forked from ManageIQ/manageiq-schema
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Separate Role Access Restrictions for Service Templates
- Loading branch information
1 parent
de9c77e
commit 7af3019
Showing
2 changed files
with
166 additions
and
0 deletions.
There are no files selected for viewing
26 changes: 26 additions & 0 deletions
26
db/migrate/20230709065227_separate_role_access_restrictions_for_service_templates.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| class SeparateRoleAccessRestrictionsForServiceTemplates < ActiveRecord::Migration[6.0] | ||
| class MiqUserRole < ActiveRecord::Base | ||
| serialize :settings | ||
| end | ||
|
|
||
| def up | ||
| say_with_time("Updating MiqUserRole restictions so Service Templates match existing VMs") do | ||
| MiqUserRole.where(:read_only => false).where("settings LIKE '%vms: :user%'").find_each do |role| | ||
| role.settings[:restrictions][:service_templates] = role.settings.dig(:restrictions, :vms) | ||
| role.save! | ||
| end | ||
| end | ||
| end | ||
|
|
||
| def down | ||
| say_with_time("Remove Service Templates from MiqUserRole restictions") do | ||
| MiqUserRole.where(:read_only => false).where("settings LIKE '%service_templates:%'").find_each do |role| | ||
| role.settings[:restrictions].delete(:service_templates) | ||
| if role.settings[:restrictions] == {} && role.settings.length == 1 | ||
| role.settings = nil | ||
| end | ||
| role.save! | ||
| end | ||
| end | ||
| end | ||
| end |
140 changes: 140 additions & 0 deletions
140
...migrations/20230709065227_separate_role_access_restrictions_for_service_templates_spec.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,140 @@ | ||
| require_migration | ||
|
|
||
| describe SeparateRoleAccessRestrictionsForServiceTemplates do | ||
| let(:miq_user_role_stub) { migration_stub(:MiqUserRole) } | ||
|
|
||
| migration_context :up do | ||
| it "Existing Role with no restrictions is unchanged" do | ||
| miq_user_role = miq_user_role_stub.create(:read_only => false, :settings => nil) | ||
|
|
||
| migrate | ||
|
|
||
| expect(miq_user_role.reload).to have_attributes(:settings => nil) | ||
| end | ||
|
|
||
| it "Existing read only Role with no restrictions is unchanged" do | ||
| miq_user_role = miq_user_role_stub.create(:read_only => true, :settings => nil) | ||
|
|
||
| migrate | ||
|
|
||
| expect(miq_user_role.reload).to have_attributes(:settings => nil) | ||
| end | ||
|
|
||
| it "Existing read only Role with restrictions is unchanged" do | ||
| miq_user_role = miq_user_role_stub.create(:read_only => true, | ||
| :settings => {:restrictions => {:vms => :user_or_group}}) | ||
|
|
||
| migrate | ||
|
|
||
| expect(miq_user_role.reload).to have_attributes(:settings => {:restrictions => {:vms => :user_or_group}}) | ||
| end | ||
|
|
||
| it "Existing Role with ':vms=>:user_or_group' adds ':service_templates=>:user_or_group'" do | ||
| miq_user_role = miq_user_role_stub.create(:read_only => false, | ||
| :settings => {:restrictions => {:vms => :user_or_group}}) | ||
|
|
||
| migrate | ||
|
|
||
| expect(miq_user_role.reload).to have_attributes(:settings => {:restrictions => {:vms => :user_or_group, :service_templates => :user_or_group}}) | ||
| end | ||
|
|
||
| it "Existing Role with ':vms=>:user' adds ':service_templates=>:user'" do | ||
| miq_user_role = miq_user_role_stub.create(:read_only => false, | ||
| :settings => {:restrictions => {:vms => :user}}) | ||
|
|
||
| migrate | ||
|
|
||
| expect(miq_user_role.reload).to have_attributes(:settings => {:restrictions => {:vms => :user, :service_templates => :user}}) | ||
| end | ||
|
|
||
| it "Existing Role with something else in settings is unchanged" do | ||
| miq_user_role = miq_user_role_stub.create(:read_only => false, | ||
| :settings => {:foo => {:bar => :user}}) | ||
|
|
||
| migrate | ||
|
|
||
| expect(miq_user_role.reload).to have_attributes(:settings => {:foo => {:bar => :user}}) | ||
| end | ||
|
|
||
| it "Existing Role with something else in settings and ':vms=>:user' adds ':service_templates=>:user'" do | ||
| miq_user_role = miq_user_role_stub.create(:read_only => false, | ||
| :settings => {:foo => {:bar => :user}, :restrictions => {:vms => :user}}) | ||
|
|
||
| migrate | ||
|
|
||
| expect(miq_user_role.reload).to have_attributes(:settings => {:foo => {:bar => :user}, :restrictions => {:vms => :user, :service_templates => :user}}) | ||
| end | ||
| end | ||
|
|
||
| migration_context :down do | ||
| it "Existing Role with no restrictions is unchanged" do | ||
| miq_user_role = miq_user_role_stub.create(:read_only => false, :settings => nil) | ||
|
|
||
| migrate | ||
|
|
||
| expect(miq_user_role.reload).to have_attributes(:settings => nil) | ||
| end | ||
|
|
||
| it "Existing read only Role with no restrictions is unchanged" do | ||
| miq_user_role = miq_user_role_stub.create(:read_only => true, :settings => nil) | ||
|
|
||
| migrate | ||
|
|
||
| expect(miq_user_role.reload).to have_attributes(:settings => nil) | ||
| end | ||
|
|
||
| it "Existing read only Role with restrictions is unchanged" do | ||
| miq_user_role = miq_user_role_stub.create(:read_only => true, | ||
| :settings => {:restrictions => {:vms => :user_or_group, :service_templates => :user_or_group}}) | ||
|
|
||
| migrate | ||
|
|
||
| expect(miq_user_role.reload).to have_attributes(:settings => {:restrictions => {:vms => :user_or_group, :service_templates => :user_or_group}}) | ||
| end | ||
|
|
||
| it "Existing Role removes ':service_templates=>:user_or_group'" do | ||
| miq_user_role = miq_user_role_stub.create(:read_only => false, | ||
| :settings => {:restrictions => {:vms => :user_or_group, :service_templates => :user_or_group}}) | ||
|
|
||
| migrate | ||
|
|
||
| expect(miq_user_role.reload).to have_attributes(:settings => {:restrictions => {:vms => :user_or_group}}) | ||
| end | ||
|
|
||
| it "Existing Role removes ':service_templates=>:user_or_group' (no :vms restrictions)" do | ||
| miq_user_role = miq_user_role_stub.create(:read_only => false, | ||
| :settings => {:restrictions => {:service_templates => :user_or_group}}) | ||
|
|
||
| migrate | ||
|
|
||
| expect(miq_user_role.reload).to have_attributes(:settings => nil) | ||
| end | ||
|
|
||
| it "Existing Role removes ':service_templates=>:user'" do | ||
| miq_user_role = miq_user_role_stub.create(:read_only => false, | ||
| :settings => {:restrictions => {:vms => :user, :service_templates => :user}}) | ||
|
|
||
| migrate | ||
|
|
||
| expect(miq_user_role.reload).to have_attributes(:settings => {:restrictions => {:vms => :user}}) | ||
| end | ||
|
|
||
| it "Existing Role removes ':service_templates=>:user' (no :vms restrictions)" do | ||
| miq_user_role = miq_user_role_stub.create(:read_only => false, | ||
| :settings => {:restrictions => {:service_templates => :user}}) | ||
|
|
||
| migrate | ||
|
|
||
| expect(miq_user_role.reload).to have_attributes(:settings => nil) | ||
| end | ||
|
|
||
| it "Existing Role with something else in settings is unchanged" do | ||
| miq_user_role = miq_user_role_stub.create(:read_only => false, | ||
| :settings => {:foo => {:bar => :user}}) | ||
|
|
||
| migrate | ||
|
|
||
| expect(miq_user_role.reload).to have_attributes(:settings => {:foo => {:bar => :user}}) | ||
| end | ||
| end | ||
| end |