Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorise action managing tenant quotas for according tenants in API #536

Merged
merged 1 commit into from
Jan 7, 2019
Merged

Authorise action managing tenant quotas for according tenants in API #536

merged 1 commit into from
Jan 7, 2019

Conversation

lpichler
Copy link
Contributor

@lpichler lpichler commented Jan 3, 2019
edited
Loading

this is PR is needed

This needs custom behaviour for role validation api requests -
this is done by adding method custom_api_user_role_allows_method?
in BaseController to decide if certain controller is allowing custom
api validation.

Authorisation action 'managing tenant quotas' according to tenants
needs custom validation this is defined in
Api::Subcollections::Quotas (api/subcollections/quotas.rb, included in TenantController)
this custom validation is used only if api wants to authorise
rbac_tenant_manage_quotas_tenant_<TENANT_ID> permission.

this is used for authorisation of permission 'manage tenant quota' with using dynamic tenant features.
see desricption here ManageIQ/manageiq#18322

Links

https://bugzilla.redhat.com/show_bug.cgi?id=1468795

@lpichler lpichler mentioned this pull request Jan 3, 2019
Merged
2 tasks
gtanzillo
gtanzillo approved these changes Jan 3, 2019
View reviewed changes
Copy link
Member

@gtanzillo gtanzillo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@lpichler lpichler force-pushed the authorise_manage_tenant_quotas_as_tenant_product_feature_api branch from 5db50b5 to 7dc1431 Compare January 4, 2019 17:59
@gtanzillo gtanzillo closed this Jan 4, 2019
@gtanzillo gtanzillo reopened this Jan 4, 2019
@lpichler lpichler force-pushed the authorise_manage_tenant_quotas_as_tenant_product_feature_api branch from 7dc1431 to d1ac3c4 Compare January 4, 2019 20:29
@lpichler lpichler changed the title [WIP] Authorise action managing tenant quotas for according tenants in API Authorise action managing tenant quotas for according tenants in API Jan 4, 2019
@lpichler lpichler force-pushed the authorise_manage_tenant_quotas_as_tenant_product_feature_api branch 2 times, most recently from f0a6a5d to 17afdce Compare January 6, 2019 20:47
@lpichler
Authorise action managing tenant quotas according to tenants
a485c9a 
This needs custom behaviour for role validation api requests -
this is done by adding method custom_api_user_role_allows_method?
in BaseController to decide if certain controller is allowing custom
api validation.

Authorisation action 'managing tenant quotas' according to tenants
needs custom validation this is defined in
Api::Subcollections::Quotas(api/subcollections/quotas.rb, included in TenantController)
this custom validation is used only if api wants to authorise
rbac_tenant_manage_quotas_tenant_<TENANT_ID> permission.
@lpichler lpichler force-pushed the authorise_manage_tenant_quotas_as_tenant_product_feature_api branch from 17afdce to a485c9a Compare January 6, 2019 21:04
@lpichler
Copy link
Contributor Author

lpichler commented Jan 6, 2019

@gtanzillo I avoided try and I added custom_api_user_role_allows_method? for to the base controller BaseController and then I moved methods with custom role validation to the Api::Subcollections::Quotas module.

@lpichler
Copy link
Contributor Author

lpichler commented Jan 7, 2019

@miq-bot add_label hammer/yes, blocker, enhancement

@gtanzillo gtanzillo added this to the Sprint 102 Ending Jan 7, 2019 milestone Jan 7, 2019
@gtanzillo gtanzillo merged commit fadf393 into ManageIQ:master Jan 7, 2019
@lpichler lpichler deleted the authorise_manage_tenant_quotas_as_tenant_product_feature_api branch January 7, 2019 14:08
simaishi pushed a commit that referenced this pull request Jan 7, 2019
@gtanzillo @simaishi
Merge pull request #536 from lpichler/authorise_manage_tenant_quotas_…
013965f 
…as_tenant_product_feature_api

Authorise action managing tenant quotas for according tenants in API

(cherry picked from commit fadf393)

https://bugzilla.redhat.com/show_bug.cgi?id=1468795
@simaishi
Copy link
Contributor

simaishi commented Jan 7, 2019

Hammer backport details:

$ git log -1
commit 013965f33aacf5e9d45a17c7457a8c050238c503
Author: Gregg Tanzillo <gtanzill@redhat.com>
Date:   Mon Jan 7 09:04:41 2019 -0500

    Merge pull request #536 from lpichler/authorise_manage_tenant_quotas_as_tenant_product_feature_api
    
    Authorise action managing tenant quotas for according tenants in API
    
    (cherry picked from commit fadf39376891d275c668664256efc7495011f2be)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1468795

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gtanzillo gtanzillo gtanzillo approved these changes

Assignees
No one assigned
Labels
blocker enhancement hammer/backported
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lpichler @simaishi @gtanzillo @miq-bot