diff --git a/app/models/manageiq/providers/cloud_manager/template.rb b/app/models/manageiq/providers/cloud_manager/template.rb index 54a7e733bef0..8ae1df7fdfa7 100644 --- a/app/models/manageiq/providers/cloud_manager/template.rb +++ b/app/models/manageiq/providers/cloud_manager/template.rb @@ -114,6 +114,14 @@ def validate_unsupported(message_prefix) :message => _("%{message} is not available for %{name}.") % {:message => message_prefix, :name => name}} end + def self.tenant_id_clause(user_or_group) + template_tenant_ids = MiqTemplate.accessible_tenant_ids(user_or_group, Rbac.accessible_tenant_ids_strategy(MiqTemplate)) + vm_tenant_ids = Vm.accessible_tenant_ids(user_or_group, Rbac.accessible_tenant_ids_strategy(Vm)) + return if template_tenant_ids.empty? && vm_tenant_ids.empty? + + ["(vms.template = true AND vms.tenant_id IN (?)) OR (vms.template = false AND vms.tenant_id IN (?) OR vms.publicly_available = true)", + template_tenant_ids, vm_tenant_ids] + private def raise_created_event diff --git a/spec/models/manageiq/providers/cloud_manager/template_spec.rb b/spec/models/manageiq/providers/cloud_manager/template_spec.rb index c502d8779a2a..3c41ed08e35f 100644 --- a/spec/models/manageiq/providers/cloud_manager/template_spec.rb +++ b/spec/models/manageiq/providers/cloud_manager/template_spec.rb @@ -1,9 +1,31 @@ describe TemplateCloud do - it "#post_create_actions" do - expect(subject).to receive(:reconnect_events) - expect(subject).to receive(:classify_with_parent_folder_path) - expect(MiqEvent).to receive(:raise_evm_event).with(subject, "vm_template", :vm => subject) + describe "actions" do + it "#post_create_actions" do + expect(subject).to receive(:reconnect_events) + expect(subject).to receive(:classify_with_parent_folder_path) + expect(MiqEvent).to receive(:raise_evm_event).with(subject, "vm_template", :vm => subject) - subject.post_create_actions + subject.post_create_actions + end + end + + let(:root_tenant) do + Tenant.seed + end + + let(:default_tenant) do + root_tenant + Tenant.default_tenant + end + + describe "miq_group" do + let(:user) { FactoryGirl.create(:user, :userid => 'user', :miq_groups => [tenant_group]) } + let(:tenant) { FactoryGirl.build(:tenant, :parent => default_tenant) } + let(:tenant_users) { FactoryGirl.create(:miq_user_role, :name => "tenant-users") } + let(:tenant_group) { FactoryGirl.create(:miq_group, :miq_user_role => tenant_users, :tenant => tenant) } + + it "finds correct tenant id clause for regular tenants" do + expect(TemplateCloud.tenant_id_clause(user)).to eql ["(vms.template = true AND vms.tenant_id IN (?)) OR (vms.template = false AND vms.tenant_id IN (?) OR vms.publicly_available = true)", [default_tenant.id, tenant.id], [tenant.id]] + end end end