Skip to content

Commit

Permalink
add publicity of images to query
Browse files Browse the repository at this point in the history
  • Loading branch information
Alexander Demichev committed Jul 2, 2018
1 parent 71f88fa commit e5d2edd
Show file tree
Hide file tree
Showing 3 changed files with 67 additions and 5 deletions.
7 changes: 7 additions & 0 deletions app/models/manageiq/providers/cloud_manager/template.rb
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,13 @@ def self.display_name(number = 1)
n_('Image', 'Images', number)
end

def self.tenant_id_clause(user_or_group)
template_tenant_ids = MiqTemplate.accessible_tenant_ids(user_or_group, Rbac.accessible_tenant_ids_strategy(self))
return if template_tenant_ids.empty?

["(vms.template = true AND (vms.tenant_id IN (?) OR vms.publicly_available = true))", template_tenant_ids]
end

private

def raise_created_event
Expand Down
32 changes: 32 additions & 0 deletions spec/lib/rbac/filterer_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -718,6 +718,38 @@ def combine_filtered_ids(user_filtered_ids, belongsto_filtered_ids, managed_filt
expect(results).to match_array []
end
end

context "searching CloudTemplate" do
let(:group) { FactoryGirl.create(:miq_group, :tenant => default_tenant) } # T1
let(:admin_user) { FactoryGirl.create(:user, :role => "super_administrator") }
let!(:cloud_template_root) { FactoryGirl.create(:template_cloud, :publicly_available => false) }

it 'returns all cloud templates when user is admin' do
results = described_class.filtered(TemplateCloud, :user => admin_user)
expect(results).to match_array(TemplateCloud.all)
end

context "when user is restricted user" do
let(:tenant_2) { FactoryGirl.create(:tenant, :parent => default_tenant, :source_type => 'CloudTenant') } # T2
let(:group_2) { FactoryGirl.create(:miq_group, :tenant => tenant_2) } # T1
let(:user_2) { FactoryGirl.create(:user, :miq_groups => [group_2]) }
let(:tenant_3) { FactoryGirl.create(:tenant, :parent => tenant_2) } # T3
let!(:cloud_template) { FactoryGirl.create(:template_cloud, :tenant => tenant_3, :publicly_available => true) }

it "returns all public cloud templates" do
results = described_class.filtered(TemplateCloud, :user => user_2)
expect(results).to match_array([cloud_template, cloud_template_root])
end

context "should ignore" do
let!(:cloud_template) { FactoryGirl.create(:template_cloud, :tenant => tenant_3, :publicly_available => false) }
it "private cloud templates" do
results = described_class.filtered(TemplateCloud, :user => user_2)
expect(results).to match_array([cloud_template_root])
end
end
end
end
end

context "tenant 0" do
Expand Down
33 changes: 28 additions & 5 deletions spec/models/manageiq/providers/cloud_manager/template_spec.rb
Original file line number Diff line number Diff line change
@@ -1,9 +1,32 @@
describe TemplateCloud do
it "#post_create_actions" do
expect(subject).to receive(:reconnect_events)
expect(subject).to receive(:classify_with_parent_folder_path)
expect(MiqEvent).to receive(:raise_evm_event).with(subject, "vm_template", :vm => subject)
describe "actions" do
it "#post_create_actions" do
expect(subject).to receive(:reconnect_events)
expect(subject).to receive(:classify_with_parent_folder_path)
expect(MiqEvent).to receive(:raise_evm_event).with(subject, "vm_template", :vm => subject)

subject.post_create_actions
subject.post_create_actions
end
end

let(:root_tenant) do
Tenant.seed
end

let(:default_tenant) do
root_tenant
Tenant.default_tenant
end

describe "miq_group" do
let(:user) { FactoryGirl.create(:user, :userid => 'user', :miq_groups => [tenant_group]) }
let(:tenant) { FactoryGirl.build(:tenant, :parent => default_tenant) }
let(:tenant_users) { FactoryGirl.create(:miq_user_role, :name => "tenant-users") }
let(:tenant_group) { FactoryGirl.create(:miq_group, :miq_user_role => tenant_users, :tenant => tenant) }
let(:cloud_template_1) { FactoryGirl.create(:class => "TemplateCloud") }

it "finds correct tenant id clause for regular tenants" do
expect(TemplateCloud.tenant_id_clause(user)).to eql ["(vms.template = true AND (vms.tenant_id IN (?) OR vms.publicly_available = true))", [default_tenant.id, tenant.id]]
end
end
end

0 comments on commit e5d2edd

Please sign in to comment.