Sha256: 2e8f012eb6932bf836bf343ed81e6e10325c19facfeb3fc5587e335933e22efb

Contents?: true

Size: 1.51 KB

Versions: 9

Compression:

Stored size: 1.51 KB

Contents

# -*- coding: utf-8 -*-
module ForemanTasks
  class Dynflow::ConsoleAuthorizer
    def initialize(env)
      @rack_request = Rack::Request.new(env)
      @user_id = @rack_request.session[:user]
      @expires_at = @rack_request.session[:expires_at]
      @user = User.unscoped.where(:id => @user_id).first unless session_expired?
    end

    def allow?
      @user && (unlimited_edit? || authorized_for_task?)
    end

    private

    def session_expired?
      Time.now.to_i > @expires_at.to_i
    end

    def unlimited_edit?
      return true if @user.admin?
      # users with unlimited edit_foreman_tasks can operate with the
      # console no matter what task it is...
      edit_permission = Permission.where(:name => :edit_foreman_tasks, :resource_type => ForemanTasks::Task.name).first
      if @user.filters.joins(:filterings).unlimited.where('filterings.permission_id' => edit_permission).first
        return true
      end
    end

    def authorized_for_task?
      if (task = extract_task)
        begin
          original_user = User.current
          User.current = @user
          return Authorizer.new(@user).can?(:edit_foreman_tasks, task)
        ensure
          User.current = original_user
        end
      else
        false
      end
    end

    def extract_task
      dynflow_id = @rack_request.path_info[/^\/([\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12})/, 1]
      unless dynflow_id.empty?
        ForemanTasks::Task::DynflowTask.where(:external_id => dynflow_id).first
      end
    end
  end
end

Version data entries

9 entries across 9 versions & 1 rubygems

Version Path
foreman-tasks-0.10.4 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.9.6 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.10.3 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.10.2 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.10.1 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.9.5 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.10.0 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.9.4 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.9.3 lib/foreman_tasks/dynflow/console_authorizer.rb