module ChefFixie::BulkEditPermissions

Public Class Methods

ace_add(list, ace_type, entity) click to toggle source
# File lib/chef_fixie/bulk_edit_permissions.rb, line 78
def self.ace_add(list, ace_type, entity)
  list.each do |item|
    if item.respond_to?(:ace_add)
      item.ace_add(ace_type, entity)
    else
      puts "item.class is not a native authz type"
      return nil
    end
  end
end
ace_add_all(org, ace_type, entity) click to toggle source
# File lib/chef_fixie/bulk_edit_permissions.rb, line 118
def self.ace_add_all(org, ace_type, entity)
  org = orgs[org] if org.is_a?(String)
  org.each_authz_object_by_class do |objects|
    ace_add(objects, ace_type, entity)
  end
end
ace_delete(list, ace_type, entity) click to toggle source
# File lib/chef_fixie/bulk_edit_permissions.rb, line 89
def self.ace_delete(list, ace_type, entity)
  list.each do |item|
    if item.respond_to?(:ace_delete)
      item.ace_delete(ace_type, entity)
    else
      puts "item.class is not a native authz type"
      return nil
    end
  end
end
ace_delete_all(org, ace_type, entity) click to toggle source
# File lib/chef_fixie/bulk_edit_permissions.rb, line 125
def self.ace_delete_all(org, ace_type, entity)
  org = orgs[org] if org.is_a?(String)
  org.each_authz_object_by_class do |objects|
    ace_delete(objects, ace_type, entity)
  end
end
add_admin_permissions(org) click to toggle source
# File lib/chef_fixie/bulk_edit_permissions.rb, line 132
def self.add_admin_permissions(org)
  org = orgs[org] if org.is_a?(String)
  # rework when ace add takes multiple items...
  admins = org.groups["admins"]
  pivotal = users["pivotal"]
  org.each_authz_object do |object|
    object.ace_add(:all, pivotal)
    if object.class != ChefFixie::Sql::Group || object.name != "billing-admins"
      object.ace_add(:all, admins)
    end
  end
end
assocs() click to toggle source
# File lib/chef_fixie/bulk_edit_permissions.rb, line 37
def self.assocs
  @assocs ||= ChefFixie::Sql::Associations.new
end
check_permissions(org) click to toggle source
# File lib/chef_fixie/bulk_edit_permissions.rb, line 45
def self.check_permissions(org)
  org = orgs[org] if org.is_a?(String)
  admins = org.groups["admins"].authz_id
  pivotal = users["pivotal"].authz_id
  errors = Hash.new({})
  org.each_authz_object do |object|
    begin
      acl = object.acl_raw
    rescue RestClient::ResourceNotFound => e
      puts "#{object.class} '#{object.name}' id '#{object.id}' missing authz info"
      # pp :object=>object, :e=>e
      next
    end
    broken_acl = {}
    # the one special case
    acl.each do |k, v|
      list = []
      list << "pivotal" if !v["actors"].member?(pivotal)
      # admins doesn't belong to the billing admins group
      if object.class != ChefFixie::Sql::Group || object.name != "billing-admins"
        list << "admins" if !v["groups"].member?(admins)
      end
      broken_acl[k] = list if !list.empty?
    end
    if !broken_acl.empty?
      classname = object.class
      errors[classname] = {} if !errors.has_key?(classname)
      errors[classname][object.name] = broken_acl
    end
  end
  errors
end
copy_from_containers(org) click to toggle source
# File lib/chef_fixie/bulk_edit_permissions.rb, line 145
def self.copy_from_containers(org)
  org = orgs[org] if org.is_a?(String)

  containers = org.containers.all(:all)
  containers.each do |c|
    # don't mess with containers and groups, they are special
    next if c.name == "containers" || c.name == "groups"
    org.objects_by_container_type(c.name).each do |obj|
      obj.acl_add_from_object(c)
      puts "#{obj.name} from #{c.name}"
    end
  end
  nil
end
do_all_objects(org) { |objects| ... } click to toggle source
# File lib/chef_fixie/bulk_edit_permissions.rb, line 100
    def self.do_all_objects(org)
      org = orgs[org] if org.is_a?(String)

      containers = org.containers.all(:all)
      # Maybe we should fix up containers first?
      # fix up objects in containers
      containers.each do |container|
        # TODO Write some tests to validate that this stuff
        # works, since it depends on a lot of name magic...
        object_type = container.name.to_sym
#        raise Exception "No such object_type #{object_type}" unless org.respond_to?(object_type)
        objects = org.send(object_type).all(:all)
        if block_given?
          yield objects
        end
      end
    end
invites() click to toggle source
# File lib/chef_fixie/bulk_edit_permissions.rb, line 41
def self.invites
  invites ||= ChefFixie::Sql::Invites.new
end
orgs() click to toggle source
# File lib/chef_fixie/bulk_edit_permissions.rb, line 29
def self.orgs
  @orgs ||= ChefFixie::Sql::Orgs.new
end
users() click to toggle source
# File lib/chef_fixie/bulk_edit_permissions.rb, line 33
def self.users
  @users ||= ChefFixie::Sql::Users.new
end