Last active
December 28, 2015 05:39
-
-
Save kporangehat/7451344 to your computer and use it in GitHub Desktop.
#23277
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PRODUCTION | |
| # ---------- | |
| # Admin (admin) | |
| # API Admin (api_admin) | |
| # Manager (manager) | |
| # Artist (artist) | |
| # Admin Defaults (admin_system_default) | |
| # Script Defaults (api_admin_system_default) | |
| # Manager Defaults (manager_system_default) | |
| # Artist Defaults (artist_system_default) | |
| # Supervisor (supervisor) | |
| # Coordinator (coordinator) | |
| # Reception (reception) | |
| # Artist+Playlists (lead_artist) | |
| # Hardware Inventory (hardware_inventory) | |
| # Technology (admin_testing) | |
| # Executive (temp_admin__testing_) | |
| # Scheduling (scheduling) | |
| # STAGING | |
| # ----------- | |
| # Admin (admin) | |
| # API Admin (api_admin) | |
| # Manager (manager) | |
| # Admin Defaults (admin_system_default) | |
| # Script Defaults (api_admin_system_default) | |
| # Manager Defaults (manager_system_default) | |
| # Artist Defaults (artist_system_default) | |
| # Supervisor (supervisor) | |
| # Hardware Inventory (hardware_inventory) | |
| # Scheduling (scheduling) | |
| # Lead (lead) | |
| # Production (production) | |
| # Guest (retired) (reception) | |
| # Guest (guest) | |
| # Executive (retired) (temp_admin__testing_) | |
| # Executive (executive) | |
| # Technology (retired) (admin_testing) | |
| # Technology (technology) | |
| # Coordinator (retired) (coordinator) | |
| # Artist (Retired) (lead_artist) | |
| # Artist (artist) | |
| # Artist -> Artist | |
| # Artist + Playlist -> Lead | |
| # Supervisor -> Supervisor | |
| # Coordinator -> Production | |
| # Manager -> Manager | |
| # Reception -> Guest | |
| # Executive -> Executive | |
| # Scheduling -> Scheduling | |
| # Technology -> Technology | |
| # Admin -> Admin | |
| # staging => production | |
| RULESET_MAP = { | |
| 'artist' => 'prod_artist', # Artist => Artist | |
| 'lead' => 'prod_lead_artist', # Lead => Artist+Playlist | |
| 'supervisor' => 'prod_supervisor', # Supervisor => Supervisor | |
| 'production' => 'prod_coordinator', # Production => Coordinator | |
| 'manager' => 'prod_manager', # Manager => Manager | |
| 'guest' => 'prod_reception', # Guest => Reception | |
| 'executive' => 'prod_temp_admin__testing_', # Executive => Executive | |
| 'scheduling' => 'prod_scheduling', # Scheduling => Scheduling | |
| 'technology' => 'prod_admin_testing', # Technology => Technology | |
| 'admin' => 'prod_admin', # Admin => Admin | |
| } | |
| PRODUCTION_RULESET_MAP = { | |
| 'artist' => 'artist', # Artist => Artist | |
| 'lead' => 'lead_artist', # Lead => Artist+Playlist | |
| 'supervisor' => 'supervisor', # Supervisor => Supervisor | |
| 'production' => 'coordinator', # Production => Coordinator | |
| 'manager' => 'manager', # Manager => Manager | |
| 'guest' => 'reception', # Guest => Reception | |
| 'executive' => 'temp_admin__testing_', # Executive => Executive | |
| 'scheduling' => 'scheduling', # Scheduling => Scheduling | |
| 'technology' => 'admin_testing', # Technology => Technology | |
| 'admin' => 'admin', # Admin => Admin | |
| } | |
| ENTITY_TYPES = ShotgunConfig.instance['entity.system_types'].sort | |
| class MethodPerms | |
| def load_ruleset(code) | |
| rs = PermissionRuleSet.find_by_code(code) | |
| raise ("Unable to find ruleset '#{code}'!") if rs.nil? | |
| rs | |
| end | |
| def copy_ruleset(source_rs) | |
| beta_code = "beta_#{source_rs.code}" | |
| puts "copying #{source_rs.code} to #{beta_code}..." | |
| beta_rs = PermissionRuleSet.create(:code => beta_code, | |
| :display_name => beta_code.titleize, | |
| :entity_type=>'HumanUser') | |
| beta_rs.copy_rules_from_another_set( source_rs ) | |
| beta_rs | |
| end | |
| def delete_field_rules(rs) | |
| puts "deleting field-level rules on #{rs.code}..." | |
| puts "#{rs.permission_rules.length} rules before delete" | |
| rs.permission_rules.each do |rule| | |
| rule.destroy if ['see_field', 'update_field'].include?(rule.rule_type) | |
| end | |
| rs.reload | |
| puts "#{rs.permission_rules.length} rules after delete" | |
| end | |
| def copy_field_rules(source_rs, target_rs) | |
| puts "copying field rules from #{source_rs.code} to #{target_rs.code}..." | |
| puts "#{target_rs.permission_rules.length} rules before copy" | |
| rules = PermissionRuleSet.dump_rules(source_rs) | |
| rules.select! {|r| ['see_field', 'update_field'].include?(r[:rule_type])} | |
| puts "copying #{rules.length} field rules" | |
| target_rs.import_rules(rules) | |
| target_rs.reload | |
| puts "#{target_rs.permission_rules.length} rules after copy" | |
| end | |
| def run | |
| RULESET_MAP.each do |staging, production| | |
| puts "loading rulesets..." | |
| stage_rs = load_ruleset(staging) | |
| prod_rs = load_ruleset(production) | |
| beta_rs = copy_ruleset(stage_rs) | |
| delete_field_rules(beta_rs) | |
| beta_rs.reload | |
| copy_field_rules(prod_rs, beta_rs) | |
| end | |
| end | |
| def compare | |
| # compares two permission roles using PermissionsDiff | |
| load '/opt/shotgun/permissions_diff.rb' | |
| RULESET_MAP.each do |staging, production| | |
| diff = PermissionsDiff.new | |
| diff.compare("beta_#{staging}", production) | |
| diff.pp | |
| diff.csv | |
| end | |
| end | |
| def ensure_cdn_on | |
| # ensures that Cached Display Name doesn't have any permissions tied | |
| # to it. | |
| RULESET_MAP.each do |staging, production| | |
| ruleset = PermissionRuleSet.find_by_code("beta_#{staging}") | |
| puts "========== #{ruleset.code} " | |
| ENTITY_TYPES.each do |et| | |
| see = ruleset.allow?(:see_field, {:entity_type=>et, :field_name=>'cached_display_name'}) | |
| update = ruleset.allow?(:update_field, {:entity_type=>et, :field_name=>'cached_display_name', :field_value=>nil}) | |
| puts "#{et}: #{see} #{update}" if !see | |
| end | |
| ruleset.permission_rules.each do |r| | |
| if r.parameter_2 == 'cached_display_name' | |
| puts r | |
| r.destroy() | |
| end | |
| end;nil | |
| end | |
| end | |
| def get_conditional_perms(rs) | |
| # lists all of the conditional permissions for a ruleset | |
| conditional_rules = [] | |
| ruleset = PermissionRuleSet.find_by_code(rs) | |
| ruleset.permission_rules.each do |r| | |
| if ['see_entity_condition', 'update_field_condition', 'retire_entity_condition'].include?(r.rule_type) | |
| conditional_rules << r | |
| end | |
| end | |
| conditional_rules.sort! | |
| end | |
| # | |
| # | |
| # PRODUCTION IMPORT | |
| # | |
| # | |
| # - dump all rules on staging | |
| # - copy json files to production | |
| # - backup all roles on production | |
| # - rebuild all rulesets on production | |
| # - clear cache / restart app | |
| # - rename the following roles: | |
| # - lead_artist => lead | |
| # - reception => guest | |
| # - temp_admin__testing_ => executive | |
| # - admin_testing => technology | |
| # - clear cache / restart app | |
| # - ensure default perm role is still valid | |
| # - login as one or more of the roles and ensure all is ok. | |
| def export_all_to_json | |
| # export rules to json file in /var/tmp/rulesetname.json | |
| require 'json' | |
| RULESET_MAP.each do |staging, production| | |
| rules = PermissionRuleSet.dump_rules("beta_#{staging}") | |
| File.open("/var/tmp/#{staging}.json","w") do |f| | |
| f.write(rules.to_json) | |
| end | |
| end | |
| nil | |
| end | |
| def backup_all_rulesets | |
| PermissionRuleSet.find(:all, :conditions=>'retirement_date is NULL').each do |rs| | |
| puts "#{rs.display_name} (#{rs.code})" | |
| if rs.entity_type == "HumanUser" | |
| puts "creating new ruleset..." | |
| backup_rs = PermissionRuleSet.create(:code=>"#{rs.code}_backup", :display_name=>"#{rs.display_name} Backup", :entity_type=>'HumanUser') | |
| raise "#{rs.code}_backup ruleset not created. It may already exist. Aborting" if backup_rs.id.nil? | |
| puts "created new ruleset #{backup_rs}" | |
| backup_rs.copy_rules_from_another_set( rs ) | |
| end | |
| puts | |
| end | |
| nil | |
| end | |
| def import_rules_from_json(ruleset, json_file) | |
| puts "Replacing rules in #{ruleset} with rules in #{json_file}..." | |
| rules = [] | |
| rs = load_ruleset(ruleset) | |
| File.open( json_file, "r" ) do |f| | |
| rules = JSON.load( f ) | |
| end | |
| rs.permission_rules.each do |r| | |
| r.destroy | |
| end | |
| rs.import_rules(rules) | |
| end | |
| def rebuild_rulesets_on_production | |
| PRODUCTION_RULESET_MAP.each do |staging, production| | |
| import_rules_from_json(production, "/var/tmp/#{staging}.json") | |
| end | |
| end | |
| def rename_production_rulesets | |
| rs_to_rename = { | |
| 'lead_artist' => {'code'=>'lead', 'display_name'=>'Lead'}, | |
| 'coordinator' => {'code'=>'production', 'display_name'=>'Production'}, | |
| 'reception' => {'code'=>'guest', 'display_name'=>'Guest'}, | |
| 'temp_admin__testing_' => {'code'=>'executive', 'display_name'=>'Executive'}, | |
| 'admin_testing' => {'code'=>'technology', 'display_name'=>'Technology'} | |
| } | |
| rs_to_rename.each do |code, newval| | |
| rs = load_ruleset(code) | |
| rs.code = newval['code'] | |
| rs.display_name = newval['display_name'] | |
| rs.save | |
| end | |
| end | |
| def list_rulesets | |
| PermissionRuleSet.find(:all, :conditions=>'retirement_date is NULL').each do |rs| | |
| puts "#{rs.id} \t#{rs.display_name} (#{rs.code})" | |
| end;nil | |
| end | |
| def search_for_invalid_rules | |
| PRODUCTION_RULESET_MAP.each do |staging, production| | |
| rs = load_ruleset(ruleset) | |
| rs.permission_rules.each do |r| | |
| puts "#{rs.code}: INVALID RULE #{r}" if ['save_my_tasks', 'save_project_nav_pages_and_detail_pages', 'manage_project_nav_bar'].include?(r.rule_type) | |
| end | |
| end | |
| nil | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment