diff options
Diffstat (limited to 'lib/chef_zero/endpoints/acl_base.rb')
-rw-r--r-- | lib/chef_zero/endpoints/acl_base.rb | 82 |
1 files changed, 0 insertions, 82 deletions
diff --git a/lib/chef_zero/endpoints/acl_base.rb b/lib/chef_zero/endpoints/acl_base.rb deleted file mode 100644 index ca85590..0000000 --- a/lib/chef_zero/endpoints/acl_base.rb +++ /dev/null @@ -1,82 +0,0 @@ -require 'json' -require 'chef_zero/rest_base' -require 'chef_zero/data_normalizer' -require 'chef_zero/data_store/default_facade' - -module ChefZero - module Endpoints - # Extended by AclEndpoint and AclsEndpoint - class AclBase < RestBase - def get_acls(request, path) - acls = get_data(request, acl_path(path)) - acls = JSON.parse(acls, :create_additions => false) - - owners = nil - container_acls = nil - %w(create read update delete grant).each do |perm| - acls[perm] ||= {} - acls[perm]['actors'] ||= begin - # owners = the superusers (and special case for clients owning themselves) - owners ||= get_owners(path) - container_acls ||= get_container_acls(request, path) - if container_acls - owners | container_acls[perm]['actors'] - else - owners - end - end - acls[perm]['groups'] ||= begin - # When we create containers, we don't merge groups (not sure why). - if path[0] == 'organizations' && path[2] == 'containers' - [] - else - container_acls ||= get_container_acls(request, path) - container_acls ? container_acls[perm]['groups'] : [] - end - end - end - acls - end - - private - - def get_owners(path) - # The objects that were created with the org itself, and containers for - # some reason, have the peculiar property of missing superusers from their acls. - if is_created_with_org?(path, false) || path[0] == 'organizations' && path[2] == 'containers' - owners = [] - else - owners = superusers - # Clients need to be in their own acl list - if path.size == 4 && path[0] == 'organizations' && path[2] == 'clients' - owners |= [ path[3] ] - end - end - owners - end - - def get_container_acls(request, path) - if path[0] == 'organizations' - if %w(clients cookbooks containers data environments groups nodes roles sandboxes).include?(path[2]) - return get_acls(request, path[0..1] + [ 'containers', path[2] ]) - end - end - return nil - end - - def superusers - data_store.list([ 'superusers' ]) - end - - def is_created_with_org?(path, osc_compat = false) - return false if path.size == 0 || path[0] != 'organizations' - value = DataStore::DefaultFacade.org_defaults(path[1], 'pivotal', [], osc_compat) - for part in path[2..-1] - break if !value - value = value[part] - end - return !!value - end - end - end -end |