ref: refs/heads/network
commit 4195307ff885579ec9676d129f0f487f9742ca98
Author: Josef Reidinger
Date: Thu Aug 27 15:45:36 2009 +0200
change permission check to exception base, break exception test suite, fixed after introduce rescue handlers
---
webservice/lib/yast_roles.rb | 43 ++++++++++++++++--------------
webservice/test/unit/yast_roles_test.rb | 9 +++---
2 files changed, 28 insertions(+), 24 deletions(-)
diff --git a/webservice/lib/yast_roles.rb b/webservice/lib/yast_roles.rb
index 88f9d5e..49992da 100644
--- a/webservice/lib/yast_roles.rb
+++ b/webservice/lib/yast_roles.rb
@@ -1,8 +1,9 @@
module YastRoles
require 'polkit'
+ require 'exceptions'
-private
+ private
def user_roles(user)
IO.foreach( USER_ROLES_CONFIG ) do |line|
line.chomp!
@@ -14,30 +15,32 @@ private
return []
end
-public
+ public
def permission_check(action)
return true if ENV["RAILS_ENV"] == "test"
- return false if self.current_account==nil || self.current_account.login.size == 0
+ raise NotLoggedException if self.current_account==nil || self.current_account.login.size == 0
+ action ||= "" #avoid nil action
- if PolKit.polkit_check( action, self.current_account.login) == :yes
- Rails.logger.debug "Action: #{action} User: #{self.current_account.login} Result: ok"
- return true
- end
- #checking roles
- roles = (defined?(session) && session && session['user_roles']) ? session['services'] : user_roles(self.current_account.login)
- roles.each do |role|
- if ( role != self.current_account.login and
- PolKit.polkit_check( action, role) == :yes)
- Rails.logger.debug "Action: #{action} User: #{self.current_account.login} WITH role #{role} Result: ok"
- return true
+ begin
+ if PolKit.polkit_check( action, self.current_account.login) == :yes
+ Rails.logger.debug "Action: #{action} User: #{self.current_account.login} Result: ok"
+ return true
+ end
+ #checking roles
+ roles = (defined?(session) && session && session['user_roles']) ? session['services'] : user_roles(self.current_account.login)
+ roles.each do |role|
+ if ( role != self.current_account.login and
+ PolKit.polkit_check( action, role) == :yes)
+ Rails.logger.debug "Action: #{action} User: #{self.current_account.login} WITH role #{role} Result: ok"
+ return true
+ end
end
+ Rails.logger.debug "Action: #{action} User: #{self.current_account.login} Result: NOT granted"
+ raise NoPermissionException.new(action, self.current_account.login)
+ rescue RuntimeError => e
+ Rails.logger.info e
+ raise PolicyKitException.new(e.message, self.current_account.login, action)
end
- Rails.logger.debug "Action: #{action} User: #{self.current_account.login} Result: NOT granted"
- return false
- rescue Exception => e
- Rails.logger.error "permission_check() exception: #{$!}"
-# Rails.logger.debug $@.join("\n")
- return false
end
end
diff --git a/webservice/test/unit/yast_roles_test.rb b/webservice/test/unit/yast_roles_test.rb
index 34a52da..0ad164b 100644
--- a/webservice/test/unit/yast_roles_test.rb
+++ b/webservice/test/unit/yast_roles_test.rb
@@ -27,15 +27,16 @@ class YastRolesTest < ActiveSupport::TestCase
def test_permission_check_no_account
@current_account = nil
- assert !permission_check(nil)
+ assert_raise(NotLoggedException) { permission_check(nil) }
end
def test_action_nil
- assert !permission_check(nil)
+ assert_raise(NoPermissionException) { permission_check(nil) }
end
def test_action_dummy
- assert !permission_check("dummy")
+ def PolKit.polkit_check(action,login) return :no end
+ assert_raise(NoPermissionException) { permission_check("dummy") }
end
def test_polkit_override
@@ -51,6 +52,6 @@ class YastRolesTest < ActiveSupport::TestCase
def test_role_not_ok
@current_account = CurrentLogin.new "nobody"
def PolKit.polkit_check(action,login) return :yes if login == "network_admin" end
- assert !permission_check("dummy")
+ assert_raise(NoPermissionException) { permission_check("dummy") }
end
end
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org