RubyGems - foreman-tasks - Versions diffs - 0.14.5 → 0.14.6 - Mend

foreman-tasks 0.14.5 → 0.14.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/app/controllers/foreman_tasks/api/tasks_controller.rb +3 -3
data/app/controllers/foreman_tasks/tasks_controller.rb +2 -2
data/app/models/foreman_tasks/task/summarizer.rb +8 -4
data/lib/foreman_tasks/version.rb +1 -1
data/test/controllers/api/tasks_controller_test.rb +37 -13
data/test/controllers/tasks_controller_test.rb +18 -0
data/test/unit/task_test.rb +3 -1
metadata +3 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f651b03116f8e483229e92bad65056ad96c2e1922850d0dd93f5a347d0f34f46
-  data.tar.gz: 8f1fa49ba1dcd42f2c4508e2dd4d12a981a7fdd5c6233f48d76770276d47ad55
+  metadata.gz: 675f98353547dd5b378bfe5055c60e976618b39754e4d46e0d361641ee8640e0
+  data.tar.gz: 2de7b22aaaacdb644d953e0aeb4c0e7ba6083e2f9650248baf021b78d0ff7474
 SHA512:
-  metadata.gz: 93904ebc7747a5aa2e49862c243b7330eb1d804fe4d5c58fc87da036e052c8c3cd088bbcf7d25d4d12b41118d0398f0ab2d923c846369368af1b8602e89b079a
-  data.tar.gz: 83eac16d2413eb0aab6e2a14eb618ff570e4aada7aa9b1c3f80ddded23cd53303ca77c9b569b9af7638782445d5b59fed490df9d0c31e451c53f78d7eda34373
+  metadata.gz: bab26f5c355c09ea6d292e2b10fc011d41c769c91fa863985a89a43075d831b2115f5222c3f5c276054f09272fb39e4d03b9957dbb0d75a50b6a7025b4031e57
+  data.tar.gz: 2651f86adccfd7469c01268c7408115547e94e90723a752a9d047c59c4431204cbb606815b40245893ff8d142657cf65e7a493d063a20d89416fd7f0a917879d

data/app/controllers/foreman_tasks/api/tasks_controller.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module ForemanTasks
       api :GET, '/tasks/summary', 'Show task summary'
       def summary
-        render :json => ForemanTasks::Task::Summarizer.new.summarize_by_status
+        render :json => ForemanTasks::Task::Summarizer.new(resource_scope).summarize_by_status
       end
       api :GET, '/tasks/:id', 'Show task details'
@@ -248,7 +248,7 @@ module ForemanTasks
       end
       def find_task
-        @task = Task.find(params[:id])
+        @task = resource_scope.find(params[:id])
       end
       def resource_scope(_options = {})
@@ -257,7 +257,7 @@ module ForemanTasks
       def action_permission
         case params[:action]
-        when 'bulk_search'
+        when 'bulk_search', 'summary'
           :view
         when 'bulk_resume'
           :edit

data/app/controllers/foreman_tasks/tasks_controller.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module ForemanTasks
     before_action :restrict_dangerous_actions, :only => [:unlock, :force_unlock]
     def show
-      @task = Task.find(params[:id])
+      @task = resource_base.find(params[:id])
     end
     def index
@@ -24,7 +24,7 @@ module ForemanTasks
     end
     def sub_tasks
-      task   = Task.find(params[:id])
+      task   = resource_base.find(params[:id])
       @tasks = filter(task.sub_tasks)
       render :index
     end

data/app/models/foreman_tasks/task/summarizer.rb CHANGED Viewed

@@ -1,15 +1,19 @@
 module ForemanTasks
   class Task::Summarizer
+    def initialize(scope = Task.authorized)
+      @scope = scope
+    end
     def summarize_by_status(since = nil)
-      result = ::ForemanTasks::Task.where("result <> 'success'")
-                                   .select('count(state) AS count, state, result, max(started_at) AS started_at')
-                                   .group(:state, :result).order(:state)
+      result = @scope.where("result <> 'success'")
+                     .select('count(state) AS count, state, result, max(started_at) AS started_at')
+                     .group(:state, :result).order(:state)
       result = result.where('started_at > ?', since) if since
       result
     end
     def latest_tasks_in_errors_warning(limit = 5)
-      ::ForemanTasks::Task.where('result in (?)', %w[error warning]).order('started_at DESC').limit(limit)
+      @scope.where('result in (?)', %w[error warning]).order('started_at DESC').limit(limit)
     end
   end
 end

data/lib/foreman_tasks/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ForemanTasks
-  VERSION = '0.14.5'.freeze
+  VERSION = '0.14.6'.freeze
 end

data/test/controllers/api/tasks_controller_test.rb CHANGED Viewed

@@ -25,6 +25,13 @@ module ForemanTasks
           assert_response :missing
           assert_includes @response.body, 'Resource task not found by id'
         end
+        it 'does not show task the user is not allowed to see' do
+          setup_user('view', 'foreman_tasks', 'owner.id = current_user')
+          get :show, params: { id: FactoryBot.create(:some_task).id },
+                     session: set_session_user(User.current)
+          assert_response :not_found
+        end
       end
       describe 'GET /api/tasks/summary' do
@@ -41,24 +48,41 @@ module ForemanTasks
               suspend
             end
           end
+          def self.while_suspended
+            triggered = ForemanTasks.trigger(DummyTestSummaryAction, true)
+            wait_for { ForemanTasks::Task.find_by(external_id: triggered.id).state == 'running' }
+            wait_for do
+              w = ForemanTasks.dynflow.world
+              w.persistence.load_step(triggered.id, 2, w).state == :suspended
+            end
+            yield
+            ForemanTasks.dynflow.world.event(triggered.id, 2, nil)
+            triggered.finished.wait
+          end
         end
         test_attributes :pid => 'bdcab413-a25d-4fe1-9db4-b50b5c31ebce'
         it 'get tasks summary' do
-          triggered = ForemanTasks.trigger(DummyTestSummaryAction, true)
-          wait_for { ForemanTasks::Task.find_by(external_id: triggered.id).state == 'running' }
-          wait_for do
-            w = ForemanTasks.dynflow.world
-            w.persistence.load_step(triggered.id, 2, w).state == :suspended
+          DummyTestSummaryAction.while_suspended do
+            get :summary
+            assert_response :success
+            response = JSON.parse(@response.body)
+            assert_kind_of Array, response
+            assert_not response.empty?
+            assert_kind_of Hash, response[0]
+          end
+        end
+        it 'gets tasks summary only for tasks the user is allowed to see' do
+          DummyTestSummaryAction.while_suspended do
+            setup_user('view', 'foreman_tasks', 'owner.id = current_user')
+            get :summary
+            assert_response :success
+            response = JSON.parse(@response.body)
+            assert_kind_of Array, response
+            assert response.empty?
           end
-          get :summary
-          assert_response :success
-          response = JSON.parse(@response.body)
-          assert_kind_of Array, response
-          assert_not response.empty?
-          assert_kind_of Hash, response[0]
-          ForemanTasks.dynflow.world.event(triggered.id, 2, nil)
-          triggered.finished.wait
         end
       end

data/test/controllers/tasks_controller_test.rb CHANGED Viewed

@@ -32,6 +32,24 @@ module ForemanTasks
         assert_include response.body.lines[1], 'Some action'
       end
+      describe 'show' do
+        it 'does not allow user without permissions to see task details' do
+          setup_user('view', 'foreman_tasks', 'owner.id = current_user')
+          get :show, params: { id: FactoryBot.create(:some_task).id },
+                     session: set_session_user(User.current)
+          assert_response :not_found
+        end
+      end
+      describe 'sub_tasks' do
+        it 'does not allow user without permissions to see task details' do
+          setup_user('view', 'foreman_tasks', 'owner.id = current_user')
+          get :sub_tasks, params: { id: FactoryBot.create(:some_task).id },
+                          session: set_session_user(User.current)
+          assert_response :not_found
+        end
+      end
       describe 'taxonomy scoping' do
         let(:organizations) { (0..1).map { FactoryBot.create(:organization) } }
         let(:tasks) { organizations.map { |o| linked_task(o) } + [FactoryBot.create(:some_task)] }

data/test/unit/task_test.rb CHANGED Viewed

@@ -84,9 +84,11 @@ class TasksTest < ActiveSupport::TestCase
   end
   describe 'task without valid execution plan' do
+    let(:missing_task_uuid) { '11111111-2222-3333-4444-555555555555' }
     let(:task) do
       task = FactoryBot.create(:dynflow_task).tap do |task|
-        task.external_id = 'missing-task'
+        task.external_id = missing_task_uuid
         task.save
       end
       ForemanTasks::Task.find(task.id)

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman-tasks
 version: !ruby/object:Gem::Version
-  version: 0.14.5
+  version: 0.14.6
 platform: ruby
 authors:
 - Ivan Nečas
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-12-21 00:00:00.000000000 Z
+date: 2019-07-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: foreman-tasks-core
@@ -299,8 +299,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.3
+rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
 summary: Foreman plugin for showing tasks information for resoruces and users