On 01/27/2012 02:43 PM, Scott Seago wrote:
>
https://bugzilla.redhat.com/show_bug.cgi?id=784108
>
> Don't display links to users that don't have permission to access the
> target page. Also, in a few cases we weren't properly filtering lists
> based on user permissions.
>
> I've run (and fixed) cucumber tests, but rspec tests are segfaulting
> on me, so they're not fully-run.
> ---
> src/app/controllers/catalogs_controller.rb | 21
> ++++++++++++++-----
> src/app/controllers/deployables_controller.rb | 19
> +++++++++++++----
> src/app/controllers/deployments_controller.rb | 2 +-
> .../controllers/hardware_profiles_controller.rb | 8 +++---
> src/app/controllers/instances_controller.rb | 4 +-
> src/app/controllers/pool_families_controller.rb | 2 +-
> src/app/controllers/pools_controller.rb | 14 ++++++------
> .../controllers/provider_accounts_controller.rb | 2 +-
> src/app/controllers/providers_controller.rb | 2 +-
> src/app/controllers/realm_mappings_controller.rb | 4 +-
> src/app/models/deployment.rb | 2 +-
> src/app/models/instance.rb | 2 +-
> src/app/models/pool.rb | 9 +++++--
> src/app/views/catalogs/_list.html.haml | 3 +-
> src/app/views/catalogs/show.html.haml | 11 ++++++---
> .../views/deployables/_section_header.html.haml | 3 +-
> src/app/views/deployables/show.html.haml | 7 +++--
> src/app/views/deployments/_header_show.html.haml | 3 +-
> src/app/views/hardware_profiles/_list.html.haml | 3 +-
> .../_matching_provider_hardware_profiles.html.haml | 11 +++++++++-
> src/app/views/hardware_profiles/show.html.haml | 8 ++++--
> src/app/views/images/show.html.haml | 13 ++++++-----
> src/app/views/pool_families/_list.html.haml | 3 +-
> src/app/views/pools/_alerts_show.html.haml | 4 +-
> src/app/views/pools/_edit.html.haml | 3 +-
> src/app/views/pools/_header_index.html.haml | 3 +-
> src/app/views/pools/_header_show.html.haml | 8 ++++--
> src/app/views/pools/_list.html.haml | 9 +++++--
> src/app/views/pools/_pretty_list.html.haml | 5 ++-
> src/app/views/pools/_properties.html.haml | 3 +-
> src/app/views/providers/index.html.haml | 4 ++-
> src/app/views/realms/_list.html.haml | 9 +++++--
> src/app/views/realms/_mapping.html.haml | 7 +++--
> src/app/views/realms/show.html.haml | 8 ++++--
> src/app/views/settings/index.html.haml | 15
> +++++++------
> src/config/locales/en.yml | 17
> +++++++++++++--
> src/features/pool_family.feature | 3 +-
> src/public/javascripts/backbone/models.js | 6 +++++
> 38 files changed, 169 insertions(+), 91 deletions(-)
>
> diff --git a/src/app/controllers/catalogs_controller.rb
> b/src/app/controllers/catalogs_controller.rb
> index 7074f3d..706e9ca 100644
> --- a/src/app/controllers/catalogs_controller.rb
> +++ b/src/app/controllers/catalogs_controller.rb
> @@ -19,7 +19,7 @@ class CatalogsController< ApplicationController
>
> def index
> clear_breadcrumbs
> - @catalogs = Catalog.list_for_user(current_user,
> Privilege::VIEW).apply_filters(:preset_filter_id =>
> params[:catalogs_preset_filter], :search_filter =>
> params[:catalogs_search])
> + @catalogs = Catalog.apply_filters(:preset_filter_id =>
> params[:catalogs_preset_filter], :search_filter =>
> params[:catalogs_search]).list_for_user(current_user, Privilege::VIEW)
> save_breadcrumb(catalogs_path(:viewstate => @viewstate ?
> @viewstate.id : nil))
> set_header
> set_admin_content_tabs 'catalogs'
> @@ -82,17 +82,26 @@ class CatalogsController< ApplicationController
> def multi_destroy
> deleted = []
> not_deleted = []
> + not_deleted_perms = []
> catalogs = Catalog.find(params[:catalogs_selected])
> catalogs.to_a.each do |catalog|
> - require_privilege(Privilege::MODIFY, catalog)
> - if catalog.destroy
> - deleted<< catalog.name
> + if check_privilege(Privilege::MODIFY, catalog)
> + if catalog.destroy
> + deleted<< catalog.name
> + else
> + not_deleted<< catalog.name
> + end
> else
> - not_deleted<< catalog.name
> + not_deleted_perms<< catalog.name
> end
> end
> flash[:notice] = t("catalogs.flash.notice.deleted", :count =>
> deleted.count, :deleted => deleted.join(', ')) unless deleted.empty?
> - flash[:error] = t("catalogs.flash.error.not_deleted", :count =>
> not_deleted.count, :not_deleted => not_deleted.join(', ')) unless
> not_deleted.empty?
> + unless not_deleted.empty? and not_deleted_perms.empty?
> + flasherr = []
> + flasherr = t("catalogs.flash.error.not_deleted", :count =>
> not_deleted.count, :not_deleted => not_deleted.join(', ')) unless
> not_deleted.empty?
> + flasherr = t("catalogs.flash.error.not_deleted_perms", :count
> => not_deleted_perms.count, :not_deleted =>
> not_deleted_perms.join(', ')) unless not_deleted_perms.empty?
> + flash[:error] = flasherr
> + end
> redirect_to catalogs_path
> end
>
> diff --git a/src/app/controllers/deployables_controller.rb
> b/src/app/controllers/deployables_controller.rb
> index 9540233..c05575f 100644
> --- a/src/app/controllers/deployables_controller.rb
> +++ b/src/app/controllers/deployables_controller.rb
> @@ -182,16 +182,25 @@ class DeployablesController<
> ApplicationController
> def multi_destroy
> deleted = []
> not_deleted = []
> + not_deleted_perms = []
> if params[:deployables_selected]
> Deployable.find(params[:deployables_selected]).to_a.each do |d|
> - require_privilege(Privilege::MODIFY, d)
> - if d.destroy
> - deleted<< d.name
> + if check_privilege(Privilege::MODIFY, d)
> + if d.destroy
> + deleted<< d.name
> + else
> + not_deleted<< d.name
> + end
> else
> - not_deleted<< d.name
> + not_deleted_perms<< d.name
> end
> end
> - flash[:error] = t("deployables.flash.error.not_deleted",
> :count => not_deleted.count, :not_deleted => not_deleted.join(',
> ')) unless not_deleted.empty?
> + unless not_deleted.empty? and not_deleted_perms.empty?
> + flasherr = []
> + flasherr = t("deployables.flash.error.not_deleted", :count
> => not_deleted.count, :not_deleted => not_deleted.join(', '))
> unless not_deleted.empty?
> + flasherr = t("deployables.flash.error.not_deleted_perms",
> :count => not_deleted_perms.count, :not_deleted =>
> not_deleted_perms.join(', ')) unless not_deleted_perms.empty?
> + flash[:error] = flasherr
> + end
> flash[:notice] = t("deployables.flash.notice.deleted", :count
> => deleted.count, :deleted => deleted.join(', ')) unless
> deleted.empty?
> else
> flash[:error] = t("deployables.flash.error.not_selected")
> diff --git a/src/app/controllers/deployments_controller.rb
> b/src/app/controllers/deployments_controller.rb
> index 538eb6c..1b94911 100644
> --- a/src/app/controllers/deployments_controller.rb
> +++ b/src/app/controllers/deployments_controller.rb
> @@ -343,7 +343,7 @@ class DeploymentsController< ApplicationController
> { :name => t("providers.provider"), :sortable => false }
> ]
> @pools = Pool.list_for_user(current_user, Privilege::CREATE,
> Deployment)
> - @deployments =
> Deployment.includes(:owner).apply_filters(:preset_filter_id =>
> params[:deployments_preset_filter], :search_filter =>
> params[:deployments_search]).where('deployments.pool_id' =>
> @pools).order(sort_column(Deployment, "deployments.name") +' '+
> sort_direction).paginate(:page => params[:page] || 1)
> + @deployments =
> Deployment.includes(:owner).apply_filters(:preset_filter_id =>
> params[:deployments_preset_filter], :search_filter =>
> params[:deployments_search]).list_for_user(current_user,
> Privilege::VIEW).where('deployments.pool_id' =>
> @pools).order(sort_column(Deployment, "deployments.name") +' '+
> sort_direction).paginate(:page => params[:page] || 1)
> end
>
> def count_additional_quota(deployment)
> diff --git a/src/app/controllers/hardware_profiles_controller.rb
> b/src/app/controllers/hardware_profiles_controller.rb
> index 2d408bf..168e439 100644
> --- a/src/app/controllers/hardware_profiles_controller.rb
> +++ b/src/app/controllers/hardware_profiles_controller.rb
> @@ -140,10 +140,10 @@ class HardwareProfilesController<
> ApplicationController
> end
>
> unless deleted.empty?
> - flash[:notice] =
> "#{t('hardware_profiles.flash.notice.more_deleted')}:
> #{deleted.join(', ')}"
> + flash[:notice] =
> t('hardware_profiles.flash.notice.more_deleted', :count =>
> deleted.count, :deleted => deleted.join(', '))
> end
> unless not_deleted.empty?
> - flash[:error] =
> "#{t('hardware_profiles.flash.error.more_not_deleted')}:
> #{not_deleted.join(', ')}"
> + flash[:error] =
> t('hardware_profiles.flash.error.more_not_deleted', :count =>
> not_deleted.count, :not_deleted => not_deleted.join(', '))
> end
>
> redirect_to hardware_profiles_path
> @@ -207,9 +207,9 @@ class HardwareProfilesController<
> ApplicationController
> sort_order = sort_direction
> sort_field = sort_column(HardwareProfile, 'name')
> if sort_field == "name"
> - @hardware_profiles =
> HardwareProfile.list_for_user(current_user,
> Privilege::VIEW).where('provider_id IS NULL',
> {}).apply_filters(:preset_filter_id =>
> params[:hardware_profiles_preset_filter], :search_filter =>
> params[:hardware_profiles_search]).order("hardware_profiles.name
> #{sort_direction}")
> + @hardware_profiles = HardwareProfile.where('provider_id IS
> NULL', {}).apply_filters(:preset_filter_id =>
> params[:hardware_profiles_preset_filter], :search_filter =>
> params[:hardware_profiles_search]).list_for_user(current_user,
> Privilege::VIEW).order("hardware_profiles.name #{sort_direction}")
> else
> - @hardware_profiles =
> HardwareProfile.list_for_user(current_user,
> Privilege::VIEW).where('provider_id IS NULL',
> {}).apply_filters(:preset_filter_id =>
> params[:hardware_profiles_preset_filter], :search_filter =>
> params[:hardware_profiles_search])
> + @hardware_profiles = HardwareProfile.where('provider_id IS
> NULL', {}).apply_filters(:preset_filter_id =>
> params[:hardware_profiles_preset_filter], :search_filter =>
> params[:hardware_profiles_search]).list_for_user(current_user,
> Privilege::VIEW)
> if sort_order == "asc"
> @hardware_profiles.sort! {|x,y|
> x.get_property_map[sort_field].sort_value(true)<=>
> y.get_property_map[sort_field].sort_value(true)}
> else
> diff --git a/src/app/controllers/instances_controller.rb
> b/src/app/controllers/instances_controller.rb
> index 5cbb947..96bc2fe 100644
> --- a/src/app/controllers/instances_controller.rb
> +++ b/src/app/controllers/instances_controller.rb
> @@ -237,9 +237,9 @@ class InstancesController< ApplicationController
>
> def load_instances
> if params[:deployment_id].blank?
> - @instances =
> Instance.includes(:owner).apply_filters(:preset_filter_id =>
> params[:instances_preset_filter], :search_filter =>
> params[:instances_search]).list(sort_column(Instance),
> sort_direction).where("instances.pool_id" => @pools)
> + @instances =
> Instance.includes(:owner).apply_filters(:preset_filter_id =>
> params[:instances_preset_filter], :search_filter =>
> params[:instances_search]).list_for_user(current_user,
> Privilege::VIEW).list(sort_column(Instance),
> sort_direction).where("instances.pool_id" => @pools)
> else
> - @instances =
> Instance.includes(:owner).apply_filters(:preset_filter_id =>
> params[:instances_preset_filter], :search_filter =>
> params[:instances_search]).list(sort_column(Instance),
> sort_direction).where("instances.pool_id" => @pools,
> "instances.deployment_id" => params[:deployment_id])
> + @instances =
> Instance.includes(:owner).apply_filters(:preset_filter_id =>
> params[:instances_preset_filter], :search_filter =>
> params[:instances_search]).list(sort_column(Instance),
> sort_direction).list_for_user(current_user,
> Privilege::VIEW).where("instances.pool_id" => @pools,
> "instances.deployment_id" => params[:deployment_id])
> end
> end
>
> diff --git a/src/app/controllers/pool_families_controller.rb
> b/src/app/controllers/pool_families_controller.rb
> index cde17c7..98322eb 100644
> --- a/src/app/controllers/pool_families_controller.rb
> +++ b/src/app/controllers/pool_families_controller.rb
> @@ -213,7 +213,7 @@ class PoolFamiliesController< ApplicationController
> end
>
> def load_pool_families
> - @pool_families = PoolFamily.list_for_user(current_user,
> Privilege::VIEW, Pool).order(sort_column(PoolFamily) + ' ' +
> sort_direction)
> + @pool_families = PoolFamily.list_for_user(current_user,
> Privilege::VIEW).order(sort_column(PoolFamily) + ' ' + sort_direction)
> end
>
> def load_pool_family_tabs
> diff --git a/src/app/controllers/pools_controller.rb
> b/src/app/controllers/pools_controller.rb
> index 2c917b7..3565721 100644
> --- a/src/app/controllers/pools_controller.rb
> +++ b/src/app/controllers/pools_controller.rb
> @@ -45,15 +45,15 @@ class PoolsController< ApplicationController
> @details_tab = @tabs.find {|t| t[:id] == details_tab_name} ||
> @tabs.first[:name].downcase
> case @details_tab[:id]
> when 'pools'
> - @pools = Pool.list_for_user(current_user,
> Privilege::VIEW).apply_filters(:preset_filter_id =>
> params[:pools_preset_filter], :search_filter =>
> params[:pools_search]).list(sort_column(Pool), sort_direction)
> + @pools = Pool.apply_filters(:preset_filter_id =>
> params[:pools_preset_filter], :search_filter =>
> params[:pools_search]).list_for_user(current_user,
> Privilege::VIEW).list(sort_column(Pool), sort_direction)
> when 'instances'
> params[:instances_preset_filter] = "other_than_stopped"
> unless params[:instances_preset_filter]
> - @instances = Instance.apply_filters(:preset_filter_id =>
> params[:instances_preset_filter], :search_filter =>
> params[:instances_search]).list(sort_column(Instance), sort_direction)
> + @instances = Instance.apply_filters(:preset_filter_id =>
> params[:instances_preset_filter], :search_filter =>
> params[:instances_search]).list_for_user(current_user,
> Privilege::VIEW).list(sort_column(Instance), sort_direction)
> when 'deployments'
> - @deployments = Deployment.apply_filters(:preset_filter_id
> => params[:deployments_preset_filter], :search_filter =>
> params[:deployments_search]).list(sort_column(Deployment),
> sort_direction)
> + @deployments = Deployment.apply_filters(:preset_filter_id
> => params[:deployments_preset_filter], :search_filter =>
> params[:deployments_search]).list_for_user(current_user,
> Privilege::VIEW).list(sort_column(Deployment), sort_direction)
> end
> else
> - @pools = Pool.list(sort_column(Pool), sort_direction)
> + @pools = Pool.list_for_user(current_user,
> Privilege::VIEW).list(sort_column(Pool), sort_direction)
> end
>
> statistics
> @@ -74,7 +74,7 @@ class PoolsController< ApplicationController
> @pool = Pool.find(params[:id])
> save_breadcrumb(pool_path(@pool, :viewstate => viewstate_id),
> @pool.name)
> require_privilege(Privilege::VIEW, @pool)
> - @statistics = @pool.statistics
> + @statistics = @pool.statistics(current_user)
> @view = filter_view? ? 'deployments/list' :
> 'deployments/pretty_view' unless params[:details_tab]
> if params[:details_tab] == 'deployments'
> @view = filter_view? ? 'deployments/list' :
> 'deployments/pretty_view'
> @@ -90,7 +90,7 @@ class PoolsController< ApplicationController
>
> details_tab_name = params[:details_tab].blank? ? 'deployments'
> : params[:details_tab]
> @details_tab = @tabs.find {|t| t[:id] == details_tab_name} ||
> @tabs.first[:name].downcase
> - @deployments = @pool.deployments.apply_filters(:preset_filter_id
> => params[:deployments_preset_filter], :search_filter =>
> params[:deployments_search]) if @details_tab[:id] == 'deployments'
> + @deployments = @pool.deployments.apply_filters(:preset_filter_id
> => params[:deployments_preset_filter], :search_filter =>
> params[:deployments_search]).list_for_user(current_user,
> Privilege::VIEW) if @details_tab[:id] == 'deployments'
> @view = @details_tab[:view]
> respond_to do |format|
> format.html { render :action => :show}
> @@ -273,7 +273,7 @@ class PoolsController< ApplicationController
> # (But if it's nil, we want to show all instances)
> params[:state] = 'running' unless
params.keys.include?('state')
> conditions = params[:state].present? ? ['state=?',
> params[:state]] : ''
> - @instances = @pool.instances.find(:all, :conditions => conditions)
> + @instances = @pool.instances.list_for_user(current_user,
> Privilege::VIEW).find(:all, :conditions => conditions)
> end
>
> def set_quota
> diff --git a/src/app/controllers/provider_accounts_controller.rb
> b/src/app/controllers/provider_accounts_controller.rb
> index 9b5517d..cd54023 100644
> --- a/src/app/controllers/provider_accounts_controller.rb
> +++ b/src/app/controllers/provider_accounts_controller.rb
> @@ -201,6 +201,6 @@ class ProviderAccountsController<
> ApplicationController
> end
>
> def load_accounts
> - @provider_accounts = ProviderAccount.list_for_user(current_user,
> Privilege::VIEW).apply_filters(:preset_filter_id =>
> params[:provider_accounts_preset_filter], :search_filter =>
> params[:provider_accounts_search])
> + @provider_accounts =
> ProviderAccount.apply_filters(:preset_filter_id =>
> params[:provider_accounts_preset_filter], :search_filter =>
> params[:provider_accounts_search]).list_for_user(current_user,
> Privilege::VIEW)
> end
> end
> diff --git a/src/app/controllers/providers_controller.rb
> b/src/app/controllers/providers_controller.rb
> index 35a6eae..502ffb5 100644
> --- a/src/app/controllers/providers_controller.rb
> +++ b/src/app/controllers/providers_controller.rb
> @@ -222,7 +222,7 @@ class ProvidersController< ApplicationController
> details_tab_name = params[:details_tab].blank? ? 'connectivity'
> : params[:details_tab]
> @details_tab = @tabs.find {|t| t[:id] == details_tab_name} ||
> @tabs.first[:name].downcase
>
> - @provider_accounts =
> @provider.provider_accounts.list_for_user(current_user,
> Privilege::VIEW).apply_filters(:preset_filter_id =>
> params[:provider_accounts_preset_filter], :search_filter =>
> params[:provider_accounts_search]) if @details_tab[:id] == 'accounts'
> + @provider_accounts =
> @provider.provider_accounts.apply_filters(:preset_filter_id =>
> params[:provider_accounts_preset_filter], :search_filter =>
> params[:provider_accounts_search]).list_for_user(current_user,
> Privilege::VIEW) if @details_tab[:id] == 'accounts'
> #@permissions = @provider.permissions if @details_tab[:id] ==
> 'roles'
>
> @view = @details_tab[:view]
> diff --git a/src/app/controllers/realm_mappings_controller.rb
> b/src/app/controllers/realm_mappings_controller.rb
> index 30ad415..ff3c8c3 100644
> --- a/src/app/controllers/realm_mappings_controller.rb
> +++ b/src/app/controllers/realm_mappings_controller.rb
> @@ -18,13 +18,13 @@ class RealmMappingsController<
> ApplicationController
> before_filter :require_user
>
> def new
> - require_privilege(Privilege::CREATE, Realm)
> + require_privilege(Privilege::MODIFY, Realm)
> @realm_target = RealmBackendTarget.new(:frontend_realm_id =>
> params[:frontend_realm_id], :realm_or_provider_type =>
> params[:realm_or_provider_type])
> load_backend_targets
> end
>
> def create
> - require_privilege(Privilege::CREATE, Realm)
> + require_privilege(Privilege::MODIFY, Realm)
> @realm_target =
> RealmBackendTarget.new(params[:realm_backend_target])
> if @realm_target.save
> flash[:notice] = t"realms.flash.notice.added_mapping"
> diff --git a/src/app/models/deployment.rb b/src/app/models/deployment.rb
> index 28a2f53..50c2c98 100644
> --- a/src/app/models/deployment.rb
> +++ b/src/app/models/deployment.rb
> @@ -59,7 +59,7 @@ class Deployment< ActiveRecord::Base
>
> after_create "assign_owner_roles(owner)"
>
> - scope :ascending_by_name, :order => 'name ASC'
> + scope :ascending_by_name, :order => 'deployments.name ASC'
>
> validates_presence_of :pool_id
> validates_presence_of :name
> diff --git a/src/app/models/instance.rb b/src/app/models/instance.rb
> index 6afd88b..cbc933c 100644
> --- a/src/app/models/instance.rb
> +++ b/src/app/models/instance.rb
> @@ -119,7 +119,7 @@ class Instance< ActiveRecord::Base
> # FIXME: "failed" is misleading too...
> scope :failed, :conditions => { :state =>
> [STATE_CREATE_FAILED, STATE_ERROR] }
> scope :stopable, :conditions => { :state => [STATE_NEW,
> STATE_PENDING, STATE_RUNNING] }
> - scope :ascending_by_name, :order => 'name ASC'
> + scope :ascending_by_name, :order => 'instances.name ASC'
>
>
> SEARCHABLE_COLUMNS = %w(name state)
> diff --git a/src/app/models/pool.rb b/src/app/models/pool.rb
> index ad9d58c..b5b045a 100644
> --- a/src/app/models/pool.rb
> +++ b/src/app/models/pool.rb
> @@ -65,7 +65,7 @@ class Pool< ActiveRecord::Base
>
> before_destroy :destroyable?
>
> - scope :ascending_by_name, :order => 'name ASC'
> + scope :ascending_by_name, :order => 'pools.name ASC'
>
> def cloud_accounts
> accounts = []
> @@ -81,12 +81,14 @@ class Pool< ActiveRecord::Base
> end
>
> # TODO: Implement Alerts and Updates
> - def statistics
> + def statistics(user = nil)
> # TODO - Need to set up cache invalidation before this is safe
> #Rails.cache.fetch("pool-#{id}-statistics") do
> max = quota.maximum_running_instances
> total = quota.running_instances
> avail = max - total unless max.nil?
> + failed = (user.nil? ? instances.failed :
> + instances.failed.list_for_user(user, Privilege::VIEW))
> statistics = {
> :cloud_providers => instances.collect{|i|
> i.provider_account}.uniq.count,
> :deployments => deployments.count,
> @@ -94,7 +96,8 @@ class Pool< ActiveRecord::Base
> instances.pending.count +
> instances.failed.count),
> :instances_deployed => instances.deployed.count,
> :instances_pending => instances.pending.count,
> - :instances_failed => instances.failed,
> + :instances_failed => failed,
> + :instances_failed_visible_count => failed.count,
> :instances_failed_count => instances.failed.count,
> :used_quota => quota.running_instances,
> :quota_percent => number_to_percentage(quota.percentage_used,
> diff --git a/src/app/views/catalogs/_list.html.haml
> b/src/app/views/catalogs/_list.html.haml
> index 97a72da..bb278f8 100644
> --- a/src/app/views/catalogs/_list.html.haml
> +++ b/src/app/views/catalogs/_list.html.haml
> @@ -1,6 +1,7 @@
> - content_for :form_header do
> %li= restful_submit_tag t("delete"), "destroy",
> multi_destroy_catalogs_path, 'DELETE', :id => 'delete_button',
> :class => 'button danger'
> - %li= link_to t("catalogs.new_catalog"), new_catalog_path, :id =>
> 'new_catalog_button', :class => 'button'
> + - if check_privilege(Privilege::CREATE, Catalog)
> + %li= link_to t("catalogs.new_catalog"), new_catalog_path, :id
> => 'new_catalog_button', :class => 'button'
>
> - content_for :filter_controls do
> %li
> diff --git a/src/app/views/catalogs/show.html.haml
> b/src/app/views/catalogs/show.html.haml
> index 613b237..09e742a 100644
> --- a/src/app/views/catalogs/show.html.haml
> +++ b/src/app/views/catalogs/show.html.haml
> @@ -2,10 +2,12 @@
> %header.admin-page-header
> %h1{:class => controller.controller_name}= @catalog.name
> #obj_actions.button-container
> - = link_to t('catalogs.new_catalog'), new_catalog_url, :class =>
> 'button primary', :id => 'new_catalog_button'
> + - if check_privilege(Privilege::CREATE, Catalog)
> + = link_to t('catalogs.new_catalog'), new_catalog_url, :class
> => 'button primary', :id => 'new_catalog_button'
> .button-group
> - = link_to t('edit'), edit_catalog_path(@catalog), :class =>
> 'button pill', :id => 'edit_button'
> - = button_to t("delete"), catalog_path(@catalog), :method =>
> 'delete', :confirm => "Are you sure you want to delete?",
:class =>
> 'button pill danger', :id => 'delete'
> + - if check_privilege(Privilege::MODIFY, @catalog)
> + = link_to t('edit'), edit_catalog_path(@catalog), :class =>
> 'button pill', :id => 'edit_button'
> + = button_to t("delete"), catalog_path(@catalog), :method =>
> 'delete', :confirm => "Are you sure you want to delete?",
:class =>
> 'button pill danger', :id => 'delete'
>
> %section.admin-content-section.user
> %header
> @@ -21,7 +23,8 @@
> .content
> - content_for :form_header do
> %li= restful_submit_tag t("delete"), "destroy",
> multi_destroy_catalog_deployables_path(@catalog), 'DELETE', :id =>
> 'delete_button', :class => 'button danger'
> - %li= link_to t("catalog_entries.new_catalog_entry"),
> new_catalog_deployable_path(@catalog), :class => 'button', :id =>
> 'new_deployable_button'
> + - if check_privilege(Privilege::CREATE, Deployable)
> + %li= link_to t("catalog_entries.new_catalog_entry"),
> new_catalog_deployable_path(@catalog), :class => 'button', :id =>
> 'new_deployable_button'
>
> - content_for :filter_controls do
> %li
> diff --git a/src/app/views/deployables/_section_header.html.haml
> b/src/app/views/deployables/_section_header.html.haml
> index b879777..3d1e41d 100644
> --- a/src/app/views/deployables/_section_header.html.haml
> +++ b/src/app/views/deployables/_section_header.html.haml
> @@ -1,4 +1,5 @@
> %header.admin-page-header
> %h1{:class =>
> controller.controller_name}=t'catalog_entries.index.catalog_entries'
> #obj_actions.button-group
> - = link_to "#{t'catalog_entries.new_catalog_entry'}",
> new_polymorphic_path([@catalog, Deployable]), :class => 'button
> primary', :id => 'new_catalog_entry_button'
> + - if check_privilege(Privilege::CREATE, Deployable)
> + = link_to "#{t'catalog_entries.new_catalog_entry'}",
> new_polymorphic_path([@catalog, Deployable]), :class => 'button
> primary', :id => 'new_catalog_entry_button'
> diff --git a/src/app/views/deployables/show.html.haml
> b/src/app/views/deployables/show.html.haml
> index 40cc6d6..55aa958 100644
> --- a/src/app/views/deployables/show.html.haml
> +++ b/src/app/views/deployables/show.html.haml
> @@ -3,9 +3,10 @@
> %h1{:class => controller.controller_name}= @deployable.name
> #obj_actions.button-container
> .button-group
> - = button_to t('.delete'), polymorphic_path([@catalog,
> @deployable]), :method => 'delete', :confirm =>
> "#{t'catalog_entries.show.confirm_delete'}", :class =>
'button
> danger', :id => 'delete'
> - = link_to t('.edit'), edit_polymorphic_path([@catalog,
> @deployable]), :class => 'button', :id => 'edit_button'
> - = link_to t('.edit_xml'), edit_polymorphic_path([@catalog,
> @deployable], :edit_xml => true), :class => 'button', :id =>
> 'edit_xml_button'
> + - if check_privilege(Privilege::MODIFY, @deployable)
> + = button_to t('.delete'), polymorphic_path([@catalog,
> @deployable]), :method => 'delete', :confirm =>
> "#{t'catalog_entries.show.confirm_delete'}", :class =>
'button
> danger', :id => 'delete'
> + = link_to t('.edit'), edit_polymorphic_path([@catalog,
> @deployable]), :class => 'button', :id => 'edit_button'
> + = link_to t('.edit_xml'), edit_polymorphic_path([@catalog,
> @deployable], :edit_xml => true), :class => 'button', :id =>
> 'edit_xml_button'
>
> - if @catalog.present?&& @deployable_errors.empty?&&
> @pushed_count> 0
> = link_to t('.launch'),
> launch_new_deployments_path(:deployable_id => @deployable.id,
> :pool_id => @catalog.pool), :id => :launch_deployment_button
> diff --git a/src/app/views/deployments/_header_show.html.haml
> b/src/app/views/deployments/_header_show.html.haml
> index c9c79a9..46e525e 100644
> --- a/src/app/views/deployments/_header_show.html.haml
> +++ b/src/app/views/deployments/_header_show.html.haml
> @@ -3,5 +3,6 @@
> = [@deployment.name, t("deployments.deployment")].join(' ')
> #obj_actions.button-container
> .button-group
> - = button_to t('delete'), deployment_path(@deployment), :method
> => :delete, :confirm => t("deployments.confirm_delete"), :class
=>
> "button pill danger", :id => 'delete'
> + - if check_privilege(Privilege::MODIFY, @deployment)
> + = button_to t('delete'), deployment_path(@deployment),
> :method => :delete, :confirm => t("deployments.confirm_delete"),
> :class => "button pill danger", :id => 'delete'
> .corner
> diff --git a/src/app/views/hardware_profiles/_list.html.haml
> b/src/app/views/hardware_profiles/_list.html.haml
> index 74c3307..9a84444 100644
> --- a/src/app/views/hardware_profiles/_list.html.haml
> +++ b/src/app/views/hardware_profiles/_list.html.haml
> @@ -1,6 +1,7 @@
> - content_for :form_header do
> %li= restful_submit_tag
> t('hardware_profiles.list.delete_selected'), "destroy",
> multi_destroy_hardware_profiles_path, 'DELETE', :id =>
> 'delete_button', :class => 'button danger'
> - %li= link_to t('hardware_profiles.list.new_hardware'),
> new_hardware_profile_path, :id => 'new_hardware_profile_button',
> :class => 'button'
> + - if check_privilege(Privilege::CREATE, HardwareProfile)
> + %li= link_to t('hardware_profiles.list.new_hardware'),
> new_hardware_profile_path, :id => 'new_hardware_profile_button',
> :class => 'button'
>
> - content_for :filter_controls do
> %li
> diff --git
> a/src/app/views/hardware_profiles/_matching_provider_hardware_profiles.html.haml
> b/src/app/views/hardware_profiles/_matching_provider_hardware_profiles.html.haml
>
> index 09cb9d3..fb6992e 100644
> ---
> a/src/app/views/hardware_profiles/_matching_provider_hardware_profiles.html.haml
> +++
> b/src/app/views/hardware_profiles/_matching_provider_hardware_profiles.html.haml
> @@ -6,7 +6,16 @@
> %tr{:class => cycle('nostripe','stripe')}
> %td
> - if hwp.provider
> - = link_to hwp.provider.name, provider_path(hwp.provider)
> + -# FIXME: what do we show for end users without provider
> 'view' access?
> + -# currently showing mapping but not linking to
> (permission-lacking)
> + -# provider view, or should we hide the mapping
> completely if the user
> + -# doesn't have provider 'view' privileges -- probably
> depends on whether
> + -# end users are expected to have permission to get to
> the provider
> + -# show page (read-only). If not, then the below is
> probably correct.
> + - if check_privilege(Privilege::VIEW, hwp.provider)
> + = link_to hwp.provider.name, provider_path(hwp.provider)
> + - else
> + = hwp.provider.name
> %td
> = link_to hwp.name, hardware_profile_path(hwp)
> %td
> diff --git a/src/app/views/hardware_profiles/show.html.haml
> b/src/app/views/hardware_profiles/show.html.haml
> index 6c0dd03..1fd0026 100644
> --- a/src/app/views/hardware_profiles/show.html.haml
> +++ b/src/app/views/hardware_profiles/show.html.haml
> @@ -2,10 +2,12 @@
> %header.admin-page-header
> %h1{:class => controller.controller_name}=
> @hardware_profile.name + " (" + (@hardware_profile.provider_id.nil? ?
> "Front End" : "Provider" ) + ")"
> #obj_actions.button-container
> - = link_to t('hardware_profiles.list.new_hardware'),
> new_hardware_profile_url, :class => 'button primary', :id =>
> 'new_role_button'
> + - if check_privilege(Privilege::CREATE, HardwareProfile)
> + = link_to t('hardware_profiles.list.new_hardware'),
> new_hardware_profile_url, :class => 'button primary', :id =>
> 'new_role_button'
> .button-group
> - = link_to t('edit'),
> edit_hardware_profile_path(@hardware_profile), :class => 'button
> pill', :id => 'edit_button'
> - = button_to t('delete'),
> hardware_profile_path(@hardware_profile), :method => :delete,
> :confirm => "Are you sure you want to delete?", :class =>
'button
> pill danger'
> + - if check_privilege(Privilege::MODIFY, @hardware_profile)
> + = link_to t('edit'),
> edit_hardware_profile_path(@hardware_profile), :class => 'button
> pill', :id => 'edit_button'
> + = button_to t('delete'),
> hardware_profile_path(@hardware_profile), :method => :delete,
> :confirm => "Are you sure you want to delete?", :class =>
'button
> pill danger'
> %section.admin-content-section.hardware_profile
> %header
> %h2=t 'properties'
> diff --git a/src/app/views/images/show.html.haml
> b/src/app/views/images/show.html.haml
> index 0766e65..2f4000c 100644
> --- a/src/app/views/images/show.html.haml
> +++ b/src/app/views/images/show.html.haml
> @@ -19,12 +19,13 @@
> = form_tag image_path((a)image.id), :method => :get do
> = select_tag :build, options_for_build_select(@builds,
> @build, @latest_build)
> = submit_tag t('.select_build'), :id =>
> 'seletect_build_button'
> - - if @image.imported?
> - = t('.can_not_build_imported_image')
> - -else
> - = button_to t('.rebuild_all'),
> rebuild_all_image_path((a)image.id), :class => 'button pill'
> - - if @build and @build.id == @latest_build
> - = button_to t('.push_all'), push_all_image_path((a)image.id,
> :build_id => @build.id), :class => 'button pill'
> + - if check_privilege(Privilege::USE, PoolFamily)
> + - if @image.imported?
> + = t('.can_not_build_imported_image')
> + -else
> + = button_to t('.rebuild_all'),
> rebuild_all_image_path((a)image.id), :class => 'button pill'
> + - if @build and @build.id == @latest_build
> + = button_to t('.push_all'),
> push_all_image_path((a)image.id, :build_id => @build.id), :class =>
> 'button pill'
> .content
> %ul.image_builds
> - @account_groups.each do |driver, group|
> diff --git a/src/app/views/pool_families/_list.html.haml
> b/src/app/views/pool_families/_list.html.haml
> index b104e9a..8be3fd8 100644
> --- a/src/app/views/pool_families/_list.html.haml
> +++ b/src/app/views/pool_families/_list.html.haml
> @@ -2,7 +2,8 @@
> %h2.pools= t("pool_families.pool_families")
> .section-controls
> #obj_actions
> - = link_to t("pool_families.index.new_pool_family"),
> new_pool_family_path, :class => 'button pill', :id =>
> 'new_pool_family_button'
> + - if check_privilege(Privilege::CREATE, PoolFamily)
> + = link_to t("pool_families.index.new_pool_family"),
> new_pool_family_path, :class => 'button pill', :id =>
> 'new_pool_family_button'
>
> .content
> - @pool_families.each do |pool_family|
> diff --git a/src/app/views/pools/_alerts_show.html.haml
> b/src/app/views/pools/_alerts_show.html.haml
> index bb3f865..1f9865e 100644
> --- a/src/app/views/pools/_alerts_show.html.haml
> +++ b/src/app/views/pools/_alerts_show.html.haml
> @@ -1,8 +1,8 @@
> -- if @statistics[:instances_failed_count]> 0
> +- if @statistics[:instances_failed_visible_count]> 0
> %section.content-section.alerts.collapse_entity
> %header
> %h2=t 'alerts_label'
> - %span.label.badge.alert.count=
> @statistics[:instances_failed_count]
> + %span.label.badge.alert.count=
> @statistics[:instances_failed_visible_count]
> .section-controls
> = link_to t("providers.edit.toggle_alerts"), "#",
:class
> => 'collapse alerts' unless @statistics[:instances_failed].blank?
> .content.collapsible
> diff --git a/src/app/views/pools/_edit.html.haml
> b/src/app/views/pools/_edit.html.haml
> index 86f7c5b..8de5245 100644
> --- a/src/app/views/pools/_edit.html.haml
> +++ b/src/app/views/pools/_edit.html.haml
> @@ -1,7 +1,8 @@
> %header.page-header
> %h1{:class => controller.controller_name}= @pool.name
> #obj_actions.button-container
> - = link_to t('pools.new_pool'), new_pool_url, :class => 'button
> primary', :id => 'new_pool_button'
> + - if check_privilege(Privilege::CREATE, Pool)
> + = link_to t('pools.new_pool'), new_pool_url, :class =>
> 'button primary', :id => 'new_pool_button'
> .button-group
> = link_to t('cancel'), pool_path(@pool), :class => 'button
> pill danger', :id => 'new_user_button'
> .corner
> diff --git a/src/app/views/pools/_header_index.html.haml
> b/src/app/views/pools/_header_index.html.haml
> index f9f2071..1f5943f 100644
> --- a/src/app/views/pools/_header_index.html.haml
> +++ b/src/app/views/pools/_header_index.html.haml
> @@ -4,7 +4,8 @@
> .button-group
> = pretty_filter_toggle(pools_path(:view => 'pretty'),
> pools_path(:view => 'filter'))
> .button-group
> - = link_to t('pools.new_pool'), new_pool_path, { :class =>
> 'button primary', :id => 'new_pool_button' }
> + - if check_privilege(Privilege::CREATE, Pool)
> + = link_to t('pools.new_pool'), new_pool_path, { :class =>
> 'button primary', :id => 'new_pool_button' }
> .corner
>
> = render :partial => 'scoreboard_index'
> diff --git a/src/app/views/pools/_header_show.html.haml
> b/src/app/views/pools/_header_show.html.haml
> index 6c82baa..ac9d8be 100644
> --- a/src/app/views/pools/_header_show.html.haml
> +++ b/src/app/views/pools/_header_show.html.haml
> @@ -2,10 +2,12 @@
> %h1.pools
> = t('.pool_name', :name => @pool.name)
> #obj_actions.button-container
> - = link_to t('deployments.new_deployment'),
> launch_new_deployments_path(:pool_id => @pool.id), :class =>
> 'button primary', :id => 'new_deployment_button'
> + - if check_privilege(Privilege::CREATE, Deployment, @pool)
> + = link_to t('deployments.new_deployment'),
> launch_new_deployments_path(:pool_id => @pool.id), :class =>
> 'button primary', :id => 'new_deployment_button'
> %div.catalog_link
> = render :partial => 'layouts/catalog_dropdown', :locals =>
> {:catalogs => @pool.catalogs}
> .button-group
> - = link_to t('edit'), edit_pool_path(@pool), :class => 'button
> pill', :id => 'edit_pool_button'
> - = button_to t('delete'), pool_path(@pool), :method =>
> :delete, :confirm => t('pools.index.confirm_delete'), :class =>
> "button pill danger", :id => 'delete_pool_button'
> + - if check_privilege(Privilege::MODIFY, @pool)
> + = link_to t('edit'), edit_pool_path(@pool), :class =>
> 'button pill', :id => 'edit_pool_button'
> + = button_to t('delete'), pool_path(@pool), :method =>
> :delete, :confirm => t('pools.index.confirm_delete'), :class =>
> "button pill danger", :id => 'delete_pool_button'
> .corner
> diff --git a/src/app/views/pools/_list.html.haml
> b/src/app/views/pools/_list.html.haml
> index 034c8b4..adc0304 100644
> --- a/src/app/views/pools/_list.html.haml
> +++ b/src/app/views/pools/_list.html.haml
> @@ -1,5 +1,6 @@
> - content_for :form_header do
> - %li= link_to "#{t'pools.new_pool'}", new_pool_path, { :class
=>
> 'button', :id => 'new_pool_button' }
> + - if check_privilege(Privilege::CREATE, Pool)
> + %li= link_to "#{t'pools.new_pool'}", new_pool_path, { :class
=>
> 'button', :id => 'new_pool_button' }
> %li= restful_submit_tag "#{t'pools.index.destroy'}",
"destroy",
> multi_destroy_pools_path, 'DELETE', :id => 'delete_button',
:class
> => 'button danger'
>
> - content_for :filter_controls do
> @@ -32,8 +33,10 @@
> %td{:class => 'center'}= pool.statistics[:instances_pending]
> %td{:class => 'center'}= pool.statistics[:instances_failed_count]
> %td{:class => 'center'}= pool.statistics[:quota_percent]
> - %td= link_to(pool.pool_family.name, pool.pool_family)
> -
> + - if check_privilege(Privilege::VIEW, pool.pool_family)
> + %td= link_to(pool.pool_family.name, pool.pool_family)
> + - else
> + %td= pool.pool_family.name
> %script#poolTemplate{ :type => 'text/x-jquery-tmpl' }
> :plain
> <tr>
> diff --git a/src/app/views/pools/_pretty_list.html.haml
> b/src/app/views/pools/_pretty_list.html.haml
> index 9fa8161..c487c75 100644
> --- a/src/app/views/pools/_pretty_list.html.haml
> +++ b/src/app/views/pools/_pretty_list.html.haml
> @@ -25,12 +25,13 @@
> %a.control{:href => '#'}
> %span Expand/Collapse
> %div.content
> - = render :partial => 'deployments', :locals => {:pool =>
> pool, :deployments => pool.deployments.ascending_by_name}
> + = render :partial => 'deployments', :locals => {:pool =>
> pool, :deployments => pool.deployments.list_for_user(current_user,
> Privilege::VIEW).ascending_by_name}
> %ul.content.actions
> %li
> = link_to ("#{html_escape(pool.name)} " +
> "#{t'pools.index.pool_details'}" +
"»").html_safe,
> pool_path(pool), :class =>'pool_details'
> %li
> - = link_to t('deployments.new_deployment'),
> launch_new_deployments_path(:pool_id => pool.id), :class => 'button
> primary', :id => 'new_deployment_button'
> + - if check_privilege(Privilege::CREATE, Deployment, pool)
> + = link_to t('deployments.new_deployment'),
> launch_new_deployments_path(:pool_id => pool.id), :class => 'button
> primary', :id => 'new_deployment_button'
> %li.catalog_link
> = render :partial => 'layouts/catalog_dropdown', :locals
> => {:catalogs => pool.catalogs}
>
> diff --git a/src/app/views/pools/_properties.html.haml
> b/src/app/views/pools/_properties.html.haml
> index d9672b3..8029b33 100644
> --- a/src/app/views/pools/_properties.html.haml
> +++ b/src/app/views/pools/_properties.html.haml
> @@ -1,6 +1,7 @@
> %h3
> = t('.properties', :pool => @pool.name)
> -= link_to t(:edit), edit_pool_path(@pool), { :class => 'button' }
> +- if check_privilege(Privilege::MODIFY, @pool)
> + = link_to t(:edit), edit_pool_path(@pool), { :class => 'button' }
>
> :javascript
> Conductor.setupPrettyFilterURL(
> diff --git a/src/app/views/providers/index.html.haml
> b/src/app/views/providers/index.html.haml
> index fe749df..9493772 100644
> --- a/src/app/views/providers/index.html.haml
> +++ b/src/app/views/providers/index.html.haml
> @@ -1,4 +1,6 @@
> = render :partial => 'layouts/admin_nav'
> %section.admin-content-section.provider
> = t("providers.index.no_providers_available")
> - = link_to t("providers.index.create_new_provider"),
> new_provider_path, :class => 'button', :id =>
"create_new_provider"
> \ No newline at end of file
> + - if check_privilege(Privilege::CREATE, Provider)
> + = t("providers.index.create_one")
> + = link_to t("providers.index.create_new_provider"),
> new_provider_path, :class => 'button', :id =>
"create_new_provider"
> diff --git a/src/app/views/realms/_list.html.haml
> b/src/app/views/realms/_list.html.haml
> index d1e8598..1ee3ee8 100644
> --- a/src/app/views/realms/_list.html.haml
> +++ b/src/app/views/realms/_list.html.haml
> @@ -1,7 +1,10 @@
> - content_for :form_header do
> - %li= restful_submit_tag t('realms.list.delete_selected'),
> "destroy", multi_destroy_realms_path, 'DELETE', :id =>
> 'delete_button', :class => 'button danger'
> - - if @provider.nil?
> - %li= link_to t('realms.new_realm'), new_realm_path, :id =>
> 'new_realm_button', :class => 'button'
> + -# If we add per-realm permissions, move delete permission check
> to controller
> + -# (vs. the all-or-nothing check here)
> + - if check_privilege(Privilege::MODIFY, Realm)
> + %li= restful_submit_tag t('realms.list.delete_selected'),
> "destroy", multi_destroy_realms_path, 'DELETE', :id =>
> 'delete_button', :class => 'button danger'
> + - if @provider.nil?
> + %li= link_to t('realms.new_realm'), new_realm_path, :id =>
> 'new_realm_button', :class => 'button'
>
> - content_for :filter_controls do
> %li
> diff --git a/src/app/views/realms/_mapping.html.haml
> b/src/app/views/realms/_mapping.html.haml
> index d5eced4..36d1879 100644
> --- a/src/app/views/realms/_mapping.html.haml
> +++ b/src/app/views/realms/_mapping.html.haml
> @@ -1,7 +1,8 @@
> = form_tag multi_destroy_realm_mappings_path(:frontend_realm_id =>
> @realm.id) do
> - = link_to t('realms.mapping.mapping_realm'),
> new_realm_mapping_path(:frontend_realm_id => @realm.id,
> :realm_or_provider_type => 'Realm'), :class => "button",
:id =>
> 'mapping_to_realm_button'
> - = link_to t('realms.mapping.mapping_provider'),
> new_realm_mapping_path(:frontend_realm_id => @realm.id,
> :realm_or_provider_type => 'Provider'), :class => "button",
:id =>
> 'mapping_to_provider_button'
> - = submit_tag t('delete'), :id => 'delete_button', :class =>
> 'button danger'
> + - if check_privilege(Privilege::MODIFY, Realm)
> + = link_to t('realms.mapping.mapping_realm'),
> new_realm_mapping_path(:frontend_realm_id => @realm.id,
> :realm_or_provider_type => 'Realm'), :class => "button",
:id =>
> 'mapping_to_realm_button'
> + = link_to t('realms.mapping.mapping_provider'),
> new_realm_mapping_path(:frontend_realm_id => @realm.id,
> :realm_or_provider_type => 'Provider'), :class => "button",
:id =>
> 'mapping_to_provider_button'
> + = submit_tag t('delete'), :id => 'delete_button', :class
=>
> 'button danger'
>
>
> - unless @backend_provider_targets.empty?
> diff --git a/src/app/views/realms/show.html.haml
> b/src/app/views/realms/show.html.haml
> index 756607a..4e06c68 100644
> --- a/src/app/views/realms/show.html.haml
> +++ b/src/app/views/realms/show.html.haml
> @@ -2,10 +2,12 @@
> %header.admin-page-header
> %h1{:class => controller.controller_name}= @realm.name
> #obj_actions.button-container
> - = link_to t('realms.new_realm'), new_realm_url, :class =>
> 'button primary', :id => 'new_realm_button'
> + - if check_privilege(Privilege::CREATE, Realm)
> + = link_to t('realms.new_realm'), new_realm_url, :class =>
> 'button primary', :id => 'new_realm_button'
> .button-group
> - = link_to t('edit'), edit_realm_path(@realm), :class =>
> 'button pill', :id => 'edit_realm_button'
> - = button_to t('delete'), realm_path(@realm), :method =>
> :delete, :confirm => t("realms.show.sure_to_delete"), :class =>
> 'button pill danger', :id => 'delete_realm_button'
> + - if check_privilege(Privilege::MODIFY, Realm)
> + = link_to t('edit'), edit_realm_path(@realm), :class =>
> 'button pill', :id => 'edit_realm_button'
> + = button_to t('delete'), realm_path(@realm), :method =>
> :delete, :confirm => t("realms.show.sure_to_delete"), :class =>
> 'button pill danger', :id => 'delete_realm_button'
>
> %section.admin-content-section.realm
> %header
> diff --git a/src/app/views/settings/index.html.haml
> b/src/app/views/settings/index.html.haml
> index e1f51d8..bf94499 100644
> --- a/src/app/views/settings/index.html.haml
> +++ b/src/app/views/settings/index.html.haml
> @@ -12,13 +12,14 @@
> = t('.define_services_desc')
> %button{:disabled => "disabled"}
> = t(:continue)
> - %li#permissions.grid_8
> - = image_tag "blnk.png", :class => "icon", :alt =>
""
> - %h2
> - = t('.permissions')
> - %p
> - = t('.permissions_desc')
> - = link_to t(:continue), self_service_settings_path, :class
> => 'button'
> + - if check_privilege(Privilege::MODIFY)
> + %li#permissions.grid_8
> + = image_tag "blnk.png", :class => "icon", :alt
=> ""
> + %h2
> + = t('.permissions')
> + %p
> + = t('.permissions_desc')
> + = link_to t(:continue), self_service_settings_path, :class
> => 'button'
> -#%li#settings.grid_8
> = image_tag "blnk.png", :class => "icon", :alt
=> ""
> %h2
> diff --git a/src/config/locales/en.yml b/src/config/locales/en.yml
> index cc67125..dc8709e 100644
> --- a/src/config/locales/en.yml
> +++ b/src/config/locales/en.yml
> @@ -505,10 +505,14 @@ en:
> notice:
> deleted: "Hardware profile was deleted!"
> updated: "Hardware Profile updated!"
> - more_deleted: These Hardware Profiles were deleted
> + more_deleted:
> + one: Hardware Profile %{deleted} was deleted.
> + other: Hardware Profiles %{deleted} were deleted.
> error:
> not_deleted: "Hardware profile was not deleted!"
> - more_not_deleted: Could not deleted these Hardware Profiles
> + more_not_deleted:
> + one: "Insufficient permissions to delete hardware profile
> %{not_deleted}!"
> + other: "Insufficient permissions to delete %{count}
> hardware profile %{not_deleted}!"
> preset_filters:
> all_hardware_profiles: "All Hardware Profiles"
> x86_64architecture: "x86_64 architecture"
> @@ -677,6 +681,9 @@ en:
> not_deleted:
> one: "Catalog %{not_deleted} cannot be deleted! Some
> deployable has the last reference to this catalog!"
> other: "These catalogs %{not_deleted} cannot be deleted!
> Some of their deployables have the last reference to the catalogs!"
> + not_deleted_perms:
> + one: "Insufficient permissions to delete catalog
> %{not_deleted}!"
> + other: "Insufficient permissions to delete %{count}
> catalogs %{not_deleted}!"
> one_not_deleted: "Catalog cannot be deleted! Some
> deployable has the last reference to this catalog!"
> preset_filters:
> all_catalogs: "All Catalogs"
> @@ -859,6 +866,9 @@ en:
> not_deleted:
> one: "Deployable %{not_deleted} delete failed!"
> other: "%{count} deployables %{not_deleted} were not
> deleted!"
> + not_deleted_perms:
> + one: "Insufficient permissions to delete deployable
> %{not_deleted}!"
> + other: "Insufficient permissions to delete %{count}
> deployables %{not_deleted}!"
> not_selected: "No deployable was not selected!"
> warning:
> failed: "Deployable was not created: %{message}"
> @@ -927,7 +937,8 @@ en:
> provider_type: Provider Type
> x_deltacloud_driver: X-Deltacloud-Driver
> x_deltacloud_provider: X-Deltacloud-Provider
> - no_providers_available: No providers available. Please create
> one first.
> + no_providers_available: No providers available.
> + create_one: Please create one first.
> create_new_provider: "Create New Provider"
> new:
> new_provider: New Provider
> diff --git a/src/features/pool_family.feature
> b/src/features/pool_family.feature
> index ff85423..3bcc1f5 100644
> --- a/src/features/pool_family.feature
> +++ b/src/features/pool_family.feature
> @@ -25,7 +25,8 @@ Feature: Pool Families
> Given I am logged in
> And I can view pool family "testpoolfamily"
> When I go to the pool families page
> - Then I should see "testpoolfamily"
> + Then I should see "Pool Families"
> + And I should not see "testpoolfamily"
>
> Scenario: Show pool family details
> Given I am an authorised user
> diff --git a/src/public/javascripts/backbone/models.js
> b/src/public/javascripts/backbone/models.js
> index a89cb6b..9c33fd8 100644
> --- a/src/public/javascripts/backbone/models.js
> +++ b/src/public/javascripts/backbone/models.js
> @@ -3,6 +3,12 @@ Conductor.Models = Conductor.Models || {}
>
> Conductor.Models.Pool = Backbone.Model.extend({
> urlRoot: Conductor.prefixedPath('/pools')
> +
> + initialize: function() {
> + this.deployments = new
> Conductor.Models.Deployments().filter(function(attributes) {
> + return attributes.pool.id == this.id;
> + });
> + }
> });
>
> Conductor.Models.Pools = Backbone.Collection.extend({
ACK
I've just pushed this with Matt's suggested change. On the other
discrepancy, more discussion is probably needed before any changes are made:
I've noticed one discrepancy: the numbers on the pools#index and
pools#show pages don't always correspond to what's displayed.
For instance, while the top-level statistics on pools#index are
correct (they show 0 deployments and instances for my user with
limited privileges), the numbers that correspond to the Default pool
(where Admin launched some deployments) does show the admin's
deployment count.
Top-level statistics on pools#index are explicitly supposed to show a
user stats on what he can see (aggregated over the pool). For the
per-pool stats it's less obvious what's correct here. From a pool quota
usage point of view, you want to see overall usage, not just those
instances you can see. It may be that on the next UX iteration we'll
want to show both numbers (i.e. 2/7 -- meaning you can see 2, but there
are 7 total). For now my thinking was we wanted to show total number in
the pool there, but if this is wrong I can change it in a future patch.
Similarly on pool#show the count next to the Deployments tab shows a
non-zero number even though no deployments are displayed.
Same issue here -- in either case, one number is misleading. I think we
really want to show both numbers (but not without some UX work to make
sure the meaning is clear)
Scott
That can be addressed in a separate patch, though. Feel free to push
this one.
Thomas