Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authorize user with non-dynamic product feature if included in user's role #18179

Merged
merged 1 commit into from
Nov 12, 2018

Conversation

gtanzillo
Copy link
Member

@gtanzillo gtanzillo commented Nov 8, 2018

@@ -101,6 +105,13 @@
expect(user_2.role_allows?(:identifier => "rbac_tenant_manage_quotas")).to be_truthy
end
end

it "authorise user with non-dynamic product feature" do
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

diff --git a/spec/models/miq_user_role_spec.rb b/spec/models/miq_user_role_spec.rb
index 47a2a6458e..7372e5e3c1 100644
--- a/spec/models/miq_user_role_spec.rb
+++ b/spec/models/miq_user_role_spec.rb
@@ -80,6 +80,7 @@ describe MiqUserRole do

       let!(:tenant_1) { FactoryGirl.create(:tenant, :parent => root_tenant) }
       let!(:tenant_2) { FactoryGirl.create(:tenant, :parent => root_tenant) }
+      let!(:tenant_3) { FactoryGirl.create(:tenant, :parent => root_tenant) }

       let(:feature)             { MiqProductFeature.find_all_by_identifier(["dialog_edit_editor_tenant_#{tenant_2.id}", "rbac_tenant_manage_quotas_tenant_#{tenant_2.id}"]) }
       let(:non_dynamic_feature) { MiqProductFeature.find_all_by_identifier(["dialog_edit_editor", "rbac_tenant_manage_quotas"]) }
@@ -87,7 +88,7 @@ describe MiqUserRole do
       let(:role_no_dynamic) { FactoryGirl.create(:miq_user_role, :miq_product_features => non_dynamic_feature) }
       let(:group_tenant_1) { FactoryGirl.create(:miq_group, :miq_user_role => role, :tenant => tenant_1) }
       let(:group_tenant_2) { FactoryGirl.create(:miq_group, :miq_user_role => role, :tenant => tenant_2) }
-      let(:group_3)        { FactoryGirl.create(:miq_group, :miq_user_role => role_no_dynamic, :tenant => tenant_2) }
+      let(:group_3)        { FactoryGirl.create(:miq_group, :miq_user_role => role_no_dynamic, :tenant => tenant_3) }
       let!(:user_1) { FactoryGirl.create(:user, :userid => "user_1", :miq_groups => [group_tenant_1]) }
       let!(:user_2) { FactoryGirl.create(:user, :userid => "user_2", :miq_groups => [group_tenant_2]) }
       let!(:user_3) { FactoryGirl.create(:user, :userid => "user_3", :miq_groups => [group_3]) }
@@ -107,6 +108,8 @@ describe MiqUserRole do
       end

       it "authorise user with non-dynamic product feature" do
+        MiqProductFeature.where(:identifier => ["dialog_edit_editor_tenant_#{tenant_3.id}", "rbac_tenant_manage_quotas_tenant_#{tenant_3.id}"]).destroy_all
+
         User.with_user(user_3) do
           expect(user_3.role_allows?(:identifier => "dialog_edit_editor")).to be_truthy
           expect(user_3.role_allows?(:identifier => "rbac_tenant_manage_quotas")).to be_truthy

to hit this case from API CI failure, we need get
https://github.com/ManageIQ/manageiq/pull/18179/files#diff-59b5e7d642867a7e9775d5eca9708e44R29 false result from call user_role_allows?(user, :identifier => tenant_identifier)

because it is caused by missing seed process.

@gtanzillo gtanzillo closed this Nov 9, 2018
@gtanzillo gtanzillo reopened this Nov 9, 2018
@lpichler
Copy link
Contributor

I tested in UI and it works 👍

… role

- This was a bug in the logic in ManageIQ#18102
- This fixes test failures in the API repo
@miq-bot
Copy link
Member

miq-bot commented Nov 12, 2018

Checked commit gtanzillo@ec15bb0 with ruby 2.3.3, rubocop 0.52.1, haml-lint 0.20.0, and yamllint 1.10.0
3 files checked, 1 offense detected

spec/models/miq_user_role_spec.rb

@bdunne bdunne merged commit f489784 into ManageIQ:master Nov 12, 2018
@bdunne bdunne added this to the Sprint 99 Ending Nov 19, 2018 milestone Nov 12, 2018
@bdunne bdunne self-assigned this Nov 12, 2018
@lpichler lpichler deleted the fix-dynamic-product-features branch November 14, 2018 09:21
@lpichler
Copy link
Contributor

@miq-bot add_label hammer/yes

simaishi pushed a commit that referenced this pull request Nov 14, 2018
Authorize user with non-dynamic product feature if included in user's role

(cherry picked from commit f489784)

https://bugzilla.redhat.com/show_bug.cgi?id=1468795
@simaishi
Copy link
Contributor

Hammer backport details:

$ git log -1
commit d4481688e06d35e0f2220b6f1d19d0a1eb036597
Author: Brandon Dunne <brandondunne@hotmail.com>
Date:   Mon Nov 12 15:04:44 2018 -0500

    Merge pull request #18179 from gtanzillo/fix-dynamic-product-features
    
    Authorize user with non-dynamic product feature if included in user's role
    
    (cherry picked from commit f489784b0917a30aa810772b3888bb9dac9cec0c)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1468795

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants