17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
# File 'lib/bosh/director/permission_authorizer.rb', line 17
def list_expected_scope(subject, permission, user_scopes)
expected_scope = director_permissions[:admin]
if subject.instance_of? Models::Deployment
expected_scope << subject_team_scopes(subject, 'admin')
if :admin == permission
elsif :read == permission
expected_scope << director_permissions[:read]
else
raise ArgumentError, "Unexpected permission for deployment: #{permission}"
end
elsif :director == subject
if :admin == permission
elsif :create_deployment == permission
expected_scope << add_bosh_admin_scopes(user_scopes)
elsif [:read_releases, :list_deployments, :read_stemcells, :list_tasks].include?(permission)
expected_scope << director_permissions[:read]
expected_scope << add_bosh_admin_scopes(user_scopes)
elsif :read == permission
expected_scope << director_permissions[:read]
else
raise ArgumentError, "Unexpected permission for director: #{permission}"
end
elsif subject.instance_of?(Models::Task)
expected_scope << subject_team_scopes(subject, 'admin')
if :admin == permission
elsif :read == permission
expected_scope << director_permissions[:read]
else
raise ArgumentError, "Unexpected permission for task: #{permission}"
end
else
raise ArgumentError, "Unexpected subject: #{subject}"
end
expected_scope.flatten.uniq
end
|