Please review pull request #87: Add read-only access control hooks for Rack middleware opened by (lifton)
Description:
Prior to this commit, Dashboard could be put into a read-only mode by
setting a flag in a configuration file. This commit extends this
ability to Rack middleware. Specfically, Rack middleware can put
Dashboard into read-only mode by declaring something like:
env['rack.session']['ACCESS_CONTROL_ROLE'] = 'READ_ONLY'
Prior to this commit, there were no tests for the read-only
configuration flag. This commit adds tests for both methods of making
Dashboard read-only. All tests pass. In addition, both read-only
methods have been tested in a live environment.
- Opened: Tue Feb 14 23:52:55 UTC 2012
- Based on: puppetlabs:master (7bb88570ae7a45e4e485f3784df13072eac23dd1)
- Requested merge: lifton:feature/master/rack-middleware-read-only (7ac4d04e1dc250049402744e89279858c2978acb)
Diff follows:
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 6f29d7b..c4c61d1 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -16,7 +16,7 @@ class ApplicationController < ActionController::Base
private
def raise_if_enable_read_only_mode
- raise ReadOnlyEnabledError.new if SETTINGS.enable_read_only_mode
+ raise ReadOnlyEnabledError.new if SETTINGS.enable_read_only_mode || session['ACCESS_CONTROL_ROLE'] == 'READ_ONLY'
end
def raise_unless_using_external_node_classification
diff --git a/app/views/node_classes/show.html.haml b/app/views/node_classes/show.html.haml
index f0b864e..7311106 100644
--- a/app/views/node_classes/show.html.haml
+++ b/app/views/node_classes/show.html.haml
@@ -5,7 +5,7 @@
Class:
= @node_class.name
%ul.actions
- - unless SETTINGS.enable_read_only_mode
+ - unless SETTINGS.enable_read_only_mode || session['ACCESS_CONTROL_ROLE'] == 'READ_ONLY'
%li= link_to 'Edit', edit_node_class_path(@node_class), :class => "edit button"
%li= link_to 'Delete', @node_class, :confirm => 'Are you sure?', :method => :delete, :class => "delete button"
diff --git a/app/views/node_groups/show.html.haml b/app/views/node_groups/show.html.haml
index 2bf1a85..dcbd61c 100644
--- a/app/views/node_groups/show.html.haml
+++ b/app/views/node_groups/show.html.haml
@@ -5,7 +5,7 @@
Group:
= @node_group.name
%ul.actions
- - unless SETTINGS.enable_read_only_mode
+ - unless SETTINGS.enable_read_only_mode || session['ACCESS_CONTROL_ROLE'] == 'READ_ONLY'
%li= link_to 'Edit', edit_node_group_path(@node_group), :class => "edit button", :rel => 'inspect'
%li= link_to 'Delete', @node_group, :confirm => 'Are you sure?', :method => :delete, :class => "delete button"
diff --git a/app/views/nodes/show.html.haml b/app/views/nodes/show.html.haml
index f453c12..6fc9138 100644
--- a/app/views/nodes/show.html.haml
+++ b/app/views/nodes/show.html.haml
@@ -6,7 +6,7 @@
Node:
= h @node.name
%span.alt= "(hidden)" if @node.hidden
- - unless SETTINGS.enable_read_only_mode
+ - unless SETTINGS.enable_read_only_mode || session['ACCESS_CONTROL_ROLE'] == 'READ_ONLY'
%ul.actions
%li= link_to 'Edit', edit_node_path(@node), :class => "edit button", :rel => 'inspect'
- if @node.hidden
diff --git a/app/views/reports/_report.html.haml b/app/views/reports/_report.html.haml
index 4efe0e4..d1f6305 100644
--- a/app/views/reports/_report.html.haml
+++ b/app/views/reports/_report.html.haml
@@ -1,7 +1,7 @@
.header
%h2
= render 'report_title', :report => report
- - unless SETTINGS.enable_read_only_mode
+ - unless SETTINGS.enable_read_only_mode || session['ACCESS_CONTROL_ROLE'] == 'READ_ONLY'
%ul.actions
- Registry.each_callback :report, :actions do |thing|
= thing.call self, report
diff --git a/app/views/shared/_node_manager_sidebar.html.haml b/app/views/shared/_node_manager_sidebar.html.haml
index 4b23ca1..2f71ed7 100644
--- a/app/views/shared/_node_manager_sidebar.html.haml
+++ b/app/views/shared/_node_manager_sidebar.html.haml
@@ -50,7 +50,7 @@
= link_to "Hidden", hidden_nodes_path
.footer.actionbar
- - unless SETTINGS.enable_read_only_mode
+ - unless SETTINGS.enable_read_only_mode || session['ACCESS_CONTROL_ROLE'] == 'READ_ONLY'
= link_to "Add node", new_node_path, :class => 'button'
= render "shared/node_manager_sidebar_for_type", :type => NodeGroup
diff --git a/app/views/shared/_node_manager_sidebar_for_type.html.haml b/app/views/shared/_node_manager_sidebar_for_type.html.haml
index b7dd2e3..3cd1daa 100644
--- a/app/views/shared/_node_manager_sidebar_for_type.html.haml
+++ b/app/views/shared/_node_manager_sidebar_for_type.html.haml
@@ -18,5 +18,5 @@
= link_to entry.name, send(path_for_show, entry)
%span.count= entry.nodes_count
.footer.actionbar
- - unless SETTINGS.enable_read_only_mode
+ - unless SETTINGS.enable_read_only_mode || session['ACCESS_CONTROL_ROLE'] == 'READ_ONLY'
= link_to "Add #{label.downcase}", send(path_for_new), :class => 'button'
diff --git a/spec/controllers/nodes_controller_spec.rb b/spec/controllers/nodes_controller_spec.rb
index c854034..c0f9b4b 100644
--- a/spec/controllers/nodes_controller_spec.rb
+++ b/spec/controllers/nodes_controller_spec.rb
@@ -590,4 +590,35 @@ def do_get
it_should_behave_like "a scoped_index action"
end
end
+
+ describe 'read-only mode' do
+
+ let(:node) { Node.generate! }
+
+ ['configuration file', 'Rack middleware'].each do |source|
+ describe "when set by the #{source}" do
+ before :each do
+ SETTINGS.stubs(:enable_read_only_mode).returns(source == 'configuration file')
+ session.expects(:[]).with('ACCESS_CONTROL_ROLE').returns('READ_ONLY') if source == 'Rack middleware'
+ end
+
+ it "should raise an error when calling 'new'" do
+ lambda{ get :new }.should raise_error(ReadOnlyEnabledError)
+ end
+
+ it "should raise an error calling 'edit'" do
+ lambda{ get :edit, :id => node.name }.should raise_error(ReadOnlyEnabledError)
+ end
+
+ it "should raise an error when calling 'update'" do
+ params = { :id => node.id, :node => node.attributes }
+ lambda{ put :update, params }.should raise_error(ReadOnlyEnabledError)
+ end
+
+ it "should raise an error when calling 'create'" do
+ lambda{ post :create, 'node' => { 'name' => 'foo' } }.should raise_error(ReadOnlyEnabledError)
+ end
+ end
+ end
+ end
end
-- You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
