From 40a7c82efc6c522c72fb4e6954d1709514ab748a Mon Sep 17 00:00:00 2001
From: MariaAga <mariaaga@redhat.com>
Date: Fri, 15 Sep 2023 15:17:02 +0200
Subject: [PATCH] Fixes #36751 - check permissions for schedule job button

---
 .../v2/remote_execution_features_controller.rb    |  8 ++++++++
 .../available_remote_execution_features.json.rabl |  6 ++++++
 config/routes.rb                                  |  2 ++
 lib/foreman_remote_execution/engine.rb            |  2 +-
 .../components/FeaturesDropdown/constant.js       |  3 ++-
 .../components/FeaturesDropdown/index.js          | 15 ++++++++++-----
 6 files changed, 29 insertions(+), 7 deletions(-)
 create mode 100644 app/views/api/v2/remote_execution_features/available_remote_execution_features.json.rabl

diff --git a/app/controllers/api/v2/remote_execution_features_controller.rb b/app/controllers/api/v2/remote_execution_features_controller.rb
index ae0b51c52..ad2150086 100644
--- a/app/controllers/api/v2/remote_execution_features_controller.rb
+++ b/app/controllers/api/v2/remote_execution_features_controller.rb
@@ -29,6 +29,14 @@ def update
         process_response @remote_execution_feature.update(remote_execution_feature_params)
       end
 
+      api :GET, '/api/hosts/:id/available_remote_execution_features', N_('List available remote execution features for a host')
+      param :id, :identifier, :required => true
+      def available_remote_execution_features
+        host = Host.find(params[:id])
+        @remote_execution_features = resource_scope
+        @permissions = {:can_run_job => (authorized_for(controller: :job_invocations, action: :create) && (!host.infrastructure_host? || User.current.can?(:execute_jobs_on_infrastructure_hosts))) }
+      end
+
       private
 
       def parent_scope
diff --git a/app/views/api/v2/remote_execution_features/available_remote_execution_features.json.rabl b/app/views/api/v2/remote_execution_features/available_remote_execution_features.json.rabl
new file mode 100644
index 000000000..490f23196
--- /dev/null
+++ b/app/views/api/v2/remote_execution_features/available_remote_execution_features.json.rabl
@@ -0,0 +1,6 @@
+node :permissions do
+  @permissions
+end
+child @remote_execution_features do
+  extends 'api/v2/remote_execution_features/main'
+end
diff --git a/config/routes.rb b/config/routes.rb
index 7fca82fa8..493d5b937 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -92,6 +92,8 @@
         resources :foreign_input_sets, :only => [:index, :show, :create, :destroy, :update]
       end
 
+      get 'hosts/:id/available_remote_execution_features', to: 'remote_execution_features#available_remote_execution_features'
+
       resources :remote_execution_features, :only => [:show, :index, :update]
     end
   end
diff --git a/lib/foreman_remote_execution/engine.rb b/lib/foreman_remote_execution/engine.rb
index 96e523b70..b7db148d6 100644
--- a/lib/foreman_remote_execution/engine.rb
+++ b/lib/foreman_remote_execution/engine.rb
@@ -178,7 +178,7 @@ class Engine < ::Rails::Engine
                                             :'api/v2/template_inputs' => [:create, :update, :destroy],
                                             :'api/v2/foreign_input_sets' => [:create, :update, :destroy]}, :resource_type => 'JobTemplate'
           permission :edit_remote_execution_features, { :remote_execution_features => [:index, :show, :update],
-                                                        :'api/v2/remote_execution_features' => [:index, :show, :update]}, :resource_type => 'RemoteExecutionFeature'
+                                                        :'api/v2/remote_execution_features' => [:index, :show, :update, :available_remote_execution_features]}, :resource_type => 'RemoteExecutionFeature'
           permission :destroy_job_templates, { :job_templates => [:destroy],
                                                :'api/v2/job_templates' => [:destroy] }, :resource_type => 'JobTemplate'
           permission :lock_job_templates, { :job_templates => [:lock, :unlock] }, :resource_type => 'JobTemplate'
diff --git a/webpack/react_app/components/FeaturesDropdown/constant.js b/webpack/react_app/components/FeaturesDropdown/constant.js
index 4ba1a916d..b390cbc60 100644
--- a/webpack/react_app/components/FeaturesDropdown/constant.js
+++ b/webpack/react_app/components/FeaturesDropdown/constant.js
@@ -1,2 +1,3 @@
-export const REX_FEATURES_API = '/api/remote_execution_features';
+export const REX_FEATURES_API = host =>
+  `/api/v2/hosts/${host}/available_remote_execution_features`;
 export const NEW_JOB_PAGE = '/job_invocations/new?host_ids%5B%5D';
diff --git a/webpack/react_app/components/FeaturesDropdown/index.js b/webpack/react_app/components/FeaturesDropdown/index.js
index c11fe2864..bc4deb1d3 100644
--- a/webpack/react_app/components/FeaturesDropdown/index.js
+++ b/webpack/react_app/components/FeaturesDropdown/index.js
@@ -19,12 +19,17 @@ import { runFeature } from './actions';
 
 const FeaturesDropdown = ({ hostId }) => {
   const [isOpen, setIsOpen] = useState(false);
-  const {
-    response: { results: features },
-    status,
-  } = useAPI('get', foremanUrl(REX_FEATURES_API));
-
+  const { response, status } = useAPI(
+    'get',
+    foremanUrl(REX_FEATURES_API(hostId))
+  );
   const dispatch = useDispatch();
+  // eslint-disable-next-line camelcase
+  const canRunJob = response?.permissions?.can_run_job;
+  if (!canRunJob) {
+    return null;
+  }
+  const features = response?.features;
   const dropdownItems = features
     ?.filter(feature => feature.host_action_button)
     ?.map(({ name, label, id, description }) => (