[deltacloud-devel] [PATCH aggregator] Added image permissions

[jprovazn]

From: Jan Provaznik <jprov...@redhat.com>

Added image_view and image_modify permissions.
Requires DB rebuild (modified roles migration).
Image_modify permission check added to templates controller.
---
 src/app/controllers/templates_controller.rb        |    6 +++++-
 src/app/models/permissioned_object.rb              |    7 +++++++
 src/app/models/privilege.rb                        |    6 +++++-
 src/app/views/dashboard/summary.haml               |    5 +++--
 src/db/migrate/20091008153046_create_privileges.rb |    3 ++-
 src/db/migrate/20091008153058_create_roles.rb      |    4 +++-
 6 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/src/app/controllers/templates_controller.rb 
b/src/app/controllers/templates_controller.rb
index 5d3a754..a2243aa 100644
--- a/src/app/controllers/templates_controller.rb
+++ b/src/app/controllers/templates_controller.rb
@@ -1,6 +1,6 @@
 class TemplatesController < ApplicationController
   layout :layout
-  before_filter :require_user
+  before_filter :require_user, :check_permission
 
   def layout
     return "aggregator" unless ajax?
@@ -109,4 +109,8 @@ class TemplatesController < ApplicationController
     @image_descriptor = params[:id] ? ImageDescriptor.find(params[:id]) : 
ImageDescriptor.new
     @image_descriptor.update_xml_attributes!(params[:xml] || {})
   end
+
+  def check_permission
+    require_privilege(Privilege::IMAGE_MODIFY)
+  end
 end
diff --git a/src/app/models/permissioned_object.rb 
b/src/app/models/permissioned_object.rb
index b4a3037..d5e2afb 100644
--- a/src/app/models/permissioned_object.rb
+++ b/src/app/models/permissioned_object.rb
@@ -73,6 +73,13 @@ module PermissionedObject
     has_privilege(user, Privilege::USER_MODIFY)
   end
 
+  def can_view_images(user)
+    has_privilege(user, Privilege::IMAGE_VIEW)
+  end
+  def can_modify_images(user)
+    has_privilege(user, Privilege::IMAGE_MODIFY)
+  end
+
   def has_privilege(user, privilege)
     permissions.find(:first, :include => [:role => :privileges],
                      :conditions => ["permissions.user_id=:user and
diff --git a/src/app/models/privilege.rb b/src/app/models/privilege.rb
index 0117c5c..552beef 100644
--- a/src/app/models/privilege.rb
+++ b/src/app/models/privilege.rb
@@ -68,6 +68,9 @@ class Privilege < ActiveRecord::Base
                                           # actions)
   USER_VIEW         = "user_view"         # can view a user's profile data
 
+  IMAGE_VIEW        = "image_view"        # can view existing images 
(templates)
+  IMAGE_MODIFY      = "image_modify"      # can create or modify images 
(templates)
+
   FULL_PRIVILEGE_LIST = [PERM_SET, PERM_VIEW,
                          INSTANCE_MODIFY, INSTANCE_CONTROL, INSTANCE_VIEW,
                          STATS_VIEW,
@@ -75,5 +78,6 @@ class Privilege < ActiveRecord::Base
                          POOL_MODIFY, POOL_VIEW,
                          QUOTA_MODIFY, QUOTA_VIEW,
                          PROVIDER_MODIFY, PROVIDER_VIEW,
-                         USER_MODIFY, USER_VIEW]
+                         USER_MODIFY, USER_VIEW,
+                         IMAGE_VIEW, IMAGE_MODIFY]
 end
diff --git a/src/app/views/dashboard/summary.haml 
b/src/app/views/dashboard/summary.haml
index 44bff64..66aedde 100644
--- a/src/app/views/dashboard/summary.haml
+++ b/src/app/views/dashboard/summary.haml
@@ -35,8 +35,6 @@
         Add a Provider Account
       %a{:href => url_for(:controller => "provider", :action => "new")}
         Add a Provider
-      %a{:href => url_for(:controller => "templates", :action => "new")}
-        Create a Template
       %a{:href => url_for(:controller => "users", :action => "new")}
         Create a User
       %a{:href => url_for(:controller => "instance", :action => "index")}
@@ -46,6 +44,9 @@
         Launch Instances
       %a{:href => url_for(:controller => "", :action => "")}
         Enter a help ticket
+    - if 
BasePermissionObject.general_permission_scope.can_modify_images(@current_user)
+      %a{:href => url_for(:controller => "templates", :action => "new")}
+        Create a Template
 
   #service_quality_dashboard_section
     - if @is_admin
diff --git a/src/db/migrate/20091008153046_create_privileges.rb 
b/src/db/migrate/20091008153046_create_privileges.rb
index 74932b0..cbd3c68 100644
--- a/src/db/migrate/20091008153046_create_privileges.rb
+++ b/src/db/migrate/20091008153046_create_privileges.rb
@@ -34,7 +34,8 @@ class CreatePrivileges < ActiveRecord::Migration
                   "pool_modify", "pool_view",
                   "quota_modify", "quota_view",
                   "provider_modify", "provider_view",
-                  "user_modify", "user_view"]
+                  "user_modify", "user_view",
+                  "image_modify", "image_view"]
     Privilege.transaction do
       privileges.each do |priv_name|
         privilege = Privilege.new({:name => priv_name})
diff --git a/src/db/migrate/20091008153058_create_roles.rb 
b/src/db/migrate/20091008153058_create_roles.rb
index 74cf519..c452dad 100644
--- a/src/db/migrate/20091008153058_create_roles.rb
+++ b/src/db/migrate/20091008153058_create_roles.rb
@@ -105,7 +105,9 @@ class CreateRoles < ActiveRecord::Migration
                                   "stats_view",
                                   "instance_modify",
                                   "instance_control",
-                                  "instance_view"]}
+                                  "instance_view",
+                                  "image_modify",
+                                  "image_view"]}
 
             }
     Role.transaction do
-- 
1.7.0.1

_______________________________________________
deltacloud-devel mailing list
deltacloud-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/deltacloud-devel