record = record
end
@sb[:typ] = operation

# set form fields according to what is copied
case key
when :user then rbac_user_set_form_vars
when :group then rbac_group_set_form_vars
when :role then rbac_role_set_form_vars
end

@in_a_form = true
session[:changed] = false
add_flash(_("All changes have been reset"), :warning) if params[:button] == "reset"