Sha256: 231121901943f8a9c7a84806546fd9c11ce27ddbd6039da1306b981038f8212a

Contents?: true

Size: 1.48 KB

Versions: 40

Compression:

Stored size: 1.48 KB

Contents

module ForemanTasks
  class Dynflow::ConsoleAuthorizer
    def initialize(env)
      @rack_request = Rack::Request.new(env)
      @user_id = @rack_request.session[:user]
      @expires_at = @rack_request.session[:expires_at]
      @user = User.unscoped.where(:id => @user_id).first unless session_expired?
    end

    def allow?
      @user && (unlimited_edit? || authorized_for_task?)
    end

    private

    def session_expired?
      Time.now.to_i > @expires_at.to_i
    end

    def unlimited_edit?
      return true if @user.admin?
      # users with unlimited edit_foreman_tasks can operate with the
      # console no matter what task it is...
      edit_permission = Permission.where(:name => :edit_foreman_tasks, :resource_type => ForemanTasks::Task.name).first
      if @user.filters.joins(:filterings).unlimited.where('filterings.permission_id' => edit_permission).first
        return true
      end
    end

    def authorized_for_task?
      if (task = extract_task)
        begin
          original_user = User.current
          User.current = @user
          return Authorizer.new(@user).can?(:edit_foreman_tasks, task)
        ensure
          User.current = original_user
        end
      else
        false
      end
    end

    def extract_task
      dynflow_id = @rack_request.path_info[/^\/([\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12})/, 1]
      unless dynflow_id.empty?
        ForemanTasks::Task::DynflowTask.where(:external_id => dynflow_id).first
      end
    end
  end
end

Version data entries

40 entries across 40 versions & 1 rubygems

Version Path
foreman-tasks-0.16.3 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.15.11 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.16.2 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.15.10 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.16.1 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.17.0 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.15.9 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.15.8 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.14.6 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.15.7 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.16.0 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.15.6 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.15.5 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.15.4 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.15.3 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.15.2 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.15.1 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.15.0 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.14.5 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.14.4 lib/foreman_tasks/dynflow/console_authorizer.rb