diff --git a/app/models/miq_user_role.rb b/app/models/miq_user_role.rb index 095b85d5b76..66d3f327235 100644 --- a/app/models/miq_user_role.rb +++ b/app/models/miq_user_role.rb @@ -7,8 +7,10 @@ class MiqUserRole < ApplicationRecord has_many :miq_groups, :through => :entitlements has_and_belongs_to_many :miq_product_features, :join_table => :miq_roles_features - virtual_column :vm_restriction, :type => :string - virtual_column :service_template_restriction, :type => :string + virtual_column :auth_key_pair_restriction, :type => :string + virtual_column :orchestration_stacks_restriction, :type => :string + virtual_column :service_template_restriction, :type => :string + virtual_column :vm_restriction, :type => :string validates :name, :presence => true, :uniqueness_when_changed => {:case_sensitive => false} @@ -100,14 +102,24 @@ def self.seed_from_array(roles, array, merge_features = false) virtual_total :group_count, :miq_groups - def vm_restriction - vmr = settings&.dig(:restrictions, :vms) - vmr ? RESTRICTIONS[vmr] : "None" + def auth_key_pair_restriction + restrictions(:auth_key_pairs) + end + + def orchestration_stack_restriction + restrictions(:orchestration_stacks) end def service_template_restriction - str = settings&.dig(:restrictions, :service_templates) - str ? RESTRICTIONS[str] : "None" + restrictions(:service_templates) + end + + def service_restriction + restrictions(:services) + end + + def vm_restriction + restrictions(:vms) end def super_admin_user? @@ -140,10 +152,21 @@ def self.display_name(number = 1) private + def restrictions(restriction_type) + restrictions = settings&.dig(:restrictions, restriction_type) + restrictions ? RESTRICTIONS[vmr] : "None" + end + def restriction_type(klass) klass ||= Class - if klass <= ServiceTemplate + if klass <= ManageIQ::Providers::CloudManager::AuthKeyPair + :auth_key_pairs + elsif klass <= OrchestrationStack + :orchestration_stacks + elsif klass <= ServiceTemplate :service_templates + elsif klass <= Services + :services else :vms end diff --git a/db/fixtures/miq_user_roles.yml b/db/fixtures/miq_user_roles.yml index 5a899e89b5f..b6dd494f112 100644 --- a/db/fixtures/miq_user_roles.yml +++ b/db/fixtures/miq_user_roles.yml @@ -947,8 +947,11 @@ :read_only: true :settings: :restrictions: - :vms: :user + :auth_key_pairs: :user + :orchestration_stacks: :user :service_templates: :user + :services: :user + :vms: :user :miq_product_feature_identifiers: - about - all_vm_rules @@ -1134,8 +1137,11 @@ :read_only: true :settings: :restrictions: - :vms: :user_or_group + :auth_key_pairs: :user_or_group + :orchestration_stacks: :user_or_group :service_templates: :user_or_group + :services: :user_or_group + :vms: :user_or_group :miq_product_feature_identifiers: - about - all_vm_rules