Enable tagging for Tenant model in RBAC

ManageIQ · Feb 28, 2018 · 6c35520 · 6c35520
1 parent 8194595
commit 6c35520
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 5 deletions.
diff --git a/app/models/miq_group.rb b/app/models/miq_group.rb
@@ -251,8 +251,8 @@ def self.non_tenant_groups_in_my_region
     in_my_region.non_tenant_groups
   end
 
-  def self.with_current_user_groups
-    current_user = User.current_user
+  def self.with_current_user_groups(user = nil)
+    current_user = user || User.current_user
     current_user.admin_user? ? all : where(:id => current_user.miq_group_ids)
   end
 

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -285,8 +285,9 @@ def self.current_user
     Thread.current[:user] ||= find_by_userid(current_userid)
   end
 
-  def self.with_current_user_groups
-    current_user.admin_user? ? all : includes(:miq_groups).where(:miq_groups => {:id => current_user.miq_group_ids})
+  def self.with_current_user_groups(user = nil)
+    user ||= current_user
+    user.admin_user? ? all : includes(:miq_groups).where(:miq_groups => {:id => user.miq_group_ids})
   end
 
   def self.missing_user_features(db_user)

diff --git a/lib/rbac/filterer.rb b/lib/rbac/filterer.rb
@@ -52,7 +52,7 @@ class Filterer
       VmOrTemplate
     )
 
-    TAGGABLE_FILTER_CLASSES = CLASSES_THAT_PARTICIPATE_IN_RBAC - %w(EmsFolder) + %w(MiqGroup User)
+    TAGGABLE_FILTER_CLASSES = CLASSES_THAT_PARTICIPATE_IN_RBAC - %w(EmsFolder) + %w(MiqGroup User Tenant)
 
     NETWORK_MODELS_FOR_BELONGSTO_FILTER = %w(
       CloudNetwork
@@ -499,6 +499,9 @@ def scope_targets(klass, scope, rbac_filters, user, miq_group)
         scope_by_parent_ids(associated_class, scope, filtered_ids)
       elsif [MiqUserRole, MiqGroup, User].include?(klass)
         scope_for_user_role_group(klass, scope, miq_group, user, rbac_filters['managed'])
+      elsif klass == Tenant
+        filtered_ids = pluck_ids(get_managed_filter_object_ids(scope, rbac_filters['managed']))
+        scope_by_ids(scope, filtered_ids)
       else
         scope
       end

diff --git a/spec/lib/rbac/filterer_spec.rb b/spec/lib/rbac/filterer_spec.rb
@@ -158,6 +158,17 @@ def combine_filtered_ids(user_filtered_ids, belongsto_filtered_ids, managed_filt
           expect(results).to match_array [host_aggregate]
         end
       end
+
+      context "searching for tenants" do
+        before do
+          owner_tenant.tag_with('/managed/environment/prod', :ns => '*')
+        end
+
+        it 'list tagged tenants' do
+          results = described_class.search(:class => Tenant, :user => user).first
+          expect(results).to match_array [owner_tenant]
+        end
+      end
     end
 
     context 'with virtual custom attributes' do