Module: ChefFixie::BulkEditPermissions
- Defined in:
- lib/chef_fixie_shahid/bulk_edit_permissions.rb
Class Method Summary collapse
- .ace_add(list, ace_type, entity) ⇒ Object
- .ace_add_all(org, ace_type, entity) ⇒ Object
- .ace_delete(list, ace_type, entity) ⇒ Object
- .ace_delete_all(org, ace_type, entity) ⇒ Object
- .add_admin_permissions(org) ⇒ Object
- .assocs ⇒ Object
- .check_permissions(org) ⇒ Object
- .copy_from_containers(org) ⇒ Object
- .do_all_objects(org) ⇒ Object
- .invites ⇒ Object
- .orgs ⇒ Object
- .users ⇒ Object
Class Method Details
.ace_add(list, ace_type, entity) ⇒ Object
78 79 80 81 82 83 84 85 86 87 |
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 78 def self.ace_add(list, ace_type, entity) list.each do |item| if item.respond_to?(:ace_add) item.ace_add(ace_type, entity) else puts "item.class is not a native authz type" return nil end end end |
.ace_add_all(org, ace_type, entity) ⇒ Object
118 119 120 121 122 123 |
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 118 def self.ace_add_all(org, ace_type, entity) org = orgs[org] if org.is_a?(String) org.each_authz_object_by_class do |objects| ace_add(objects, ace_type, entity) end end |
.ace_delete(list, ace_type, entity) ⇒ Object
89 90 91 92 93 94 95 96 97 98 |
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 89 def self.ace_delete(list, ace_type, entity) list.each do |item| if item.respond_to?(:ace_delete) item.ace_delete(ace_type, entity) else puts "item.class is not a native authz type" return nil end end end |
.ace_delete_all(org, ace_type, entity) ⇒ Object
125 126 127 128 129 130 |
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 125 def self.ace_delete_all(org, ace_type, entity) org = orgs[org] if org.is_a?(String) org.each_authz_object_by_class do |objects| ace_delete(objects, ace_type, entity) end end |
.add_admin_permissions(org) ⇒ Object
132 133 134 135 136 137 138 139 140 141 142 143 |
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 132 def self.(org) org = orgs[org] if org.is_a?(String) # rework when ace add takes multiple items... admins = org.groups["admins"] pivotal = users["pivotal"] org.each_authz_object do |object| object.ace_add(:all, pivotal) if object.class != ChefFixie::Sql::Group || object.name != "billing-admins" object.ace_add(:all, admins) end end end |
.assocs ⇒ Object
37 38 39 |
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 37 def self.assocs @assocs ||= ChefFixie::Sql::Associations.new end |
.check_permissions(org) ⇒ Object
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 45 def self.(org) org = orgs[org] if org.is_a?(String) admins = org.groups["admins"].authz_id pivotal = users["pivotal"].authz_id errors = Hash.new({}) org.each_authz_object do |object| begin acl = object.acl_raw rescue RestClient::ResourceNotFound => e puts "#{object.class} '#{object.name}' id '#{object.id}' missing authz info" # pp :object=>object, :e=>e next end broken_acl = {} # the one special case acl.each do |k, v| list = [] list << "pivotal" if !v["actors"].member?(pivotal) # admins doesn't belong to the billing admins group if object.class != ChefFixie::Sql::Group || object.name != "billing-admins" list << "admins" if !v["groups"].member?(admins) end broken_acl[k] = list if !list.empty? end if !broken_acl.empty? classname = object.class errors[classname] = {} if !errors.has_key?(classname) errors[classname][object.name] = broken_acl end end errors end |
.copy_from_containers(org) ⇒ Object
145 146 147 148 149 150 151 152 153 154 155 156 157 158 |
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 145 def self.copy_from_containers(org) org = orgs[org] if org.is_a?(String) containers = org.containers.all(:all) containers.each do |c| # don't mess with containers and groups, they are special next if c.name == "containers" || c.name == "groups" org.objects_by_container_type(c.name).each do |obj| obj.acl_add_from_object(c) puts "#{obj.name} from #{c.name}" end end nil end |
.do_all_objects(org) ⇒ Object
100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 |
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 100 def self.do_all_objects(org) org = orgs[org] if org.is_a?(String) containers = org.containers.all(:all) # Maybe we should fix up containers first? # fix up objects in containers containers.each do |container| # TODO Write some tests to validate that this stuff # works, since it depends on a lot of name magic... object_type = container.name.to_sym # raise Exception "No such object_type #{object_type}" unless org.respond_to?(object_type) objects = org.send(object_type).all(:all) if block_given? yield objects end end end |
.invites ⇒ Object
41 42 43 |
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 41 def self.invites invites ||= ChefFixie::Sql::Invites.new end |