Merge pull request ManageIQ#13761 from imtayadeway/api/allow-collecti…

…on-specific-subresource-config

Move authorization config for snapshotting to vms section

app/controllers/api/base_controller/parser.rb

@@ -215,7 +215,12 @@ def validate_method_action(method_name, action_name)
                         else
                           [@req.subject, request_type_target.last]
                         end
-        aspec = collection_config.typed_collection_actions(cname, target)
+        aspec = if @req.subcollection?
+                  collection_config.typed_subcollection_actions(@req.collection, cname, target) ||
+                    collection_config.typed_collection_actions(cname, target)
+                else
+                  collection_config.typed_collection_actions(cname, target)
+                end
         return if method_name == :get && aspec.nil?
         action_hash = fetch_action_hash(aspec, method_name, action_name)
         raise BadRequestError, "Disabled action #{action_name}" if action_hash[:disabled]
@@ -235,7 +240,12 @@ def request_type_target
       def validate_post_api_action(cname, mname, type, target)
         aname = @req.action
 
-        aspec = collection_config.typed_collection_actions(cname, target)
+        aspec = if @req.subcollection?
+                  collection_config.typed_subcollection_actions(@req.collection, cname, target) ||
+                    collection_config.typed_collection_actions(cname, target)
+                else
+                  collection_config.typed_collection_actions(cname, target)
+                end
         raise BadRequestError, "No actions are supported for #{cname} #{type}" unless aspec
 
         action_hash = fetch_action_hash(aspec, mname, aname)

config/api.yml

@@ -1621,25 +1621,6 @@
     - :subcollection
     :verbs: *gpd
     :klass: Snapshot
-    :subcollection_actions:
-      :get:
-      - :name: read
-        :identifier: vm_snapshot_view
-      :post:
-      - :name: create
-        :identifier: vm_snapshot_add
-      - :name: delete
-        :identifier: vm_snapshot_delete
-    :subresource_actions:
-      :get:
-      - :name: read
-        :identifier: vm_snapshot_view
-      :post:
-      - :name: delete
-        :identifier: vm_snapshot_delete
-      :delete:
-      - :name: delete
-        :identifier: vm_snapshot_delete
   :software:
     :description: Software
     :options:
@@ -2064,6 +2045,25 @@
         :identifier: vm_protect
       - :name: resolve
         :identifier: vm_policy_sim
+    :snapshots_subcollection_actions:
+      :get:
+      - :name: read
+        :identifier: vm_snapshot_view
+      :post:
+      - :name: create
+        :identifier: vm_snapshot_add
+      - :name: delete
+        :identifier: vm_snapshot_delete
+    :snapshots_subresource_actions:
+      :get:
+      - :name: read
+        :identifier: vm_snapshot_view
+      :post:
+      - :name: delete
+        :identifier: vm_snapshot_delete
+      :delete:
+      - :name: delete
+        :identifier: vm_snapshot_delete
   :zones:
     :description: Zones
     :identifier: zone

lib/api/collection_config.rb

@@ -53,8 +53,8 @@ def typed_collection_actions(collection_name, target)
       self[collection_name]["#{target}_actions".to_sym]
     end
 
-    def typed_subcollection_actions(collection_name, subcollection_name)
-      self[collection_name]["#{subcollection_name}_subcollection_actions".to_sym]
+    def typed_subcollection_actions(collection_name, subcollection_name, target = :subcollection)
+      self[collection_name]["#{subcollection_name}_#{target}_actions".to_sym]
     end
 
     def typed_subcollection_action(collection_name, subcollection_name, method)

spec/requests/api/snapshots_spec.rb

@@ -135,7 +135,7 @@
 
     describe "POST /api/vms/:c_id/snapshots/:s_id with delete action" do
       it "can queue a snapshot for deletion" do
-        api_basic_authorize(action_identifier(:snapshots, :delete, :subresource_actions, :delete))
+        api_basic_authorize(action_identifier(:vms, :delete, :snapshots_subresource_actions, :delete))
         ems = FactoryGirl.create(:ext_management_system)
         host = FactoryGirl.create(:host, :ext_management_system => ems)
         vm = FactoryGirl.create(:vm_vmware, :name => "Alice's VM", :host => host, :ext_management_system => ems)
@@ -154,7 +154,7 @@
       end
 
       it "renders a failed action response if deleting is not supported" do
-        api_basic_authorize(action_identifier(:snapshots, :delete, :subresource_actions, :post))
+        api_basic_authorize(action_identifier(:vms, :delete, :snapshots_subresource_actions, :post))
         vm = FactoryGirl.create(:vm_vmware)
         snapshot = FactoryGirl.create(:snapshot, :vm_or_template => vm)
 
@@ -181,7 +181,7 @@
 
     describe "POST /api/vms/:c_id/snapshots with delete action" do
       it "can queue multiple snapshots for deletion" do
-        api_basic_authorize(action_identifier(:snapshots, :delete, :subresource_actions, :delete))
+        api_basic_authorize(action_identifier(:vms, :delete, :snapshots_subresource_actions, :delete))
         ems = FactoryGirl.create(:ext_management_system)
         host = FactoryGirl.create(:host, :ext_management_system => ems)
         vm = FactoryGirl.create(:vm_vmware, :name => "Alice and Bob's VM", :host => host, :ext_management_system => ems)
@@ -220,7 +220,7 @@
 
     describe "DELETE /api/vms/:c_id/snapshots/:s_id" do
       it "can delete a snapshot" do
-        api_basic_authorize(action_identifier(:snapshots, :delete, :subresource_actions, :delete))
+        api_basic_authorize(action_identifier(:vms, :delete, :snapshots_subresource_actions, :delete))
         vm = FactoryGirl.create(:vm_vmware)
         snapshot = FactoryGirl.create(:snapshot, :vm_or_template => vm)