Enhanced resource_search_by_href_slug to support optional user object

User.current_user or specified user must be specified
Updated tests for the new signature

lib/api/utils.rb

@@ -6,14 +6,17 @@ def self.build_href_slug(klass, id)
       "#{collection}/#{id}" if collection
     end
 
-    def self.resource_search_by_href_slug(href_slug)
+    def self.resource_search_by_href_slug(href_slug, user = User.current_user)
       return unless href_slug
+
       collection, id = href_slug.split('/')
       collection_config = Api::CollectionConfig.new if collection
+
       raise _("Invalid href_slug #{href_slug} specified") unless collection && id && collection_config.collection?(collection)
+      raise _("User must be defined") unless user
 
       klass = collection_config.klass(collection)
-      Rbac.filtered_object(klass.find(id), :user => User.current_user, :class => klass)
+      Rbac.filtered_object(klass.find(id), :user => user, :class => klass)
     end
   end
 end

spec/lib/api/utils_spec.rb

@@ -34,19 +34,46 @@
     end
 
     it "raises an ActiveRecord::RecordNotFound with a non-existent href_slug" do
-      expect { described_class.resource_search_by_href_slug("vms/99999") }
+      owner_tenant = FactoryGirl.create(:tenant)
+      owner_group  = FactoryGirl.create(:miq_group, :tenant => owner_tenant)
+      owner        = FactoryGirl.create(:user, :miq_groups => [owner_group])
+
+      expect { described_class.resource_search_by_href_slug("vms/99999", owner) }
         .to raise_error(ActiveRecord::RecordNotFound)
     end
 
-    it "returns the resource with a valid href_slug" do
+    it "raises an exception with an undefined user" do
       vm = FactoryGirl.create(:vm_vmware)
 
+      expect { described_class.resource_search_by_href_slug("vms/#{vm.id}") }
+        .to raise_error("User must be defined")
+    end
+
+    it "returns the resource when Rbac succeeds for current_user" do
+      owner_tenant = FactoryGirl.create(:tenant)
+      owner_group  = FactoryGirl.create(:miq_group, :tenant => owner_tenant)
+
+      vm = FactoryGirl.create(:vm_vmware, :tenant => owner_tenant)
+      User.current_user = FactoryGirl.create(:user, :miq_groups => [owner_group])
+
       actual = described_class.resource_search_by_href_slug("vms/#{vm.id}")
 
       expect(actual).to eq(vm)
     end
 
-    it "does not return the resource when Rbac fails" do
+    it "returns the resource when Rbac succeeds for specified user" do
+      owner_tenant = FactoryGirl.create(:tenant)
+      owner_group  = FactoryGirl.create(:miq_group, :tenant => owner_tenant)
+      owner        = FactoryGirl.create(:user, :miq_groups => [owner_group])
+
+      vm = FactoryGirl.create(:vm_vmware, :tenant => owner_tenant)
+
+      actual = described_class.resource_search_by_href_slug("vms/#{vm.id}", owner)
+
+      expect(actual).to eq(vm)
+    end
+
+    it "does not return the resource when Rbac fails for current_user" do
       owner_tenant  = FactoryGirl.create(:tenant)
 
       unauth_tenant = FactoryGirl.create(:tenant)
@@ -59,5 +86,19 @@
 
       expect(actual).to eq(nil)
     end
+
+    it "does not return the resource when Rbac fails for specified user" do
+      owner_tenant  = FactoryGirl.create(:tenant)
+
+      unauth_tenant = FactoryGirl.create(:tenant)
+      unauth_group  = FactoryGirl.create(:miq_group, :tenant => unauth_tenant)
+      unauth_user   = FactoryGirl.create(:user, :miq_groups => [unauth_group])
+
+      vm = FactoryGirl.create(:vm_vmware, :tenant => owner_tenant)
+
+      actual = described_class.resource_search_by_href_slug("vms/#{vm.id}", unauth_user)
+
+      expect(actual).to eq(nil)
+    end
   end
 end