Skip to content

Commit

Permalink
Merge pull request ManageIQ#16151 from lpichler/add_belongsto_filter_…
Browse files Browse the repository at this point in the history 
…for_newtwork_model

Add belongsto filter for other network models
(cherry picked from commit cf2f4e7)

https://bugzilla.redhat.com/show_bug.cgi?id=1463422
  • Loading branch information
@bdunne @d-m-u
bdunne authored and d-m-u committed Jun 6, 2018
1 parent 0406aa6 commit 4fd2650
Show file tree
Hide file tree
Showing 2 changed files with 69 additions and 48 deletions.
17 changes: 13 additions & 4 deletions lib/rbac/filterer.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,16 @@ class Filterer

TAGGABLE_FILTER_CLASSES = CLASSES_THAT_PARTICIPATE_IN_RBAC - %w(EmsFolder) + %w(MiqGroup User)

NETWORK_MODELS_FOR_BELONGSTO_FILTER = %w(
CloudNetwork
CloudSubnet
FloatingIp
LoadBalancer
NetworkPort
NetworkRouter
SecurityGroup
).freeze

BELONGSTO_FILTER_CLASSES = %w(
VmOrTemplate
Host
Expand All @@ -56,8 +66,7 @@ class Filterer
EmsCluster
ResourcePool
Storage
CloudNetwork
)
) + NETWORK_MODELS_FOR_BELONGSTO_FILTER

# key: MiqUserRole#name - user's role
# value:
Expand Down Expand Up @@ -588,8 +597,8 @@ def get_belongsto_matches(blist, klass)
# typically, this is the only one we want:
vcmeta = vcmeta_list.last

if [ExtManagementSystem, Host].any? { |x| vcmeta.kind_of?(x) } && klass <= VmOrTemplate ||
vcmeta.kind_of?(ManageIQ::Providers::NetworkManager) && klass <= CloudNetwork
if ([ExtManagementSystem, Host].any? { |x| vcmeta.kind_of?(x) } && klass <= VmOrTemplate) ||
(vcmeta.kind_of?(ManageIQ::Providers::NetworkManager) && NETWORK_MODELS_FOR_BELONGSTO_FILTER.any? { |association_class| klass <= association_class.safe_constantize })
vcmeta.send(association_name).to_a
else
vcmeta_list.grep(klass) + vcmeta.descendants.grep(klass)
Expand Down
100 changes: 56 additions & 44 deletions spec/lib/rbac/filterer_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1026,100 +1026,112 @@ def get_rbac_results_for_and_expect_objects(klass, expected_objects)
end
end

context 'with cloud network and network manager' do
context "with cloud network and network manager" do
let!(:network_manager) { FactoryGirl.create(:ems_openstack).network_manager }
let!(:cloud_network) { FactoryGirl.create(:cloud_network, :ext_management_system => network_manager) }
let!(:network_manager_1) { FactoryGirl.create(:ems_openstack).network_manager }
let!(:cloud_network_1) { FactoryGirl.create(:cloud_network, :ext_management_system => network_manager_1) }

context 'with belongs_to_filter' do
context "with belongs_to_filter" do
before do
group.entitlement = Entitlement.new
group.entitlement.set_managed_filters([])
group.entitlement.set_belongsto_filters(["/belongsto/ExtManagementSystem|#{network_manager.name}"])
group.save!
end

context 'when records match belognsto filter' do
it 'lists cloud networks with network manager according to belongsto filter' do
User.with_user(user) do
results = described_class.search(:class => CloudNetwork).first
expect(results).to match_array([cloud_network])
expect(results.first.ext_management_system).to eq(network_manager)
(described_class::NETWORK_MODELS_FOR_BELONGSTO_FILTER + [ManageIQ::Providers::NetworkManager]).each do |network_model|
describe ".search" do
let!(:network_object) do
return network_manager if network_model == ManageIQ::Providers::NetworkManager
FactoryGirl.create(network_model.underscore, :ext_management_system => network_manager)
end
end

it 'lists network manager according to belongsto filter' do
User.with_user(user) do
results = described_class.search(:class => ManageIQ::Providers::NetworkManager).first
expect(results).to match_array([network_manager])
let!(:network_object_with_different_network_manager) do
return network_manager_1 if network_model == ManageIQ::Providers::NetworkManager
FactoryGirl.create(network_model.underscore, :ext_management_system => network_manager_1)
end

context "when records match belogns to filter" do
it "lists records of #{network_model} manager according to belongsto filter" do
User.with_user(user) do
results = described_class.search(:class => network_model).first
expect(results).to match_array([network_object])
expect(results.first.ext_management_system).to eq(network_manager)
end
end
end

context "when records don't match belogns to filter" do
before do
group.entitlement = Entitlement.new
group.entitlement.set_managed_filters([])
group.entitlement.set_belongsto_filters(["/belongsto/ExtManagementSystem|XXXX"])
group.save!
end

it "lists no records of #{network_model}" do
User.with_user(user) do
results = described_class.search(:class => network_model).first
expect(results).to be_empty
end
end
end
end
end
end

context "network manager with/without tagging" do
let!(:cloud_network) { FactoryGirl.create(:cloud_network, :ext_management_system => network_manager) }
let!(:cloud_network_1) { FactoryGirl.create(:cloud_network, :ext_management_system => network_manager_1) }

context 'when records don\'t match belognsto filter' do
context "network manager is tagged" do
before do
group.entitlement = Entitlement.new
group.entitlement.set_managed_filters([])
group.entitlement.set_belongsto_filters(["/belongsto/ExtManagementSystem|XXXX"])
group.entitlement.set_managed_filters([["/managed/environment/prod"]])
group.entitlement.set_belongsto_filters([])
group.save!

network_manager.tag_with("/managed/environment/prod", :ns => "*")
end

it 'lists no cloud networks' do
it "doesn't list cloud networks" do
User.with_user(user) do
results = described_class.search(:class => CloudNetwork).first
expect(results).to be_empty
end
end

it 'lists no network manager' do
it "lists only tagged network manager" do
User.with_user(user) do
results = described_class.search(:class => ManageIQ::Providers::NetworkManager).first
expect(results).to be_empty
expect(results).to match_array([network_manager])
end
end
end

context 'network manager is tagged' do
context "network manager not is tagged" do
before do
group.entitlement = Entitlement.new
group.entitlement.set_managed_filters([['/managed/environment/prod']])
group.entitlement.set_managed_filters([])
group.entitlement.set_belongsto_filters([])
group.save!

network_manager.tag_with('/managed/environment/prod', :ns => '*')
end

it 'doesn\'t list cloud networks' do
it "lists all cloud networks" do
User.with_user(user) do
results = described_class.search(:class => CloudNetwork).first
expect(results).to be_empty
expect(results).to match_array(CloudNetwork.all)
expect(results.first.ext_management_system).to eq(network_manager)
end
end

it 'lists only tagged network manager' do
it "lists all network managers" do
User.with_user(user) do
results = described_class.search(:class => ManageIQ::Providers::NetworkManager).first
expect(results).to match_array([network_manager])
expect(results).to match_array(ManageIQ::Providers::NetworkManager.all)
end
end
end
end

it 'lists all cloud networks' do
User.with_user(user) do
results = described_class.search(:class => CloudNetwork).first
expect(results).to match_array(CloudNetwork.all)
expect(results.first.ext_management_system).to eq(network_manager)
end
end

it 'lists all network managers' do
User.with_user(user) do
results = described_class.search(:class => ManageIQ::Providers::NetworkManager).first
expect(results).to match_array(ManageIQ::Providers::NetworkManager.all)
end
end
end

context 'with network models' do
Expand Down

0 comments on commit 4fd2650

Please sign in to comment.