Sha256: ca0d97ab1db7629e6df5e7b1c42c35b1e08ad9c73e821c9134e1c63602e200ff

Contents?: true

Size: 1.76 KB

Versions: 8

Compression:

Stored size: 1.76 KB

Contents

module ForemanTasks
  class Dynflow::SidekiqConsoleConstraint
    def matches?(request)
      Setting[:dynflow_enable_console] &&
        (!Setting[:dynflow_console_require_auth] || Dynflow::ConsoleAuthorizer.new(request).allow?)
    end
  end

  class Dynflow::ConsoleAuthorizer
    def self.from_env(env)
      new(Rack::Request.new(env))
    end

    def initialize(request)
      @rack_request = request
      @user_id = @rack_request.session[:user]
      @expires_at = @rack_request.session[:expires_at]
      @user = User.unscoped.where(:id => @user_id).first unless session_expired?
    end

    def allow?
      @user && (unlimited_edit? || authorized_for_task?)
    end

    private

    def session_expired?
      Time.now.to_i > @expires_at.to_i
    end

    def unlimited_edit?
      return true if @user.admin?
      # users with unlimited edit_foreman_tasks can operate with the
      # console no matter what task it is...
      edit_permission = Permission.where(:name => :edit_foreman_tasks, :resource_type => ForemanTasks::Task.name).first
      if @user.filters.joins(:filterings).unlimited.where('filterings.permission_id' => edit_permission).first
        return true
      end
    end

    def authorized_for_task?
      if (task = extract_task)
        begin
          original_user = User.current
          User.current = @user
          return Authorizer.new(@user).can?(:edit_foreman_tasks, task)
        ensure
          User.current = original_user
        end
      else
        false
      end
    end

    def extract_task
      dynflow_id = @rack_request.path_info[/^\/([\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12})/, 1]
      unless dynflow_id.empty?
        ForemanTasks::Task::DynflowTask.where(:external_id => dynflow_id).first
      end
    end
  end
end

Version data entries

8 entries across 8 versions & 1 rubygems

Version Path
foreman-tasks-0.17.6 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-1.0.1 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-1.0.0 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.17.5 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.17.4 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.17.3 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.17.2 lib/foreman_tasks/dynflow/console_authorizer.rb
foreman-tasks-0.17.1 lib/foreman_tasks/dynflow/console_authorizer.rb