From 0ce9ffb10b8a04224bb1554adc1ffec9d1177030 Mon Sep 17 00:00:00 2001
From: Alexander Olofsson <alexander.olofsson@liu.se>
Date: Wed, 12 Sep 2018 14:16:48 +0200
Subject: [PATCH] Add permissions for WDS server access

---
 .../hosts_controller_extensions.rb            |  9 +++++++
 app/controllers/wds_servers_controller.rb     | 11 ++++++++
 lib/foreman_wds/engine.rb                     | 27 +++++++++++++++++++
 3 files changed, 47 insertions(+)

diff --git a/app/controllers/concerns/foreman_wds/hosts_controller_extensions.rb b/app/controllers/concerns/foreman_wds/hosts_controller_extensions.rb
index c15211b..dd9897a 100644
--- a/app/controllers/concerns/foreman_wds/hosts_controller_extensions.rb
+++ b/app/controllers/concerns/foreman_wds/hosts_controller_extensions.rb
@@ -14,5 +14,14 @@ module ForemanWds
 
       super(top_level_hash)
     end
+
+    def action_permission
+      case params[:action]
+      when 'wds_server_selected', 'wds_image_selected'
+        :edit
+      else
+        super
+      end
+    end
   end
 end
diff --git a/app/controllers/wds_servers_controller.rb b/app/controllers/wds_servers_controller.rb
index 89587e8..590c46e 100644
--- a/app/controllers/wds_servers_controller.rb
+++ b/app/controllers/wds_servers_controller.rb
@@ -77,4 +77,15 @@ class WdsServersController < ::ApplicationController
   def find_server
     @wds_server = WdsServer.find(params[:id])
   end
+
+  def action_permission
+    case params[:action]
+    when 'wds_clients', 'wds_images'
+      :view
+    when 'test_connection', 'refresh_cache', 'delete_wds_client'
+      :edit
+    else
+      super
+    end
+  end
 end
diff --git a/lib/foreman_wds/engine.rb b/lib/foreman_wds/engine.rb
index ad8f7b5..3a5be04 100644
--- a/lib/foreman_wds/engine.rb
+++ b/lib/foreman_wds/engine.rb
@@ -17,6 +17,33 @@ module ForemanWds
       Foreman::Plugin.register :foreman_wds do
         requires_foreman '>= 1.16'
 
+        security_block :foreman_wds do
+          permission :view_wds_servers, {
+            wds_servers: %i[index show auto_complete_search wds_clients wds_images]
+          }, resource_type: 'WdsServer'
+          permission :create_wds_servers, {
+            wds_servers: %i[create new]
+          }, resource_type: 'WdsServer'
+          permission :edit_wds_servers, {
+            wds_servers: %i[edit update test_connection refresh_cache delete_wds_client]
+          }, resource_type: 'WdsServer'
+          permission :destroy_wds_servers, {
+            wds_servers: %i[destroy]
+          }, resource_type: 'WdsServer'
+
+          # permission :edit_hosts, {
+          #   hosts: %i[wds_server_selected wds_image_selected]
+          # }, resource_type: 'Host'
+        end
+
+        Foreman::AccessControl.permissions(:edit_hosts).actions.concat [
+          'hosts/wds_server_selected', 'hosts/wds_image_selected'
+        ]
+
+        role 'WDS Server Manager', %i[view_wds_servers create_wds_servers edit_wds_servers destroy_wds_servers]
+
+        add_all_permissions_to_default_roles
+
         # add menu entry
         menu :top_menu, :wds_servers,
              url_hash: { controller: :wds_servers, action: :index },
-- 
GitLab