Also introduces basic cucumber tests for Deployables permissions and updates seeds.rb with new permissions.
Signed-off-by: Matt Wagner matt.wagner@redhat.com --- .../image_factory/deployables_controller.rb | 8 +++ src/db/seeds.rb | 7 +++ src/features/deployable_permissions.feature | 47 ++++++++++++++++++++ src/features/step_definitions/authentication.rb | 15 ++++++ 4 files changed, 77 insertions(+), 0 deletions(-) create mode 100644 src/features/deployable_permissions.feature
diff --git a/src/app/controllers/image_factory/deployables_controller.rb b/src/app/controllers/image_factory/deployables_controller.rb index 0ffa33e..8bb23a8 100644 --- a/src/app/controllers/image_factory/deployables_controller.rb +++ b/src/app/controllers/image_factory/deployables_controller.rb @@ -15,6 +15,7 @@ class ImageFactory::DeployablesController < ApplicationController
def show @deployable = Deployable.find(params[:id]) + require_privilege(Privilege::VIEW, @deployable) @url_params = params.clone @tab_captions = ['Properties', 'Assemblies', 'Deployments'] @details_tab = params[:details_tab].blank? ? 'properties' : params[:details_tab] @@ -33,10 +34,12 @@ class ImageFactory::DeployablesController < ApplicationController end
def new + require_privilege(Privilege::CREATE, Deployable) @deployable = Deployable.new end
def create + require_privilege(Privilege::CREATE, Deployable) @deployable = Deployable.new(params[:deployable]) if @deployable.save flash[:notice] = "Deployable added." @@ -48,10 +51,12 @@ class ImageFactory::DeployablesController < ApplicationController
def edit @deployable = Deployable.find(params[:id]) + require_privilege(Privilege::MODIFY, @deployable) end
def update @deployable = Deployable.find(params[:id]) + require_privilege(Privilege::MODIFY, @deployable) if @deployable.update_attributes(params[:deployable]) flash[:notice] = "Deployable updated." redirect_to image_factory_deployable_url(@deployable) @@ -82,6 +87,7 @@ class ImageFactory::DeployablesController < ApplicationController end
def pick_assemblies + require_privilege(Privilege::MODIFY, @deployable) @assemblies = Assembly.all - @deployable.assemblies respond_to do |format| format.js { render :partial => 'pick_assemblies' } @@ -90,6 +96,7 @@ class ImageFactory::DeployablesController < ApplicationController end
def add_assemblies + require_privilege(Privilege::MODIFY, @deployable) if assemblies = params.delete(:assemblies_selected) @deployable.assembly_ids += assemblies.collect{|a| a.to_i} @deployable.save! @@ -102,6 +109,7 @@ class ImageFactory::DeployablesController < ApplicationController end
def remove_assemblies + require_privilege(Privilege::MODIFY, @deployable) if params[:assemblies_selected].present? @deployable.assembly_ids = @deployable.assembly_ids - params[:assemblies_selected].collect{|a| a.to_i} @deployable.save! diff --git a/src/db/seeds.rb b/src/db/seeds.rb index 7ef7c37..3f44698 100644 --- a/src/db/seeds.rb +++ b/src/db/seeds.rb @@ -1,3 +1,6 @@ + + + # Default Pool Family PoolFamily.create!(:name => "default", :description => "default pool family", :quota => Quota.create)
@@ -44,6 +47,9 @@ roles = Template => {"Template User" => [false, {Template => [VIEW,USE]}], "Template Owner" => [true, {Template => [VIEW,USE,MOD, VPRM,GPRM]}]}, + Deployable => + {"Deployable User" => [false, {Deployable => [VIEW,USE]}], + "Deployable Owner" => [true, {Deployable => [VIEW,USE,MOD,VPRM,GPRM]}]}, BasePermissionObject => {"Provider Creator" => [false, {Provider => [ CRE]}], "Provider Administrator" => [false, {Provider => [VIEW, MOD,CRE,VPRM,GPRM], @@ -69,6 +75,7 @@ roles = Quota => [VIEW, MOD], PoolFamily => [VIEW, MOD,CRE,VPRM,GPRM], Template => [VIEW,USE,MOD,CRE,VPRM,GPRM], + Deployable => [VIEW,USE,MOD,CRE,VPRM,GPRM], BasePermissionObject => [ MOD, VPRM,GPRM]}]}} Role.transaction do roles.each do |role_scope, scoped_hash| diff --git a/src/features/deployable_permissions.feature b/src/features/deployable_permissions.feature new file mode 100644 index 0000000..be26972 --- /dev/null +++ b/src/features/deployable_permissions.feature @@ -0,0 +1,47 @@ +Feature: Manage Deployables as a non-admin + In order to manage my cloud infrastructure + As an unprivileged user + I want to manage deployables that I have permission to use + + Background: + Given I am a new user + + Scenario: List deployables as a new user + Given I am on the homepage + And there is a deployable named "MySQL cluster" + When I go to the image factory deployables page + Then I should see "MySQL cluster" + + Scenario: View a deployable as a new user + Given there is a deployable named "MySQL cluster" + And I am on the image factory deployables page + When I follow "MySQL cluster" + Then I should see "Edit" + + @allow-rescue + Scenario: Try to edit a deployable as a new user + Given there is a deployable named "Apache Webserver" + And I am on the image factory deployables page + When I follow "Apache Webserver" + And I follow "Edit" + Then I should see "You have insufficient privileges to perform action." + + @allow-rescue + Scenario: Try to create a deployable as a new user + Given there is a deployable named "Solr Server" + And I am on the image factory deployables page + When I follow "Create" + Then I should see "You have insufficient privileges to perform action." + + @allow-rescue + Scenario: Try to remove an assembly as a new user + Given there is a deployable named "Mailserver Cluster" + Given there is an assembly named "Postfix Node" belonging to "Mailserver Cluster" + And I am on the image factory deployables page + Then I should see "Mailserver Cluster" + When I follow "Mailserver Cluster" + And I follow "details_Assemblies" + Then I should see "Postfix Node" + When I check the "Postfix Node" assembly + And I press "Remove Selected" + Then I should see "You have insufficient privileges to perform action." diff --git a/src/features/step_definitions/authentication.rb b/src/features/step_definitions/authentication.rb index e7a84bd..4a13be0 100644 --- a/src/features/step_definitions/authentication.rb +++ b/src/features/step_definitions/authentication.rb @@ -10,6 +10,17 @@ def login(login, password) click_button "Login" end
+def signup + visit path_to("the new account page") + fill_in "Choose a username", :with => 'newuser' + fill_in "Choose a password", :with => 'password' + fill_in "Confirm password", :with => 'password' + fill_in "First name", :with => 'Unprivileged' + fill_in "Last name", :with => "User" + fill_in "E-mail", :with => "testuser@example.com" + click_button "Save" +end + Given /^I am a registered user$/ do user end @@ -18,6 +29,10 @@ When /^I login$/ do login(user.login, user.password) end
+Given /^I am a new user$/ do + signup +end + Given /^I am logged in$/ do login(user.login, user.password) UserSession.find.should_not == nil