Explicitly shortcut "everything" for privileges #17526
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The seeds in the database have everything as the root of all features So this is not a problem in production But for tests, it is currently not possible to create this hierarchy and tricky to work around it. This change just admits that everything means everything and doesn't require complex feature checks to test user roles
|
Checked commit kbrock@4b7b96c with ruby 2.3.3, rubocop 0.52.1, haml-lint 0.20.0, and yamllint 1.10.0 |
gtanzillo
approved these changes
Jun 5, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The seeds in the database have
"everything"as the root of allmiq_product_features. Features are in a tree, so asking a role if it has a feature will work it's way up the tree. If anmiq_user_rolewith the"everything"role returnstruefor any request.Before:
When writing tests, it is currently not possible to create an
miq_product_featurehierarchy with"everything"at the root. We are getting around by stubbing our authorization code totrue.This stub methods no longer works with the new way we are checking for the admin feature. (e.g.:
request_admin_user?)After
This change states that if a role has the
miq_product_featureof"everything", then it has the privilege to perform all product features. This used to be more data driven before rather than hardcoded in the ruby logic.So it does special case
"everything"and the code now actually knows thateverythingmeans everything. On the up side, this change allow us to remove the stubbed out authentication logic.This change is part of #17444 - it currently helps get ManageIQ/manageiq-ui-classic#3993 to pass