Mailinglist Archive: yast-commit (553 mails)
| < Previous | Next > |
[yast-commit] <rest-service> schubi_after_release : unify checking permissions (bnc#555208)
- From: Stefan Schubert <schubi@xxxxxxx>
- Date: Wed, 9 Dec 2009 18:03:25 +0100
- Message-id: <E1NIPwn-00017I-Ld@xxxxxxxxxxxxxxxx>
ref: refs/heads/schubi_after_release
commit 7261ac7a2547c5425bf48734cb77946772cae7d9
Author: Stefan Schubert <schubi@xxxxxxx>
Date: Wed Dec 9 18:03:25 2009 +0100
unify checking permissions (bnc#555208)
---
.../app/controllers/permissions_controller.rb | 1 -
webservice/app/models/permission.rb | 42 ++++++++++---------
.../test/functional/permissions_controller_test.rb | 9 +----
webservice/test/unit/permission_test.rb | 15 +++----
4 files changed, 30 insertions(+), 37 deletions(-)
diff --git a/webservice/app/controllers/permissions_controller.rb
b/webservice/app/controllers/permissions_controller.rb
index 9b03ebd..fff3c05 100644
--- a/webservice/app/controllers/permissions_controller.rb
+++ b/webservice/app/controllers/permissions_controller.rb
@@ -35,7 +35,6 @@ class PermissionsController < ApplicationController
permission_check "org.opensuse.yast.permissions.read"
end
permission = Permission.find(:all,params)
- logger.debug permission.inspect
respond_to do |format|
format.json { render :json => permission.to_json }
format.xml { render :xml => permission.to_xml }
diff --git a/webservice/app/models/permission.rb
b/webservice/app/models/permission.rb
index c2bf11c..952239f 100644
--- a/webservice/app/models/permission.rb
+++ b/webservice/app/models/permission.rb
@@ -2,6 +2,7 @@
# Permission class
#
require 'exceptions'
+require 'polkit'
class Permission
#list of hash { :name => id, :granted => boolean}
@@ -55,16 +56,28 @@ class Permission
end
def mark_granted_permissions_for_user(user)
- res = actions_for_user(user).split(/\n/)
- res = filter_nonsuse_permissions res
- res.each do
- |permission|
- #not much effective n*m where n is count of permissions and
- # m is count of granted permissions
- val = @permissions.detect do
- |value| value[:id]==permission
+ @permissions.collect! do
+ |perm|
+ begin
+ if PolKit.polkit_check( perm[:id], user) == :yes
+ perm[:granted] = true
+ Rails.logger.debug "Action: #{perm[:id]} User: #{user} Result: ok"
+ else
+ perm[:granted] = false
+ Rails.logger.debug "Action: #{perm[:id]} User: #{user} Result: NOT
granted"
+ end
+ rescue RuntimeError => e
+ Rails.logger.info e
+ if e.message.include?("does not exist")
+ raise InvalidParameters.new :user_id => "UNKNOWN"
+ else
+ raise PolicyKitException.new(e.message, user, perm[:id])
+ end
+ rescue Exception => e
+ Rails.logger.info e
+ raise
end
- val[:granted] = true if val
+ perm
end
end
private
@@ -81,17 +94,6 @@ private
end
end
- def actions_for_user(user_name)
- check_username user_name
- ret = `LC_ALL=C polkit-auth --user '#{user_name}'` #whitelist usernames so
this is secure
- Rails.logger.info ret
- if $?.exitstatus != 0 || ret.include?("cannot look up uid for user")
- Rails.logger.info "status: #{$?.exitstatus} unknown user:"+ret
- raise InvalidParameters.new :user_id => "UNKNOWN"
- end
- return ret || []
- end
-
def all_actions
`polkit-action`
end
diff --git a/webservice/test/functional/permissions_controller_test.rb
b/webservice/test/functional/permissions_controller_test.rb
index d40ad63..792667e 100644
--- a/webservice/test/functional/permissions_controller_test.rb
+++ b/webservice/test/functional/permissions_controller_test.rb
@@ -25,17 +25,10 @@ org.opensuse.yast.permissions.read
org.opensuse.yast.permissions.write
EOF
-TEST_DATA_GRANT = <<EOF
-org.opensuse.yast.modules.ysr.statelessregister
-org.opensuse.yast.modules.ysr.getregistrationconfig
-org.freedesktop.network-manager-settings.system.modify
-org.opensuse.yast.module-manager.import
-EOF
-
def setup
@request.session[:account_id] = 1 #fixtures
Permission.any_instance.stubs(:all_actions).returns(TEST_DATA_ACTIONS)
- Permission.any_instance.stubs(:actions_for_user).returns(TEST_DATA_GRANT)
+ PolKit.stubs(:polkit_check).returns(:yes)
end
#TODO more tests (not enough permissions etc.)
diff --git a/webservice/test/unit/permission_test.rb
b/webservice/test/unit/permission_test.rb
index 5e5527f..c9b1543 100644
--- a/webservice/test/unit/permission_test.rb
+++ b/webservice/test/unit/permission_test.rb
@@ -19,20 +19,19 @@ org.opensuse.yast.permissions.read
org.opensuse.yast.permissions.write
EOF
-TEST_DATA_GRANT = <<EOF
-org.opensuse.yast.modules.ysr.statelessregister
-org.opensuse.yast.modules.ysr.getregistrationconfig
-org.freedesktop.network-manager-settings.system.modify
-org.opensuse.yast.module-manager.import
-EOF
-
TEST_NONEXIST = <<EOF
polkit-auth: cannot look up uid for user 'nonexist'
EOF
def setup
Permission.any_instance.stubs(:all_actions).returns(TEST_DATA_ACTIONS)
- Permission.any_instance.stubs(:actions_for_user).returns(TEST_DATA_GRANT)
+ PolKit.stubs(:polkit_check).returns(:no)
+ ["org.opensuse.yast.modules.ysr.statelessregister",
+ "org.opensuse.yast.modules.ysr.getregistrationconfig",
+ "org.freedesktop.network-manager-settings.system.modify",
+ "org.opensuse.yast.module-manager.import"].each do |perm|
+ PolKit.stubs(:polkit_check).with(perm,"test").returns(:yes)
+ end
end
def test_find_all
--
To unsubscribe, e-mail: yast-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-commit+help@xxxxxxxxxxxx
commit 7261ac7a2547c5425bf48734cb77946772cae7d9
Author: Stefan Schubert <schubi@xxxxxxx>
Date: Wed Dec 9 18:03:25 2009 +0100
unify checking permissions (bnc#555208)
---
.../app/controllers/permissions_controller.rb | 1 -
webservice/app/models/permission.rb | 42 ++++++++++---------
.../test/functional/permissions_controller_test.rb | 9 +----
webservice/test/unit/permission_test.rb | 15 +++----
4 files changed, 30 insertions(+), 37 deletions(-)
diff --git a/webservice/app/controllers/permissions_controller.rb
b/webservice/app/controllers/permissions_controller.rb
index 9b03ebd..fff3c05 100644
--- a/webservice/app/controllers/permissions_controller.rb
+++ b/webservice/app/controllers/permissions_controller.rb
@@ -35,7 +35,6 @@ class PermissionsController < ApplicationController
permission_check "org.opensuse.yast.permissions.read"
end
permission = Permission.find(:all,params)
- logger.debug permission.inspect
respond_to do |format|
format.json { render :json => permission.to_json }
format.xml { render :xml => permission.to_xml }
diff --git a/webservice/app/models/permission.rb
b/webservice/app/models/permission.rb
index c2bf11c..952239f 100644
--- a/webservice/app/models/permission.rb
+++ b/webservice/app/models/permission.rb
@@ -2,6 +2,7 @@
# Permission class
#
require 'exceptions'
+require 'polkit'
class Permission
#list of hash { :name => id, :granted => boolean}
@@ -55,16 +56,28 @@ class Permission
end
def mark_granted_permissions_for_user(user)
- res = actions_for_user(user).split(/\n/)
- res = filter_nonsuse_permissions res
- res.each do
- |permission|
- #not much effective n*m where n is count of permissions and
- # m is count of granted permissions
- val = @permissions.detect do
- |value| value[:id]==permission
+ @permissions.collect! do
+ |perm|
+ begin
+ if PolKit.polkit_check( perm[:id], user) == :yes
+ perm[:granted] = true
+ Rails.logger.debug "Action: #{perm[:id]} User: #{user} Result: ok"
+ else
+ perm[:granted] = false
+ Rails.logger.debug "Action: #{perm[:id]} User: #{user} Result: NOT
granted"
+ end
+ rescue RuntimeError => e
+ Rails.logger.info e
+ if e.message.include?("does not exist")
+ raise InvalidParameters.new :user_id => "UNKNOWN"
+ else
+ raise PolicyKitException.new(e.message, user, perm[:id])
+ end
+ rescue Exception => e
+ Rails.logger.info e
+ raise
end
- val[:granted] = true if val
+ perm
end
end
private
@@ -81,17 +94,6 @@ private
end
end
- def actions_for_user(user_name)
- check_username user_name
- ret = `LC_ALL=C polkit-auth --user '#{user_name}'` #whitelist usernames so
this is secure
- Rails.logger.info ret
- if $?.exitstatus != 0 || ret.include?("cannot look up uid for user")
- Rails.logger.info "status: #{$?.exitstatus} unknown user:"+ret
- raise InvalidParameters.new :user_id => "UNKNOWN"
- end
- return ret || []
- end
-
def all_actions
`polkit-action`
end
diff --git a/webservice/test/functional/permissions_controller_test.rb
b/webservice/test/functional/permissions_controller_test.rb
index d40ad63..792667e 100644
--- a/webservice/test/functional/permissions_controller_test.rb
+++ b/webservice/test/functional/permissions_controller_test.rb
@@ -25,17 +25,10 @@ org.opensuse.yast.permissions.read
org.opensuse.yast.permissions.write
EOF
-TEST_DATA_GRANT = <<EOF
-org.opensuse.yast.modules.ysr.statelessregister
-org.opensuse.yast.modules.ysr.getregistrationconfig
-org.freedesktop.network-manager-settings.system.modify
-org.opensuse.yast.module-manager.import
-EOF
-
def setup
@request.session[:account_id] = 1 #fixtures
Permission.any_instance.stubs(:all_actions).returns(TEST_DATA_ACTIONS)
- Permission.any_instance.stubs(:actions_for_user).returns(TEST_DATA_GRANT)
+ PolKit.stubs(:polkit_check).returns(:yes)
end
#TODO more tests (not enough permissions etc.)
diff --git a/webservice/test/unit/permission_test.rb
b/webservice/test/unit/permission_test.rb
index 5e5527f..c9b1543 100644
--- a/webservice/test/unit/permission_test.rb
+++ b/webservice/test/unit/permission_test.rb
@@ -19,20 +19,19 @@ org.opensuse.yast.permissions.read
org.opensuse.yast.permissions.write
EOF
-TEST_DATA_GRANT = <<EOF
-org.opensuse.yast.modules.ysr.statelessregister
-org.opensuse.yast.modules.ysr.getregistrationconfig
-org.freedesktop.network-manager-settings.system.modify
-org.opensuse.yast.module-manager.import
-EOF
-
TEST_NONEXIST = <<EOF
polkit-auth: cannot look up uid for user 'nonexist'
EOF
def setup
Permission.any_instance.stubs(:all_actions).returns(TEST_DATA_ACTIONS)
- Permission.any_instance.stubs(:actions_for_user).returns(TEST_DATA_GRANT)
+ PolKit.stubs(:polkit_check).returns(:no)
+ ["org.opensuse.yast.modules.ysr.statelessregister",
+ "org.opensuse.yast.modules.ysr.getregistrationconfig",
+ "org.freedesktop.network-manager-settings.system.modify",
+ "org.opensuse.yast.module-manager.import"].each do |perm|
+ PolKit.stubs(:polkit_check).with(perm,"test").returns(:yes)
+ end
end
def test_find_all
--
To unsubscribe, e-mail: yast-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-commit+help@xxxxxxxxxxxx
| < Previous | Next > |