ref: refs/heads/schubi_after_release
commit 7261ac7a2547c5425bf48734cb77946772cae7d9
Author: Stefan Schubert
Date: Wed Dec 9 18:03:25 2009 +0100
unify checking permissions (bnc#555208)
---
.../app/controllers/permissions_controller.rb | 1 -
webservice/app/models/permission.rb | 42 ++++++++++---------
.../test/functional/permissions_controller_test.rb | 9 +----
webservice/test/unit/permission_test.rb | 15 +++----
4 files changed, 30 insertions(+), 37 deletions(-)
diff --git a/webservice/app/controllers/permissions_controller.rb b/webservice/app/controllers/permissions_controller.rb
index 9b03ebd..fff3c05 100644
--- a/webservice/app/controllers/permissions_controller.rb
+++ b/webservice/app/controllers/permissions_controller.rb
@@ -35,7 +35,6 @@ class PermissionsController < ApplicationController
permission_check "org.opensuse.yast.permissions.read"
end
permission = Permission.find(:all,params)
- logger.debug permission.inspect
respond_to do |format|
format.json { render :json => permission.to_json }
format.xml { render :xml => permission.to_xml }
diff --git a/webservice/app/models/permission.rb b/webservice/app/models/permission.rb
index c2bf11c..952239f 100644
--- a/webservice/app/models/permission.rb
+++ b/webservice/app/models/permission.rb
@@ -2,6 +2,7 @@
# Permission class
#
require 'exceptions'
+require 'polkit'
class Permission
#list of hash { :name => id, :granted => boolean}
@@ -55,16 +56,28 @@ class Permission
end
def mark_granted_permissions_for_user(user)
- res = actions_for_user(user).split(/\n/)
- res = filter_nonsuse_permissions res
- res.each do
- |permission|
- #not much effective n*m where n is count of permissions and
- # m is count of granted permissions
- val = @permissions.detect do
- |value| value[:id]==permission
+ @permissions.collect! do
+ |perm|
+ begin
+ if PolKit.polkit_check( perm[:id], user) == :yes
+ perm[:granted] = true
+ Rails.logger.debug "Action: #{perm[:id]} User: #{user} Result: ok"
+ else
+ perm[:granted] = false
+ Rails.logger.debug "Action: #{perm[:id]} User: #{user} Result: NOT granted"
+ end
+ rescue RuntimeError => e
+ Rails.logger.info e
+ if e.message.include?("does not exist")
+ raise InvalidParameters.new :user_id => "UNKNOWN"
+ else
+ raise PolicyKitException.new(e.message, user, perm[:id])
+ end
+ rescue Exception => e
+ Rails.logger.info e
+ raise
end
- val[:granted] = true if val
+ perm
end
end
private
@@ -81,17 +94,6 @@ private
end
end
- def actions_for_user(user_name)
- check_username user_name
- ret = `LC_ALL=C polkit-auth --user '#{user_name}'` #whitelist usernames so this is secure
- Rails.logger.info ret
- if $?.exitstatus != 0 || ret.include?("cannot look up uid for user")
- Rails.logger.info "status: #{$?.exitstatus} unknown user:"+ret
- raise InvalidParameters.new :user_id => "UNKNOWN"
- end
- return ret || []
- end
-
def all_actions
`polkit-action`
end
diff --git a/webservice/test/functional/permissions_controller_test.rb b/webservice/test/functional/permissions_controller_test.rb
index d40ad63..792667e 100644
--- a/webservice/test/functional/permissions_controller_test.rb
+++ b/webservice/test/functional/permissions_controller_test.rb
@@ -25,17 +25,10 @@ org.opensuse.yast.permissions.read
org.opensuse.yast.permissions.write
EOF
-TEST_DATA_GRANT = <
