Module: ChefFixie::BulkEditPermissions

Defined in:
lib/chef_fixie_shahid/bulk_edit_permissions.rb

Class Method Summary collapse

Class Method Details

.ace_add(list, ace_type, entity) ⇒ Object 



78
79
80
81
82
83
84
85
86
87
 
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 78

def self.ace_add(list, ace_type, entity)
  list.each do |item|
    if item.respond_to?(:ace_add)
      item.ace_add(ace_type, entity)
    else
      puts "item.class is not a native authz type"
      return nil
    end
  end
end

.ace_add_all(org, ace_type, entity) ⇒ Object 



118
119
120
121
122
123
 
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 118

def self.ace_add_all(org, ace_type, entity)
  org = orgs[org] if org.is_a?(String)
  org.each_authz_object_by_class do |objects|
    ace_add(objects, ace_type, entity)
  end
end

.ace_delete(list, ace_type, entity) ⇒ Object 



89
90
91
92
93
94
95
96
97
98
 
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 89

def self.ace_delete(list, ace_type, entity)
  list.each do |item|
    if item.respond_to?(:ace_delete)
      item.ace_delete(ace_type, entity)
    else
      puts "item.class is not a native authz type"
      return nil
    end
  end
end

.ace_delete_all(org, ace_type, entity) ⇒ Object 



125
126
127
128
129
130
 
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 125

def self.ace_delete_all(org, ace_type, entity)
  org = orgs[org] if org.is_a?(String)
  org.each_authz_object_by_class do |objects|
    ace_delete(objects, ace_type, entity)
  end
end

.add_admin_permissions(org) ⇒ Object 



132
133
134
135
136
137
138
139
140
141
142
143
 
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 132

def self.add_admin_permissions(org)
  org = orgs[org] if org.is_a?(String)
  # rework when ace add takes multiple items...
  admins = org.groups["admins"]
  pivotal = users["pivotal"]
  org.each_authz_object do |object|
    object.ace_add(:all, pivotal)
    if object.class != ChefFixie::Sql::Group || object.name != "billing-admins"
      object.ace_add(:all, admins)
    end
  end
end

.assocsObject 



37
38
39
 
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 37

def self.assocs
  @assocs ||= ChefFixie::Sql::Associations.new
end

.check_permissions(org) ⇒ Object 



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 45

def self.check_permissions(org)
  org = orgs[org] if org.is_a?(String)
  admins = org.groups["admins"].authz_id
  pivotal = users["pivotal"].authz_id
  errors = Hash.new({})
  org.each_authz_object do |object|
    begin
      acl = object.acl_raw
    rescue RestClient::ResourceNotFound => e
      puts "#{object.class} '#{object.name}' id '#{object.id}' missing authz info"
      # pp :object=>object, :e=>e
      next
    end
    broken_acl = {}
    # the one special case
    acl.each do |k, v|
      list = []
      list << "pivotal" if !v["actors"].member?(pivotal)
      # admins doesn't belong to the billing admins group
      if object.class != ChefFixie::Sql::Group || object.name != "billing-admins"
        list << "admins" if !v["groups"].member?(admins)
      end
      broken_acl[k] = list if !list.empty?
    end
    if !broken_acl.empty?
      classname = object.class
      errors[classname] = {} if !errors.has_key?(classname)
      errors[classname][object.name] = broken_acl
    end
  end
  errors
end

.copy_from_containers(org) ⇒ Object 



145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 145

def self.copy_from_containers(org)
  org = orgs[org] if org.is_a?(String)

  containers = org.containers.all(:all)
  containers.each do |c|
    # don't mess with containers and groups, they are special
    next if c.name == "containers" || c.name == "groups"
    org.objects_by_container_type(c.name).each do |obj|
      obj.acl_add_from_object(c)
      puts "#{obj.name} from #{c.name}"
    end
  end
  nil
end

.do_all_objects(org) ⇒ Object 



100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
 
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 100

def self.do_all_objects(org)
  org = orgs[org] if org.is_a?(String)

  containers = org.containers.all(:all)
  # Maybe we should fix up containers first?
  # fix up objects in containers
  containers.each do |container|
    # TODO Write some tests to validate that this stuff
    # works, since it depends on a lot of name magic...
    object_type = container.name.to_sym
#        raise Exception "No such object_type #{object_type}" unless org.respond_to?(object_type)
    objects = org.send(object_type).all(:all)
    if block_given?
      yield objects
    end
  end
end

.invitesObject 



41
42
43
 
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 41

def self.invites
  invites ||= ChefFixie::Sql::Invites.new
end

.orgsObject 



29
30
31
 
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 29

def self.orgs
  @orgs ||= ChefFixie::Sql::Orgs.new
end

.usersObject 



33
34
35
 
# File 'lib/chef_fixie_shahid/bulk_edit_permissions.rb', line 33

def self.users
  @users ||= ChefFixie::Sql::Users.new
end