Class: MiqGroup

Constant Summary collapse

USER_GROUP =
"user"
SYSTEM_GROUP =
"system"
TENANT_GROUP =
"tenant"

Constants included from CustomAttributeMixin

CustomAttributeMixin::CUSTOM_ATTRIBUTES_PREFIX

Constants inherited from ApplicationRecord

ApplicationRecord::FIXTURE_DIR

Constants included from ArRegion

ArRegion::CID_OR_ID_MATCHER, ArRegion::COMPRESSED_ID_SEPARATOR, ArRegion::DEFAULT_RAILS_SEQUENCE_FACTOR, ArRegion::RE_COMPRESSED_ID

Class Method Summary collapse

Instance Method Summary collapse

Methods included from TenancyMixin

#set_tenant

Methods included from TimezoneMixin

#with_a_timezone, #with_current_user_timezone

Methods included from ActiveVmAggregationMixin

#active_vm_aggregation, #active_vms, #allocated_memory, #allocated_storage, #allocated_vcpu, #provisioned_storage

Methods included from CustomAttributeMixin

#miq_custom_delete, #miq_custom_get, #miq_custom_keys, #miq_custom_set, select_virtual_custom_attributes

Methods included from ArTableLock

#with_lock

Methods included from ToModelHash

#to_model_hash, #to_model_yaml

Methods included from ArLock

#lock

Methods included from ArRegion

anonymous_class_with_ar_region, #compressed_id, #in_current_region?, #miq_region, #my_region_number, #region_description, #region_number, #split_id

Methods inherited from ActiveRecord::Base

acts_as_miq_set, acts_as_miq_set_member, acts_as_miq_taggable, column_names_symbols, extract_ids, extract_objects, model_suffix, #number_of, paginate, truncate

Methods included from VirtualDelegates

select_from_alias, select_from_alias_table

Methods included from Vmdb::Logging

#_log

Class Method Details

.create_tenant_group(tenant) ⇒ Object


192
193
194
195
196
197
198
199
200
# File 'app/models/miq_group.rb', line 192

def self.create_tenant_group(tenant)
  tenant_full_name = (tenant.ancestors.map(&:name) + [tenant.name]).join("/")

  create_with(
    :description         => "Tenant #{tenant_full_name} access",
    :group_type          => TENANT_GROUP,
    :default_tenant_role => MiqUserRole.default_tenant_role
  ).find_or_create_by!(:tenant_id => tenant.id)
end

.get_httpd_groups_by_user(user) ⇒ Object


116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# File 'app/models/miq_group.rb', line 116

def self.get_httpd_groups_by_user(user)
  require "dbus"

  username = user.kind_of?(self) ? user.userid : user

  sysbus = DBus.system_bus
  ifp_service   = sysbus["org.freedesktop.sssd.infopipe"]
  ifp_object    = ifp_service.object "/org/freedesktop/sssd/infopipe"
  ifp_object.introspect
  ifp_interface = ifp_object["org.freedesktop.sssd.infopipe"]
  begin
    user_groups = ifp_interface.GetUserGroups(user)
  rescue => err
    raise _("Unable to get groups for user %{user_name} - %{error}") % {:user_name => username, :error => err}
  end
  strip_group_domains(user_groups.first)
end

.get_ldap_groups_by_user(user, bind_dn, bind_pwd) ⇒ Object


103
104
105
106
107
108
109
110
111
112
113
114
# File 'app/models/miq_group.rb', line 103

def self.get_ldap_groups_by_user(user, bind_dn, bind_pwd)
  username = user.kind_of?(self) ? user.userid : user
  ldap = MiqLdap.new

  unless ldap.bind(ldap.fqusername(bind_dn), bind_pwd)
    raise _("Bind failed for user %{user_name}") % {:user_name => bind_dn}
  end
  user_obj = ldap.get_user_object(ldap.normalize(ldap.fqusername(username)))
  raise _("Unable to find user %{user_name} in directory") % {:user_name => username} if user_obj.nil?

  ldap.get_memberships(user_obj, ::Settings.authentication.group_memberships_max_depth)
end

.next_sequenceObject


50
51
52
# File 'app/models/miq_group.rb', line 50

def self.next_sequence
  maximum(:sequence).to_i + 1
end

.non_tenant_groupsObject


210
211
212
# File 'app/models/miq_group.rb', line 210

def self.non_tenant_groups
  where.not(:group_type => TENANT_GROUP)
end

.non_tenant_groups_in_my_regionObject


214
215
216
# File 'app/models/miq_group.rb', line 214

def self.non_tenant_groups_in_my_region
  in_my_region.non_tenant_groups
end

.seedObject


54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# File 'app/models/miq_group.rb', line 54

def self.seed
  role_map_file = FIXTURE_DIR.join("role_map.yaml")
  role_map = YAML.load_file(role_map_file) if role_map_file.exist?
  return unless role_map

  filter_map_file = FIXTURE_DIR.join("filter_map.yaml")
  ldap_to_filters = filter_map_file.exist? ? YAML.load_file(filter_map_file) : {}
  root_tenant = Tenant.root_tenant

  role_map.each_with_index do |(group_name, role_name), index|
    group = find_by(:description => group_name) || new(:description => group_name)
    user_role = MiqUserRole.find_by(:name => "EvmRole-#{role_name}")
    if user_role.nil?
      raise StandardError,
            _("Unable to find user_role 'EvmRole-%{role_name}' for group '%{group_name}'") %
              {:role_name => role_name, :group_name => group_name}
    end
    group.miq_user_role       = user_role
    group.sequence            = index + 1
    group.entitlement.filters = ldap_to_filters[group_name]
    group.group_type          = SYSTEM_GROUP
    group.tenant              = root_tenant

    if group.changed?
      mode = group.new_record? ? "Created" : "Updated"
      group.save!
      _log.info("#{mode} Group: #{group.description} with Role: #{user_role.name}")
    end
  end

  # find any default tenant groups that do not have a role
  tenant_role = MiqUserRole.default_tenant_role
  if tenant_role
    tenant_groups.includes(:entitlement).where(:entitlements => {:miq_user_role_id => nil}).each do |group|
      if group.entitlement.present? # Relation is read-only if present
        Entitlement.update(group.entitlement.id, :miq_user_role => tenant_role)
      else
        group.update_attributes(:miq_user_role => tenant_role)
      end
    end
  else
    _log.warn("Unable to find default tenant role for tenant access")
  end
end

.sort_by_descObject


202
203
204
# File 'app/models/miq_group.rb', line 202

def self.sort_by_desc
  all.sort_by { |g| g.description.downcase }
end

.strip_group_domains(group_list) ⇒ Object


99
100
101
# File 'app/models/miq_group.rb', line 99

def self.strip_group_domains(group_list)
  group_list.collect { |group| group.gsub(/@.*/, '') }
end

.tenant_groupsObject


206
207
208
# File 'app/models/miq_group.rb', line 206

def self.tenant_groups
  where(:group_type => TENANT_GROUP)
end

.with_allowed_roles_for(user_or_group) ⇒ Object


46
47
48
# File 'app/models/miq_group.rb', line 46

def self.with_allowed_roles_for(user_or_group)
  includes(:miq_user_role).where.not({:miq_user_roles => {:name => user_or_group.disallowed_roles}})
end

.with_current_user_groupsObject


218
219
220
221
# File 'app/models/miq_group.rb', line 218

def self.with_current_user_groups
  current_user = User.current_user
  current_user.admin_user? ? all : where(:id => current_user.miq_group_ids)
end

Instance Method Details

#description=(val) ⇒ Object


180
181
182
# File 'app/models/miq_group.rb', line 180

def description=(val)
  super(val.to_s.strip)
end

#get_belongsto_filtersObject


146
147
148
# File 'app/models/miq_group.rb', line 146

def get_belongsto_filters
  entitlement.try(:get_belongsto_filters) || []
end

#get_filters(type = nil) ⇒ Object


134
135
136
# File 'app/models/miq_group.rb', line 134

def get_filters(type = nil)
  entitlement.try(:get_filters, type)
end

#get_managed_filtersObject


142
143
144
# File 'app/models/miq_group.rb', line 142

def get_managed_filters
  entitlement.try(:get_managed_filters) || []
end

#has_filters?Boolean


138
139
140
# File 'app/models/miq_group.rb', line 138

def has_filters?
  entitlement.try(:has_filters?) || false
end

#miq_user_role_nameObject


150
151
152
# File 'app/models/miq_group.rb', line 150

def miq_user_role_name
  miq_user_role.nil? ? nil : miq_user_role.name
end

#nameObject


42
43
44
# File 'app/models/miq_group.rb', line 42

def name
  description
end

#ordered_widget_setsObject


184
185
186
187
188
189
190
# File 'app/models/miq_group.rb', line 184

def ordered_widget_sets
  if settings && settings[:dashboard_order]
    MiqWidgetSet.find_with_same_order(settings[:dashboard_order]).to_a
  else
    miq_widget_sets.sort_by { |a| a.name.downcase }
  end
end

#read_onlyObject Also known as: read_only?


173
174
175
# File 'app/models/miq_group.rb', line 173

def read_only
  system_group? || tenant_group?
end

#referenced_by_tenant?Boolean

Asks about the tenant's default_miq_group

NOTE: this is the old definition for `tenant_group?`


169
170
171
# File 'app/models/miq_group.rb', line 169

def referenced_by_tenant?
  tenant.try(:default_miq_group_id) == id
end

#system_group?Boolean


154
155
156
# File 'app/models/miq_group.rb', line 154

def system_group?
  group_type == SYSTEM_GROUP
end

#tenant_group?Boolean


159
160
161
# File 'app/models/miq_group.rb', line 159

def tenant_group?
  group_type == TENANT_GROUP
end