Skip to content

Commit

Permalink
Merge pull request #697 from jaywcarman/separate_role_access_restrict…
Browse files Browse the repository at this point in the history
…ions_for_service_templates

Separate Role Access Restrictions for Service Templates
  • Loading branch information
Fryguy authored Jul 14, 2023
2 parents ed210a3 + 7af3019 commit a3179c3
Show file tree
Hide file tree
Showing 2 changed files with 166 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
class SeparateRoleAccessRestrictionsForServiceTemplates < ActiveRecord::Migration[6.0]
class MiqUserRole < ActiveRecord::Base
serialize :settings
end

def up
say_with_time("Updating MiqUserRole restictions so Service Templates match existing VMs") do
MiqUserRole.where(:read_only => false).where("settings LIKE '%vms: :user%'").find_each do |role|
role.settings[:restrictions][:service_templates] = role.settings.dig(:restrictions, :vms)
role.save!
end
end
end

def down
say_with_time("Remove Service Templates from MiqUserRole restictions") do
MiqUserRole.where(:read_only => false).where("settings LIKE '%service_templates:%'").find_each do |role|
role.settings[:restrictions].delete(:service_templates)
if role.settings[:restrictions] == {} && role.settings.length == 1
role.settings = nil
end
role.save!
end
end
end
end
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
require_migration

describe SeparateRoleAccessRestrictionsForServiceTemplates do
let(:miq_user_role_stub) { migration_stub(:MiqUserRole) }

migration_context :up do
it "Existing Role with no restrictions is unchanged" do
miq_user_role = miq_user_role_stub.create(:read_only => false, :settings => nil)

migrate

expect(miq_user_role.reload).to have_attributes(:settings => nil)
end

it "Existing read only Role with no restrictions is unchanged" do
miq_user_role = miq_user_role_stub.create(:read_only => true, :settings => nil)

migrate

expect(miq_user_role.reload).to have_attributes(:settings => nil)
end

it "Existing read only Role with restrictions is unchanged" do
miq_user_role = miq_user_role_stub.create(:read_only => true,
:settings => {:restrictions => {:vms => :user_or_group}})

migrate

expect(miq_user_role.reload).to have_attributes(:settings => {:restrictions => {:vms => :user_or_group}})
end

it "Existing Role with ':vms=>:user_or_group' adds ':service_templates=>:user_or_group'" do
miq_user_role = miq_user_role_stub.create(:read_only => false,
:settings => {:restrictions => {:vms => :user_or_group}})

migrate

expect(miq_user_role.reload).to have_attributes(:settings => {:restrictions => {:vms => :user_or_group, :service_templates => :user_or_group}})
end

it "Existing Role with ':vms=>:user' adds ':service_templates=>:user'" do
miq_user_role = miq_user_role_stub.create(:read_only => false,
:settings => {:restrictions => {:vms => :user}})

migrate

expect(miq_user_role.reload).to have_attributes(:settings => {:restrictions => {:vms => :user, :service_templates => :user}})
end

it "Existing Role with something else in settings is unchanged" do
miq_user_role = miq_user_role_stub.create(:read_only => false,
:settings => {:foo => {:bar => :user}})

migrate

expect(miq_user_role.reload).to have_attributes(:settings => {:foo => {:bar => :user}})
end

it "Existing Role with something else in settings and ':vms=>:user' adds ':service_templates=>:user'" do
miq_user_role = miq_user_role_stub.create(:read_only => false,
:settings => {:foo => {:bar => :user}, :restrictions => {:vms => :user}})

migrate

expect(miq_user_role.reload).to have_attributes(:settings => {:foo => {:bar => :user}, :restrictions => {:vms => :user, :service_templates => :user}})
end
end

migration_context :down do
it "Existing Role with no restrictions is unchanged" do
miq_user_role = miq_user_role_stub.create(:read_only => false, :settings => nil)

migrate

expect(miq_user_role.reload).to have_attributes(:settings => nil)
end

it "Existing read only Role with no restrictions is unchanged" do
miq_user_role = miq_user_role_stub.create(:read_only => true, :settings => nil)

migrate

expect(miq_user_role.reload).to have_attributes(:settings => nil)
end

it "Existing read only Role with restrictions is unchanged" do
miq_user_role = miq_user_role_stub.create(:read_only => true,
:settings => {:restrictions => {:vms => :user_or_group, :service_templates => :user_or_group}})

migrate

expect(miq_user_role.reload).to have_attributes(:settings => {:restrictions => {:vms => :user_or_group, :service_templates => :user_or_group}})
end

it "Existing Role removes ':service_templates=>:user_or_group'" do
miq_user_role = miq_user_role_stub.create(:read_only => false,
:settings => {:restrictions => {:vms => :user_or_group, :service_templates => :user_or_group}})

migrate

expect(miq_user_role.reload).to have_attributes(:settings => {:restrictions => {:vms => :user_or_group}})
end

it "Existing Role removes ':service_templates=>:user_or_group' (no :vms restrictions)" do
miq_user_role = miq_user_role_stub.create(:read_only => false,
:settings => {:restrictions => {:service_templates => :user_or_group}})

migrate

expect(miq_user_role.reload).to have_attributes(:settings => nil)
end

it "Existing Role removes ':service_templates=>:user'" do
miq_user_role = miq_user_role_stub.create(:read_only => false,
:settings => {:restrictions => {:vms => :user, :service_templates => :user}})

migrate

expect(miq_user_role.reload).to have_attributes(:settings => {:restrictions => {:vms => :user}})
end

it "Existing Role removes ':service_templates=>:user' (no :vms restrictions)" do
miq_user_role = miq_user_role_stub.create(:read_only => false,
:settings => {:restrictions => {:service_templates => :user}})

migrate

expect(miq_user_role.reload).to have_attributes(:settings => nil)
end

it "Existing Role with something else in settings is unchanged" do
miq_user_role = miq_user_role_stub.create(:read_only => false,
:settings => {:foo => {:bar => :user}})

migrate

expect(miq_user_role.reload).to have_attributes(:settings => {:foo => {:bar => :user}})
end
end
end

0 comments on commit a3179c3

Please sign in to comment.