Merge pull request #16063 from lpichler/move_rule_for_network_manager…

…_to_belonsto_filter Move rule for network manager to belonsto filter (cherry picked from commit 99eaef8) https://bugzilla.redhat.com/show_bug.cgi?id=1497835
ManageIQ · Oct 2, 2017 · c59f3db · c59f3db
1 parent 991fea9
commit c59f3db
Show file tree

Hide file tree

Showing 2 changed files with 100 additions and 3 deletions.
diff --git a/lib/rbac/filterer.rb b/lib/rbac/filterer.rb
@@ -56,6 +56,7 @@ class Filterer
       EmsCluster
       ResourcePool
       Storage
+      CloudNetwork
     )
 
     # key: MiqUserRole#name - user's role
@@ -78,8 +79,7 @@ class Filterer
       "VmOrTemplate::EmsFolder"                => :parent_blue_folders,
       "VmOrTemplate::ResourcePool"             => :resource_pool,
       "ConfiguredSystem::ExtManagementSystem"  => :ext_management_system,
-      "ConfiguredSystem::ConfigurationProfile" => [:id, :configuration_profile_id],
-      "ExtManagementSystem::CloudNetwork"      => [:ems_id, :id]
+      "ConfiguredSystem::ConfigurationProfile" => [:id, :configuration_profile_id]
     }
 
     # These classes should accept any of the relationship_mixin methods including:
@@ -588,7 +588,8 @@ def get_belongsto_matches(blist, klass)
         # typically, this is the only one we want:
         vcmeta = vcmeta_list.last
 
-        if [ExtManagementSystem, Host].any? { |x| vcmeta.kind_of?(x) } && klass <= VmOrTemplate
+        if [ExtManagementSystem, Host].any? { |x| vcmeta.kind_of?(x) } && klass <= VmOrTemplate ||
+           vcmeta.kind_of?(ManageIQ::Providers::NetworkManager)        && klass <= CloudNetwork
           vcmeta.send(association_name).to_a
         else
           vcmeta_list.grep(klass) + vcmeta.descendants.grep(klass)

diff --git a/spec/lib/rbac/filterer_spec.rb b/spec/lib/rbac/filterer_spec.rb
@@ -1026,6 +1026,102 @@ def get_rbac_results_for_and_expect_objects(klass, expected_objects)
       end
     end
 
+    context 'with cloud network and network manager' do
+      let!(:network_manager)   { FactoryGirl.create(:ems_openstack).network_manager }
+      let!(:cloud_network)     { FactoryGirl.create(:cloud_network, :ext_management_system => network_manager) }
+      let!(:network_manager_1) { FactoryGirl.create(:ems_openstack).network_manager }
+      let!(:cloud_network_1)   { FactoryGirl.create(:cloud_network, :ext_management_system => network_manager_1) }
+
+      context 'with belongs_to_filter' do
+        before do
+          group.entitlement = Entitlement.new
+          group.entitlement.set_managed_filters([])
+          group.entitlement.set_belongsto_filters(["/belongsto/ExtManagementSystem|#{network_manager.name}"])
+          group.save!
+        end
+
+        context 'when records match belognsto filter' do
+          it 'lists cloud networks with network manager according to belongsto filter' do
+            User.with_user(user) do
+              results = described_class.search(:class => CloudNetwork).first
+              expect(results).to match_array([cloud_network])
+              expect(results.first.ext_management_system).to eq(network_manager)
+            end
+          end
+
+          it 'lists network manager according to belongsto filter' do
+            User.with_user(user) do
+              results = described_class.search(:class => ManageIQ::Providers::NetworkManager).first
+              expect(results).to match_array([network_manager])
+            end
+          end
+        end
+
+        context 'when records don\'t match belognsto filter' do
+          before do
+            group.entitlement = Entitlement.new
+            group.entitlement.set_managed_filters([])
+            group.entitlement.set_belongsto_filters(["/belongsto/ExtManagementSystem|XXXX"])
+            group.save!
+          end
+
+          it 'lists no cloud networks' do
+            User.with_user(user) do
+              results = described_class.search(:class => CloudNetwork).first
+              expect(results).to be_empty
+            end
+          end
+
+          it 'lists no network manager' do
+            User.with_user(user) do
+              results = described_class.search(:class => ManageIQ::Providers::NetworkManager).first
+              expect(results).to be_empty
+            end
+          end
+        end
+
+        context 'network manager is tagged' do
+          before do
+            group.entitlement = Entitlement.new
+            group.entitlement.set_managed_filters([['/managed/environment/prod']])
+            group.entitlement.set_belongsto_filters([])
+            group.save!
+
+            network_manager.tag_with('/managed/environment/prod', :ns => '*')
+          end
+
+          it 'doesn\'t list cloud networks' do
+            User.with_user(user) do
+              results = described_class.search(:class => CloudNetwork).first
+              expect(results).to be_empty
+            end
+          end
+
+          it 'lists only tagged network manager' do
+            User.with_user(user) do
+              results = described_class.search(:class => ManageIQ::Providers::NetworkManager).first
+              expect(results).to match_array([network_manager])
+            end
+          end
+        end
+      end
+
+      it 'lists all cloud networks' do
+        User.with_user(user) do
+          results = described_class.search(:class => CloudNetwork).first
+          expect(results).to match_array(CloudNetwork.all)
+          expect(results.first.ext_management_system).to eq(network_manager)
+        end
+      end
+
+      it 'lists all network managers' do
+        User.with_user(user) do
+          results = described_class.search(:class => ManageIQ::Providers::NetworkManager).first
+          expect(results).to match_array(ManageIQ::Providers::NetworkManager.all)
+        end
+      end
+    end
+
     context 'with network models' do
       NETWORK_MODELS = %w(
         CloudNetwork