Add permissions for WDS server access

0ce9ffb1 · Alexander Olofsson · 6ff645dd · 0ce9ffb1 · 0ce9ffb1 · 0ce9ffb1
Commit 0ce9ffb1 authored 6 years ago by Alexander Olofsson
--- a/app/controllers/concerns/foreman_wds/hosts_controller_extensions.rb
+++ b/app/controllers/concerns/foreman_wds/hosts_controller_extensions.rb
@@ -14,5 +14,14 @@ module ForemanWds

      super(top_level_hash)
    end
+
+    def action_permission
+      case params[:action]
+      when 'wds_server_selected', 'wds_image_selected'
+        :edit
+      else
+        super
+      end
+    end
  end
 end
--- a/app/controllers/wds_servers_controller.rb
+++ b/app/controllers/wds_servers_controller.rb
@@ -77,4 +77,15 @@ class WdsServersController < ::ApplicationController
  def find_server
    @wds_server = WdsServer.find(params[:id])
  end
+
+  def action_permission
+    case params[:action]
+    when 'wds_clients', 'wds_images'
+      :view
+    when 'test_connection', 'refresh_cache', 'delete_wds_client'
+      :edit
+    else
+      super
+    end
+  end
 end
--- a/lib/foreman_wds/engine.rb
+++ b/lib/foreman_wds/engine.rb
@@ -17,6 +17,33 @@ module ForemanWds
      Foreman::Plugin.register :foreman_wds do
        requires_foreman '>= 1.16'

+        security_block :foreman_wds do
+          permission :view_wds_servers, {
+            wds_servers: %i[index show auto_complete_search wds_clients wds_images]
+          }, resource_type: 'WdsServer'
+          permission :create_wds_servers, {
+            wds_servers: %i[create new]
+          }, resource_type: 'WdsServer'
+          permission :edit_wds_servers, {
+            wds_servers: %i[edit update test_connection refresh_cache delete_wds_client]
+          }, resource_type: 'WdsServer'
+          permission :destroy_wds_servers, {
+            wds_servers: %i[destroy]
+          }, resource_type: 'WdsServer'
+
+          # permission :edit_hosts, {
+          #   hosts: %i[wds_server_selected wds_image_selected]
+          # }, resource_type: 'Host'
+        end
+
+        Foreman::AccessControl.permissions(:edit_hosts).actions.concat [
+          'hosts/wds_server_selected', 'hosts/wds_image_selected'
+        ]
+
+        role 'WDS Server Manager', %i[view_wds_servers create_wds_servers edit_wds_servers destroy_wds_servers]
+
+        add_all_permissions_to_default_roles
+
        # add menu entry
        menu :top_menu, :wds_servers,
             url_hash: { controller: :wds_servers, action: :index },