foreman-tasks 0.6.10 → 0.6.11

data/README.md

@@ -1,25 +1,42 @@
 Foreman Tasks
 =============
 
-Tasks management engine for Foreman. Gives you and overview of what's
-happening/happened in your Foreman instance.
+Tasks management engine for Foreman. Gives you an overview of what's
+happening/happened in your Foreman instance. A framework for asynchronous tasks in Foreman.
+
+* Website: [TheForeman.org](http://theforeman.org)
+* ServerFault tag: [Foreman](http://serverfault.com/questions/tagged/foreman)
+* Issues: [foreman-tasks Redmine](http://projects.theforeman.org/projects/foreman-tasks)
+* Wiki: [Foreman wiki](http://projects.theforeman.org/projects/foreman/wiki/About)
+* Community and support: #theforeman for general support, #theforeman-dev for development chat in [Freenode](irc.freenode.net)
+* Mailing lists:
+    * [foreman-users](https://groups.google.com/forum/?fromgroups#!forum/foreman-users)
+    * [foreman-dev](https://groups.google.com/forum/?fromgroups#!forum/foreman-dev)
 
 Installation
 ------------
 
-Put the following to your Foreman's bundle.d/Gemfile.local.rb:
+Please see the Foreman manual for appropriate instructions:
 
-```ruby
-gem 'dynflow',       :git => 'https://github.com/Dynflow/dynflow.git'
-gem 'foreman-tasks', :git => 'https://github.com/theforeman/foreman-tasks.git'
-```
+* [Foreman: How to Install a Plugin](http://theforeman.org/manuals/latest/index.html#6.1InstallaPlugin)
 
-Run:
+### Red Hat, CentOS, Fedora, Scientific Linux (rpm)
 
-```bash
-bundle install
-rake db:migrate
-```
+Set up the repo as explained in the link above, then run
+
+    # yum install ruby193-rubygem-foreman-tasks
+
+### Bundle (gem)
+
+Add the following to bundler.d/Gemfile.local.rb in your Foreman installation directory (/usr/share/foreman by default)
+
+    $ gem 'foreman-tasks'
+
+Then run `bundle install` and `foreman-rake db:migrate` from the same directory
+
+--------------
+
+To verify that the installation was successful, go to Foreman, top bar **Administer > About** and check 'foreman-tasks' shows up in the **System Status** menu under the Plugins tab. You should also see a **'Tasks'** button under the **Monitor** menu in the top bar.
 
 Usage
 -----

data/app/controllers/foreman_tasks/api/tasks_controller.rb

@@ -26,7 +26,7 @@ module ForemanTasks
       class BadRequest < Apipie::ParamError
       end
 
-      before_filter :find_task, :only => [:show]
+      before_filter :find_resource, :only => [:show]
 
       api :GET, "/tasks/:id", "Show task details"
       param :id, :identifier, desc: "UUID of the task"
@@ -79,7 +79,7 @@ module ForemanTasks
       private
 
       def search_tasks(search_params)
-        scope = ::ForemanTasks::Task.select('DISTINCT foreman_tasks_tasks.*')
+        scope = resource_scope_for_index.select('DISTINCT foreman_tasks_tasks.*')
         scope = ordering_scope(scope, search_params)
         scope = search_scope(scope, search_params)
         scope = active_scope(scope, search_params)
@@ -157,8 +157,17 @@ module ForemanTasks
 
       private
 
-      def find_task
-        @task = Task.find_by_id(params[:id])
+      def resource_scope(options = {})
+        @resource_scope ||= ForemanTasks::Task.authorized("#{action_permission}_foreman_tasks")
+      end
+
+      def action_permission
+        case params[:action]
+        when 'bulk_search'
+          :view
+        else
+          super
+        end
       end
     end
   end

data/app/controllers/foreman_tasks/tasks_controller.rb

@@ -3,29 +3,29 @@ module ForemanTasks
     include Foreman::Controller::AutoCompleteSearch
 
     def show
-      @task = Task.find(params[:id])
+      @task = find_resource
     end
 
     def index
       params[:order] ||= 'started_at DESC'
-      @tasks         = filter(Task)
+      @tasks         = filter(resource_base)
     end
 
     def sub_tasks
-      task   = Task.find(params[:id])
+      task   = find_resource
       @tasks = filter(task.sub_tasks)
       render :index
     end
 
     def cancel_step
-      task = find_task
+      task = find_dynflow_task
       flash[:notice] = _("Trying to cancel step %s") % params[:step_id]
       ForemanTasks.dynflow.world.event(task.external_id, params[:step_id].to_i, ::Dynflow::Action::Cancellable::Cancel).wait
       redirect_to foreman_tasks_task_path(task)
     end
 
     def resume
-      task = find_task
+      task = find_dynflow_task
       if task.resumable?
         ForemanTasks.dynflow.world.execute(task.execution_plan.id)
         flash[:notice] = _('The execution was resumed.')
@@ -36,7 +36,7 @@ module ForemanTasks
     end
 
     def unlock
-      task = find_task
+      task = find_dynflow_task
       if task.paused?
         task.state = :stopped
         task.save!
@@ -48,7 +48,7 @@ module ForemanTasks
     end
 
     def force_unlock
-      task       = find_task
+      task       = find_dynflow_task
       task.state = :stopped
       task.save!
       flash[:notice] = _('The task resources were unlocked with force.')
@@ -62,8 +62,27 @@ module ForemanTasks
 
     private
 
-    def find_task
-      ForemanTasks::Task::DynflowTask.find(params[:id])
+    def controller_permission
+      'foreman_tasks'
+    end
+
+    def action_permission
+      case params[:action]
+      when 'sub_tasks'
+        :view
+      when 'resume', 'unlock', 'force_unlock', 'cancel_step'
+        :edit
+      else
+        super
+      end
+    end
+
+    def resource_scope(options = {})
+      @resource_scope ||= ForemanTasks::Task.authorized("#{action_permission}_foreman_tasks")
+    end
+
+    def find_dynflow_task
+      resource_scope.where(:type => 'ForemanTasks::Task::DynflowTask').find(params[:id])
     end
 
     def filter(scope)

data/app/models/foreman_tasks/concerns/action_triggering.rb

@@ -73,6 +73,7 @@ module ForemanTasks
       # of planning phase is expected to be commited when execution occurs. Also
       # we want to be able to rollback the whole db operation when planning fails.
       def plan_action(action_class, *args)
+        return if ForemanTasks.dynflow.config.disable_active_record_actions
         @execution_plan = ::ForemanTasks.dynflow.world.plan(action_class, *args)
         raise @execution_plan.errors.first if @execution_plan.error?
       end
@@ -91,7 +92,10 @@ module ForemanTasks
       # we would start the execution phase inside this transaction which would lead
       # to unexpected results.
       def dynflow_task_wrap(method)
-        return yield if @_dynflow_task_wrapped
+        if ForemanTasks.dynflow.config.disable_active_record_actions ||
+              @_dynflow_task_wrapped
+          return yield
+        end
         @_dynflow_task_wrapped = true
 
         action = case method

data/app/models/foreman_tasks/task.rb

@@ -1,7 +1,8 @@
-require 'uuidtools'
+require 'securerandom'
 
 module ForemanTasks
   class Task < ActiveRecord::Base
+    include Authorizable
 
     # TODO missing validation of states
 
@@ -14,7 +15,8 @@ module ForemanTasks
 
     # in fact, the task has only one owner but Rails don't let you to
     # specify has_one relation though has_many relation
-    has_many :owners, :through => :locks, :source => :resource, :source_type => 'User'
+    has_many :owners, :through => :locks, :source => :resource, :source_type => 'User',
+        :conditions => ["foreman_tasks_locks.name = ?", Lock::OWNER_LOCK_NAME]
 
     scoped_search :on => :id, :complete_value => false
     scoped_search :on => :label, :complete_value => true
@@ -23,6 +25,7 @@ module ForemanTasks
     scoped_search :on => :started_at, :complete_value => false
     scoped_search :in => :locks,  :on => :resource_type, :complete_value => true, :rename => "resource_type", :ext_method => :search_by_generic_resource
     scoped_search :in => :locks,  :on => :resource_id, :complete_value => false, :rename => "resource_id", :ext_method => :search_by_generic_resource
+    scoped_search :in => :owners,  :on => :id, :complete_value => true, :rename => "owner.id", :ext_method => :search_by_owner
     scoped_search :in => :owners,  :on => :login, :complete_value => true, :rename => "owner.login", :ext_method => :search_by_owner
     scoped_search :in => :owners,  :on => :firstname, :complete_value => true, :rename => "owner.firstname", :ext_method => :search_by_owner
 
@@ -83,18 +86,28 @@ module ForemanTasks
     end
 
     def self.search_by_owner(key, operator, value)
+      return { :conditions => '0 = 1' } if value == 'current_user' && User.current.nil?
+
       key_name = self.connection.quote_column_name(key.sub(/^.*\./,''))
-      joins = <<-JOINS
+      joins = <<-SQL
       INNER JOIN foreman_tasks_locks AS foreman_tasks_locks_owner
                  ON (foreman_tasks_locks_owner.task_id = foreman_tasks_tasks.id AND
                      foreman_tasks_locks_owner.resource_type = 'User' AND
                      foreman_tasks_locks_owner.name = '#{Lock::OWNER_LOCK_NAME}')
-      INNER JOIN users
-                 ON (users.id = foreman_tasks_locks_owner.resource_id)
-      JOINS
-
+      SQL
+      if key !~ /\.id\Z/
+        joins << <<-SQL
+        INNER JOIN users
+                   ON (users.id = foreman_tasks_locks_owner.resource_id)
+        SQL
+      end
       condition = if key.blank?
                     sanitize_sql_for_conditions(["users.login #{operator} ? or users.firstname #{operator} ? ", value, value])
+                  elsif key =~ /\.id\Z/
+                    if value == 'current_user'
+                      value = User.current.id
+                    end
+                    sanitize_sql_for_conditions(["foreman_tasks_locks_owner.resource_id #{operator} ?", value])
                   else
                     sanitize_sql_for_conditions(["users.#{key_name} #{operator} ?", value])
                   end
@@ -112,10 +125,15 @@ module ForemanTasks
       end
     end
 
+    def self.authorized_resource_name
+      # We don't want STI subclasses to have separate permissions
+      'ForemanTasks::Task'
+    end
+
     protected
 
     def generate_id
-      self.id ||= UUIDTools::UUID.random_create.to_s
+      self.id ||= SecureRandom.uuid
     end
   end
 end

data/app/views/foreman_tasks/tasks/_details.html.erb

@@ -1,26 +1,27 @@
 <p>
   <%= link_to(_('Auto Reload'), '', class: %w(btn btn-sm btn-default reload-button hidden)) %>
+  <% if authorized_for(:permission => :edit_foreman_tasks, :auth_object => @task) %>
+    <%= link_to(_('Dynflow console'),
+                format((defined?(Rails) ? request.script_name : '') + '/foreman_tasks/dynflow/%s', @task.external_id),
+                class: %w(btn btn-sm btn-default)) if Setting['dynflow_enable_console'] %>
 
-  <%= link_to(_('Dynflow console'),
-              format((defined?(Rails) ? request.script_name : '') + '/foreman_tasks/dynflow/%s', @task.external_id),
-              class: %w(btn btn-sm btn-default)) if Setting['dynflow_enable_console'] %>
+    <%= link_to(_('Resume'),
+                resume_foreman_tasks_task_path(@task),
+                class:  ['btn', 'btn-sm', 'btn-primary', ('disabled' unless @task.resumable?)].compact,
+                method: :post) %>
 
-  <%= link_to(_('Resume'),
-              resume_foreman_tasks_task_path(@task),
-              class:  ['btn', 'btn-sm', 'btn-primary', ('disabled' unless @task.resumable?)].compact,
-              method: :post) %>
+    <%= link_to(_('Unlock'),
+                '',
+                class:         ['btn', 'btn-sm', 'btn-warning', 'reload-button-stop', ('disabled' unless @task.state == 'paused')].compact,
+                :'data-toggle' => "modal",
+                :'data-target' => "#unlock_modal") %>
 
-  <%= link_to(_('Unlock'),
-              '',
-              class:         ['btn', 'btn-sm', 'btn-warning', 'reload-button-stop', ('disabled' unless @task.state == 'paused')].compact,
-              :'data-toggle' => "modal",
-              :'data-target' => "#unlock_modal") %>
-
-  <%= link_to(_('Force Unlock'),
-              '',
-              class:         ['btn', 'btn-sm', 'btn-danger', 'reload-button-stop', ('disabled' if @task.state == 'stopped')].compact,
-              :'data-toggle' => "modal",
-              :'data-target' => "#force_unlock_modal") %>
+    <%= link_to(_('Force Unlock'),
+                '',
+                class:         ['btn', 'btn-sm', 'btn-danger', 'reload-button-stop', ('disabled' if @task.state == 'stopped')].compact,
+                :'data-toggle' => "modal",
+                :'data-target' => "#force_unlock_modal") %>
+  <% end %>
 </p>
 
 <div class="modal fade" id="unlock_modal" tabindex="-1" role="dialog" aria-labelledby="Deploy" aria-hidden="true">
@@ -95,7 +96,7 @@
 </div>
 <div>
   <span class="param-name"><%= _("Result") %>:</span>
-  <span class="param-value"><%= @task.result %></span>
+  <span class="param-value"><%= @task.state == 'running' ? '-' : @task.result %></span>
 </div>
 <div>
   <span class="param-name"><%= _("Params") %>:</span>
@@ -115,16 +116,19 @@
   <div class="col-xs-11">
     <div class="progress progress-striped <%= 'active' if @task.state == 'running' %>">
       <% progress = 100 * @task.progress %>
-      <% classes = ['progress-bar',
-                    case @task.result
-                    when 'success'
-                      'progress-bar-success'
-                    when 'error'
-                      'progress-bar-danger'
-                    else
-                      nil
-                    end]
-      %>
+      <% progress_class = if @task.state == 'running'
+                            nil
+                          else
+                            case @task.result
+                            when 'success'
+                              'progress-bar-success'
+                            when 'error'
+                              'progress-bar-danger'
+                            else
+                              nil
+                            end
+                          end %>
+      <% classes = ['progress-bar', progress_class] %>
       <div class="<%= classes.join ' ' %>"
            role="progressbar"
            aria-valuenow="<%= progress %>"

data/deploy/foreman-tasks.service

@@ -1,6 +1,6 @@
 [Unit]
 Description=Foreman jobs daemon
-Documentation=https://github.com/iNecas/foreman-tasks
+Documentation=https://github.com/theforeman/foreman-tasks
 After=network.target remote-fs.target nss-lookup.target
 
 [Service]

data/lib/foreman_tasks.rb

@@ -3,6 +3,7 @@ require 'foreman_tasks/task_error'
 require 'foreman_tasks/engine'
 require 'foreman_tasks/dynflow'
 require 'foreman_tasks/triggers'
+require 'foreman_tasks/authorizer_ext'
 
 module ForemanTasks
   extend Algebrick::TypeCheck

data/lib/foreman_tasks/authorizer_ext.rb

@@ -0,0 +1,19 @@
+module ForemanTasks
+  # Monkey path until http://projects.theforeman.org/issues/8919 is
+  # resolved and released
+  module AuthorizerExt
+    extend ActiveSupport::Concern
+
+    included do
+      alias_method_chain :resource_name, :authorized_resource_name
+    end
+
+    def resource_name_with_authorized_resource_name(klass)
+      if klass.respond_to?(:authorized_resource_name)
+        return klass.authorized_resource_name
+      else
+        resource_name_without_authorized_resource_name(klass)
+      end
+    end
+  end
+end

data/lib/foreman_tasks/dynflow.rb

@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 require 'dynflow'
 
 module ForemanTasks
@@ -6,6 +7,7 @@ module ForemanTasks
     require 'foreman_tasks/dynflow/configuration'
     require 'foreman_tasks/dynflow/persistence'
     require 'foreman_tasks/dynflow/daemon'
+    require 'foreman_tasks/dynflow/console_authorizer'
 
     def initialize
       @required = false
@@ -82,14 +84,9 @@ module ForemanTasks
     def web_console
       ::Dynflow::WebConsole.setup do
         before do
-          rack_request = Rack::Request.new(env)
-          user_id, expires_at = rack_request.session.
-            values_at('user', 'expires_at')
-          if Setting[:dynflow_console_require_auth] &&
-              (!Setting[:dynflow_enable_console] ||
-               (user_id.nil? || !User.find(user_id).admin) ||
-               Time.now.to_i > expires_at)
-            redirect('dashboard')
+          if !Setting[:dynflow_enable_console] ||
+                (Setting[:dynflow_console_require_auth] && !ConsoleAuthorizer.new(env).allow?)
+            halt 403, 'Access forbidden'
           end
         end
 

data/lib/foreman_tasks/dynflow/configuration.rb

@@ -33,6 +33,11 @@ module ForemanTasks
     # what rake tasks should run their own executor, not depending on the external one
     attr_accessor :rake_tasks_with_executor
 
+    # if true, the ForemanTasks::Concerns::ActionTriggering will make
+    # no effect. Useful for testing, where we mignt not want to execute
+    # the orchestration tied to the models.
+    attr_accessor :disable_active_record_actions
+
     def initialize
       self.action_logger            = Rails.logger
       self.dynflow_logger           = Rails.logger

data/lib/foreman_tasks/dynflow/console_authorizer.rb

@@ -0,0 +1,52 @@
+# -*- coding: utf-8 -*-
+module ForemanTasks
+  class Dynflow::ConsoleAuthorizer
+    def initialize(env)
+      @rack_request          = Rack::Request.new(env)
+      @user_id, @expires_at = @rack_request.session.values_at('user', 'expires_at')
+      @user                 = User.find_by_id(@user_id) unless session_expired?
+    end
+
+    def allow?
+      @user && (unlimited_edit? || authorized_for_task?)
+    end
+
+    private
+
+    def session_expired?
+      Time.now.to_i > @expires_at.to_i
+    end
+
+    def unlimited_edit?
+      return true if @user.admin?
+      # users with unlimited edit_foreman_tasks can operate with the
+      # console no matter what task it is…
+      edit_permission = Permission.where(:name => :edit_foreman_tasks, :resource_type => ForemanTasks::Task.name).first
+      if @user.filters.joins(:filterings).unlimited.where('filterings.permission_id' => edit_permission).first
+        return true
+      end
+    end
+
+    def authorized_for_task?
+      if task = extract_task
+        begin
+          original_user = User.current
+          User.current = @user
+          return Authorizer.new(@user).can?(:edit_foreman_tasks, task)
+        ensure
+          User.current = original_user
+        end
+      else
+        return false
+      end
+    end
+
+    def extract_task
+      dynflow_id = @rack_request.path_info[/^\/([\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12})/,1]
+      unless dynflow_id.empty?
+        ForemanTasks::Task::DynflowTask.where(:external_id => dynflow_id).first
+      end
+    end
+
+  end
+end

data/lib/foreman_tasks/engine.rb

@@ -14,6 +14,22 @@ module ForemanTasks
              :url_hash => { :controller => 'foreman_tasks/tasks', :action => :index },
              :caption  => N_('Tasks'),
              :parent   => :monitor_menu
+
+        security_block :foreman_tasks do |map|
+          permission :view_foreman_tasks, {:'foreman_tasks/tasks' => [:auto_complete_search, :sub_tasks, :index, :show],
+                                           :'foreman_tasks/api/tasks' => [:bulk_search, :show] }, :resource_type => ForemanTasks::Task.name
+          permission :edit_foreman_tasks, {:'foreman_tasks/tasks' => [:resume, :unlock, :force_unlock, :cancel_step]}, :resource_type => ForemanTasks::Task.name
+        end
+
+        view_permission = Permission.where(:name => :view_foreman_tasks, :resource_type => ForemanTasks::Task.name).first
+        unless Role.anonymous.permissions.include?(view_permission)
+          Role.anonymous.filters.create(:search => 'owner.id = current_user') do |filter|
+            filter.filterings.build { |f| f.permission = view_permission }
+          end
+        end
+
+        role "Tasks Manager", [:view_foreman_tasks, :edit_foreman_tasks]
+        role "Tasks Reader", [:view_foreman_tasks]
       end
     end
 
@@ -53,11 +69,8 @@ module ForemanTasks
     end
 
     initializer "foreman_tasks.initialize_dynflow" do
-      ForemanTasks.dynflow.eager_load_actions!
-      ActionDispatch::Reloader.to_prepare do
-        ForemanTasks.dynflow.eager_load_actions!
-      end
 
+      ForemanTasks.dynflow.eager_load_actions!
       ForemanTasks.dynflow.config.increase_db_pool_size
 
       unless ForemanTasks.dynflow.config.lazy_initialization
@@ -73,8 +86,16 @@ module ForemanTasks
       end
     end
 
+    config.to_prepare do
+      ForemanTasks.dynflow.eager_load_actions!
+
+      Authorizer.send(:include, AuthorizerExt)
+    end
+
+
     rake_tasks do
       load File.expand_path('../tasks/dynflow.rake', __FILE__)
+      load File.expand_path('../tasks/test.rake', __FILE__)
     end
   end
 

data/lib/foreman_tasks/tasks/test.rake

@@ -0,0 +1,22 @@
+namespace :test do
+  task :foreman_tasks => 'db:test:prepare' do
+    test_task = Rake::TestTask.new('foreman_tasks_test_task') do |t|
+      t.libs << ["test", "#{ForemanTasks::Engine.root}/test"]
+      t.test_files = ["#{ForemanTasks::Engine.root}/test/**/*_test.rb"]
+      t.verbose = true
+    end
+
+    Rake::Task[test_task.name].invoke
+  end
+end
+
+Rake::Task[:test].enhance do
+  Rake::Task['test:foreman_tasks'].invoke
+end
+
+load 'tasks/jenkins.rake'
+if Rake::Task.task_defined?(:'jenkins:unit')
+  Rake::Task["jenkins:unit"].enhance do
+    Rake::Task['test:foreman_tasks'].invoke
+  end
+end

data/lib/foreman_tasks/version.rb

@@ -1,3 +1,3 @@
 module ForemanTasks
-  VERSION = "0.6.10"
+  VERSION = "0.6.11"
 end

data/test/controllers/api/tasks_controller_test.rb

@@ -0,0 +1,23 @@
+require "foreman_tasks_test_helper"
+
+module ForemanTasks
+  class Api::TasksControllerTest < ActionController::TestCase
+    describe 'tasks api controller' do
+      tests ForemanTasks::Api::TasksController
+
+      before do
+        User.current = User.where(:login => 'apiadmin').first
+        @request.env['HTTP_ACCEPT'] = 'application/json'
+        @request.env['CONTENT_TYPE'] = 'application/json'
+        @task = FactoryGirl.create(:dynflow_task, :user_create_task)
+      end
+
+      it 'searches for task on GET' do
+        get(:show, :id => @task.id)
+        assert_response :success
+        assert_template 'api/tasks/show'
+      end
+
+    end
+  end
+end

data/test/factories/task_factory.rb

@@ -0,0 +1,41 @@
+FactoryGirl.define do
+  factory :some_task, :class => ForemanTasks::Task do
+    sequence(:label) { |n| "task#{n}" }
+    type 'ForemanTasks::Task'
+    state 'stopped'
+    result 'success'
+
+    transient do
+      set_owner nil
+    end
+
+    after(:create) do |task, evaluator|
+      ForemanTasks::Lock.owner!(evaluator.set_owner, task.id) if evaluator.set_owner
+    end
+
+    factory :dynflow_task, :class => ForemanTasks::Task::DynflowTask do
+      label "Support::DummyDynflowAction"
+      type "ForemanTasks::Task::DynflowTask"
+      started_at "2014-10-01 11:15:55"
+      ended_at "2014-10-01 11:15:57"
+      state "stopped"
+      result "success"
+      parent_task_id nil
+
+      after(:build) do |task|
+        dynflow_task = ForemanTasks.dynflow.world.plan(Support::DummyDynflowAction)
+        # remove the task created automatically by the persistence
+        ForemanTasks::Task.where(:external_id => dynflow_task.id).delete_all
+        task.external_id = dynflow_task.id
+      end
+
+      trait :user_create_task do
+        label "Actions::User::Create"
+      end
+
+      trait :product_create_task do
+        label "Actions::Katello::Product::Create"
+      end
+    end
+  end
+end

data/test/foreman_tasks_test_helper.rb

@@ -0,0 +1,8 @@
+require 'test_helper'
+require_relative './support/dummy_dynflow_action'
+
+FactoryGirl.definition_file_paths = ["#{ForemanTasks::Engine.root}/test/factories"]
+FactoryGirl.find_definitions
+
+ForemanTasks.dynflow.require!
+ForemanTasks.dynflow.config.disable_active_record_actions = true

data/test/helpers/foreman_tasks/tasks_helper_test.rb

@@ -0,0 +1,48 @@
+require "foreman_tasks_test_helper"
+
+module ForemanTasks
+  class TasksHelperTest < ActionView::TestCase
+
+    describe 'when formatting simple input' do
+      before do
+        @task = FactoryGirl.build(:dynflow_task, :user_create_task)
+        humanized = {:action=>"Create", :input=>[[:user, {:text=>"user 'Anonymous Admin'", :link=>nil}]], :output=>"", :errors=>[]}
+        @task.stubs(:input).returns({"user"=>{"id"=>1, "name"=>"Anonymous Admin"}, "locale"=>"en"})
+        @task.stubs(:humanized).returns(humanized)
+      end
+
+      it 'formats the task input properly' do
+        expects(:h).with("user 'Anonymous Admin'")
+        format_task_input(@task)
+        expects(:h).with("Create user 'Anonymous Admin'")
+        format_task_input(@task, true)
+      end
+
+    end
+
+    describe 'when formatting input' do
+      before do
+        @task = FactoryGirl.build(:dynflow_task, :product_create_task)
+        humanized = {:action=>"Create",
+                     :input=>[[:product, {:text=>"product 'product-2'", :link=>"#/products/3/info"}], [:organization, {:text=>"organization 'test-0'", :link=>"/organizations/3/edit"}]],
+                     :output=>"",
+                     :errors=>[]}
+        input = {"product"=>{"id"=>3, "name"=>"product-2", "label"=>"product-2", "cp_id"=>nil},
+                 "provider"=>{"id"=>3, "name"=>"Anonymous"},
+                 "organization"=>{"id"=>3, "name"=>"test-0", "label"=>"test-0"},
+                 "cp_id"=>"1412251033866",
+                 "locale"=>"en"}
+        @task.stubs(:input).returns(input)
+        @task.stubs(:humanized).returns(humanized)
+      end
+
+      it 'formats the task input properly' do
+        response = "product 'product-2'; organization 'test-0'"
+        expects(:h).with(response)
+        format_task_input(@task)
+        expects(:h).with("Create #{response}")
+        format_task_input(@task, true)
+      end
+    end
+  end
+end

data/test/support/dummy_dynflow_action.rb

@@ -0,0 +1,4 @@
+module Support
+  class DummyDynflowAction < Dynflow::Action
+  end
+end

data/test/unit/dynflow_console_authorizer_test.rb

@@ -0,0 +1,79 @@
+require "foreman_tasks_test_helper"
+
+module ForemanTasks
+  class DynflowConsoleAuthorizerTest <  ActiveSupport::TestCase
+    include Rack::Test::Methods
+
+    before do
+      User.current = User.where(:login => 'apiadmin').first
+    end
+
+    let(:own_task)     { FactoryGirl.create(:dynflow_task, :set_owner => user) }
+    let(:foreign_task) { FactoryGirl.create(:dynflow_task) }
+
+    let(:edit_foreman_tasks_permission) do
+      FactoryGirl.build(:permission).tap do |permission|
+        permission.name = :edit_foreman_tasks
+        permission.resource_type = ForemanTasks::Task.name
+        permission.save!
+      end
+    end
+
+    def dynflow_console_authorized?(task = nil)
+      dynflow_path = '/'
+      dynflow_path += task.external_id.to_s if task
+      dynflow_rack_env = { "rack.session" => { "user" => user.id, "expires_at" => Time.now + 100 },
+                           "PATH_INFO"     => dynflow_path}
+      ForemanTasks::Dynflow::ConsoleAuthorizer.new(dynflow_rack_env).allow?
+    end
+
+    describe 'admin user' do
+      let(:user) { FactoryGirl.create(:user, :admin) }
+      it 'can see all tasks' do
+        assert dynflow_console_authorized?
+        assert dynflow_console_authorized?(own_task)
+        assert dynflow_console_authorized?(foreign_task)
+      end
+    end
+
+    describe 'user with unlimited edit_foreman_tasks permissions' do
+      let(:user) do
+        user_role = FactoryGirl.create(:user_user_role)
+        FactoryGirl.create(:filter,
+                           :role => user_role.role, :permissions => [edit_foreman_tasks_permission])
+        user_role.owner
+      end
+
+      it 'can see all tasks' do
+        assert dynflow_console_authorized?
+        assert dynflow_console_authorized?(own_task)
+        assert dynflow_console_authorized?(foreign_task)
+      end
+    end
+
+    describe 'user with limited edit_foreman_tasks permissions' do
+      let(:user) do
+        user_role = FactoryGirl.create(:user_user_role)
+        FactoryGirl.create(:filter,
+                           :search => 'owner.id = current_user',
+                           :role => user_role.role, :permissions => [edit_foreman_tasks_permission])
+        user_role.owner
+      end
+
+      it 'can see only the tasks he has permissions on' do
+        refute dynflow_console_authorized?
+        assert dynflow_console_authorized?(own_task)
+        refute dynflow_console_authorized?(foreign_task)
+      end
+    end
+
+    describe 'user without edit_foreman_tasks permissions' do
+      let(:user) { FactoryGirl.create(:user) }
+      it 'can not see any tasks' do
+        refute dynflow_console_authorized?
+        refute dynflow_console_authorized?(own_task)
+        refute dynflow_console_authorized?(foreign_task)
+      end
+    end
+  end
+end

data/test/unit/task_test.rb

@@ -0,0 +1,37 @@
+require 'foreman_tasks_test_helper'
+
+class TasksTest < ActiveSupport::TestCase
+  describe 'filtering by current user' do
+    before { @original_current_user = User.current }
+    after  { User.current = @original_current_user }
+
+    test "can search the tasks by current_user" do
+      user_one = FactoryGirl.create(:user)
+      user_two = FactoryGirl.create(:user)
+
+      task_one = FactoryGirl.create(:some_task, :set_owner => user_one)
+      task_two = FactoryGirl.create(:some_task, :set_owner => user_two)
+
+      User.current = user_one
+      assert_equal [task_one], ForemanTasks::Task.search_for("owner.id = current_user")
+    end
+  end
+
+  describe 'authorization filtering' do
+    it 'can filter by the task subject' do
+      user_role  = FactoryGirl.create(:user_user_role)
+      user       = user_role.owner
+      role       = user_role.role
+      permission = FactoryGirl.build(:permission)
+      permission.resource_type = 'ForemanTasks::Task'
+      permission.save!
+      FactoryGirl.create(:filter, :role => role, :permissions => [permission])
+
+      User.current = user
+      task = FactoryGirl.create(:dynflow_task)
+
+      auth       = Authorizer.new(user)
+      assert auth.can?(permission.name.to_sym, task)
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: foreman-tasks
 version: !ruby/object:Gem::Version
-  version: 0.6.10
+  version: 0.6.11
   prerelease: 
 platform: ruby
 authors:
@@ -9,40 +9,8 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-09-11 00:00:00.000000000 Z
+date: 2015-01-28 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: rails
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 3.2.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 3.2.0
-- !ruby/object:Gem::Dependency
-  name: uuidtools
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: dynflow
   requirement: !ruby/object:Gem::Requirement
@@ -126,65 +94,73 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- app/assets/stylesheets/foreman_tasks/application.css.scss
 - app/helpers/foreman_tasks/tasks_helper.rb
+- app/models/foreman_tasks/task/dynflow_task.rb
+- app/models/foreman_tasks/concerns/host_action_subject.rb
+- app/models/foreman_tasks/concerns/action_triggering.rb
+- app/models/foreman_tasks/concerns/architecture_action_subject.rb
+- app/models/foreman_tasks/concerns/action_subject.rb
+- app/models/foreman_tasks/lock.rb
+- app/models/foreman_tasks/task.rb
+- app/models/setting/foreman_tasks.rb
+- app/assets/stylesheets/foreman_tasks/application.css.scss
+- app/controllers/foreman_tasks/concerns/hosts_controller_extension.rb
+- app/controllers/foreman_tasks/api/tasks_controller.rb
+- app/controllers/foreman_tasks/tasks_controller.rb
 - app/lib/actions/helpers/args_serialization.rb
-- app/lib/actions/helpers/humanizer.rb
 - app/lib/actions/helpers/lock.rb
-- app/lib/actions/entry_action.rb
-- app/lib/actions/base.rb
+- app/lib/actions/helpers/humanizer.rb
 - app/lib/actions/bulk_action.rb
-- app/lib/actions/middleware/keep_current_user.rb
-- app/lib/actions/foreman/host/import_facts.rb
 - app/lib/actions/foreman/architecture/create.rb
 - app/lib/actions/foreman/architecture/update.rb
 - app/lib/actions/foreman/architecture/destroy.rb
-- app/views/foreman_tasks/api/tasks/show.json.rabl
-- app/views/foreman_tasks/tasks/_running_steps.html.erb
-- app/views/foreman_tasks/tasks/show.html.erb
+- app/lib/actions/foreman/host/import_facts.rb
+- app/lib/actions/entry_action.rb
+- app/lib/actions/base.rb
+- app/lib/actions/middleware/keep_current_user.rb
 - app/views/foreman_tasks/tasks/_details.html.erb
 - app/views/foreman_tasks/tasks/index.html.erb
-- app/views/foreman_tasks/tasks/_raw.html.erb
+- app/views/foreman_tasks/tasks/_running_steps.html.erb
 - app/views/foreman_tasks/tasks/_errors.html.erb
+- app/views/foreman_tasks/tasks/_raw.html.erb
+- app/views/foreman_tasks/tasks/show.html.erb
 - app/views/foreman_tasks/tasks/_locks.html.erb
-- app/controllers/foreman_tasks/api/tasks_controller.rb
-- app/controllers/foreman_tasks/tasks_controller.rb
-- app/controllers/foreman_tasks/concerns/hosts_controller_extension.rb
-- app/models/foreman_tasks/concerns/architecture_action_subject.rb
-- app/models/foreman_tasks/concerns/action_triggering.rb
-- app/models/foreman_tasks/concerns/host_action_subject.rb
-- app/models/foreman_tasks/concerns/action_subject.rb
-- app/models/foreman_tasks/task/dynflow_task.rb
-- app/models/foreman_tasks/lock.rb
-- app/models/foreman_tasks/task.rb
-- app/models/setting/foreman_tasks.rb
+- app/views/foreman_tasks/api/tasks/show.json.rabl
 - bin/dynflow-executor
 - bin/foreman-tasks
 - config/routes.rb
-- db/migrate/20131209122644_create_foreman_tasks_locks.rb
 - db/migrate/20131205204140_create_foreman_tasks.rb
 - db/migrate/20140324104010_remove_foreman_tasks_progress.rb
 - db/migrate/20140813215942_add_parent_task_id.rb
-- deploy/foreman-tasks.init
+- db/migrate/20131209122644_create_foreman_tasks_locks.rb
 - deploy/foreman-tasks.service
 - deploy/foreman-tasks.sysconfig
+- deploy/foreman-tasks.init
 - lib/tasks/gettext.rake
+- lib/foreman-tasks.rb
 - lib/foreman_tasks/tasks/dynflow.rake
-- lib/foreman_tasks/engine.rb
+- lib/foreman_tasks/tasks/test.rake
 - lib/foreman_tasks/version.rb
 - lib/foreman_tasks/triggers.rb
-- lib/foreman_tasks/task_error.rb
+- lib/foreman_tasks/dynflow.rb
+- lib/foreman_tasks/dynflow/console_authorizer.rb
 - lib/foreman_tasks/dynflow/configuration.rb
 - lib/foreman_tasks/dynflow/persistence.rb
 - lib/foreman_tasks/dynflow/daemon.rb
-- lib/foreman_tasks/dynflow.rb
+- lib/foreman_tasks/authorizer_ext.rb
+- lib/foreman_tasks/engine.rb
+- lib/foreman_tasks/task_error.rb
 - lib/foreman_tasks.rb
-- lib/foreman-tasks.rb
 - LICENSE
 - README.md
-- test/test_helper.rb
-- test/tasks_test.rb
-homepage: https://github.com/iNecas/foreman-tasks
+- test/helpers/foreman_tasks/tasks_helper_test.rb
+- test/support/dummy_dynflow_action.rb
+- test/foreman_tasks_test_helper.rb
+- test/controllers/api/tasks_controller_test.rb
+- test/factories/task_factory.rb
+- test/unit/dynflow_console_authorizer_test.rb
+- test/unit/task_test.rb
+homepage: https://github.com/theforeman/foreman-tasks
 licenses: []
 post_install_message: 
 rdoc_options: []
@@ -209,6 +185,11 @@ signing_key:
 specification_version: 3
 summary: Foreman plugin for showing tasks information for resoruces and users
 test_files:
-- test/test_helper.rb
-- test/tasks_test.rb
+- test/helpers/foreman_tasks/tasks_helper_test.rb
+- test/support/dummy_dynflow_action.rb
+- test/foreman_tasks_test_helper.rb
+- test/controllers/api/tasks_controller_test.rb
+- test/factories/task_factory.rb
+- test/unit/dynflow_console_authorizer_test.rb
+- test/unit/task_test.rb
 has_rdoc: 

data/test/tasks_test.rb

@@ -1,7 +0,0 @@
-require 'test_helper'
-
-class TasksTest < ActiveSupport::TestCase
-  test "truth" do
-    assert_kind_of Module, Tasks
-  end
-end

data/test/test_helper.rb

@@ -1,15 +0,0 @@
-# Configure Rails Environment
-ENV["RAILS_ENV"] = "test"
-
-require File.expand_path("../dummy/config/environment.rb",  __FILE__)
-require "rails/test_help"
-
-Rails.backtrace_cleaner.remove_silencers!
-
-# Load support files
-Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
-
-# Load fixtures from the engine
-if ActiveSupport::TestCase.method_defined?(:fixture_path=)
-  ActiveSupport::TestCase.fixture_path = File.expand_path("../fixtures", __FILE__)
-end