Skip to content

Commit

Permalink
Merge pull request #8833 from jaywcarman/separate_role_access_restric…
Browse files Browse the repository at this point in the history
…tions_for_service_templates

Separate role access restrictions for catalog items
  • Loading branch information
Fryguy authored Jul 14, 2023
2 parents 02c1619 + 5323ff4 commit 1559e98
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 5 deletions.
15 changes: 12 additions & 3 deletions app/controllers/ops_controller/ops_rbac.rb
Original file line number Diff line number Diff line change
Expand Up @@ -1266,6 +1266,8 @@ def rbac_role_set_form_vars
@edit[:new][:name] = @record.name
vmr = @record.settings.fetch_path(:restrictions, :vms) if @record.settings
@edit[:new][:vm_restriction] = vmr || :none
str = @record.settings.fetch_path(:restrictions, :service_templates) if @record.settings
@edit[:new][:service_template_restriction] = str || :none
@edit[:new][:features] = rbac_expand_features(@record.miq_product_features.map(&:identifier)).sort

@edit[:current] = copy_hash(@edit[:new])
Expand Down Expand Up @@ -1331,6 +1333,7 @@ def recurse_sections_and_features(node)
def rbac_role_get_form_vars
@edit[:new][:name] = params[:name] if params[:name]
@edit[:new][:vm_restriction] = params[:vm_restriction].to_sym if params[:vm_restriction]
@edit[:new][:service_template_restriction] = params[:service_template_restriction].to_sym if params[:service_template_restriction]

# Add/removed features based on the node that was checked
if params[:check]
Expand Down Expand Up @@ -1374,12 +1377,18 @@ def rbac_role_add_parent(node)
def rbac_role_set_record_vars(role)
role.name = @edit[:new][:name]
role.settings ||= {}
role.settings[:restrictions] ||= {}
if @edit[:new][:vm_restriction] == :none
role.settings.delete(:restrictions)
role.settings[:restrictions].delete(:vms)
else
role.settings[:restrictions] = {:vms => @edit[:new][:vm_restriction]}
role.settings[:restrictions][:vms] = @edit[:new][:vm_restriction]
end
role.settings = nil if role.settings.empty?
if @edit[:new][:service_template_restriction] == :none
role.settings[:restrictions].delete(:service_templates)
else
role.settings[:restrictions][:service_templates] = @edit[:new][:service_template_restriction]
end
role.settings = nil if role.settings[:restrictions].blank?
end

def populate_role_features(role)
Expand Down
3 changes: 2 additions & 1 deletion app/helpers/ops_helper/role_rbac_details_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@ def rbac_role_info_view(role, rbac_menu_tree)
rows = [
row_data(_('ID'), role.id),
row_data(_('Name'), role.name),
row_data(_("Access Restriction for Catalog Items, Orchestration Stacks, Key Pairs, Services, VMs, and Templates"), role.settings.kind_of?(Hash) && role.settings.fetch_path(:restrictions, :vms) ? _(MiqUserRole::RESTRICTIONS[role.settings.fetch_path(:restrictions, :vms)]) : _("None")),
row_data(_("Access Restriction for Orchestration Stacks, Key Pairs, Services, VMs, and Templates"), role.settings.kind_of?(Hash) && role.settings.fetch_path(:restrictions, :vms) ? _(MiqUserRole::RESTRICTIONS[role.settings.fetch_path(:restrictions, :vms)]) : _("None")),
row_data(_("Access Restriction for Catalog Items"), role.settings.kind_of?(Hash) && role.settings.fetch_path(:restrictions, :service_templates) ? _(MiqUserRole::RESTRICTIONS[role.settings.fetch_path(:restrictions, :service_templates)]) : _("None")),
row_data(_("Product Features (Read Only)"), {:input => 'component', :component => 'TREE_VIEW_REDUX', :props => rbac_menu_tree.locals_for_render, :name => rbac_menu_tree.name})
]
miq_structured_list({
Expand Down
14 changes: 13 additions & 1 deletion app/views/ops/_rbac_role_details.html.haml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
= javascript_tag(javascript_focus('name'))
.form-group
%label.col-md-4.control-label
= _('Access Restriction for Catalog Items, Orchestration Stacks, Key Pairs, Services, VMs, and Templates')
= _('Access Restriction for Orchestration Stacks, Key Pairs, Services, VMs, and Templates')
.col-md-8
- restrictions = MiqUserRole::RESTRICTIONS.map { |k, v| [_(v), k] }.sort_by { |name, _value| name.downcase }
= select_tag('vm_restriction',
Expand All @@ -29,6 +29,18 @@
:javascript
miqInitSelectPicker();
miqSelectPickerEvent('vm_restriction', "#{url}")
.form-group
%label.col-md-4.control-label
= _('Access Restriction for Catalog Items')
.col-md-8
- restrictions = MiqUserRole::RESTRICTIONS.map { |k, v| [_(v), k] }.sort_by { |name, _value| name.downcase }
= select_tag('service_template_restriction',
options_for_select([[_("None"), "none"]] + restrictions,
@edit[:new][:service_template_restriction].to_sym),
:class => "selectpicker")
:javascript
miqInitSelectPicker();
miqSelectPickerEvent('service_template_restriction', "#{url}")
.col-md-12.col-lg-6
%hr
= _("Product Features (Editing)")
Expand Down

0 comments on commit 1559e98

Please sign in to comment.