From 5db50b5c9b6a5aa9e3cc7cfd64f2bbcd405fd5a5 Mon Sep 17 00:00:00 2001
From: lpichler <lpichler@redhat.com>
Date: Thu, 3 Jan 2019 17:24:44 +0100
Subject: [PATCH] Authorise action managing tenant quotas for according tenants

---
 app/controllers/api/base_controller/renderer.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/controllers/api/base_controller/renderer.rb b/app/controllers/api/base_controller/renderer.rb
index 9fa1d57ebe..2ccad267b3 100644
--- a/app/controllers/api/base_controller/renderer.rb
+++ b/app/controllers/api/base_controller/renderer.rb
@@ -502,6 +502,11 @@ def fetch_typed_subcollection_actions(method, is_subcollection)
 
       def api_user_role_allows?(action_identifier)
         return true unless action_identifier
+
+        if action_identifier == "rbac_tenant_manage_quotas"
+          action_identifier = MiqProductFeature.tenant_identifier(action_identifier, @req.collection_id)
+        end
+
         Array(action_identifier).any? { |identifier| User.current_user.role_allows?(:identifier => identifier) }
       end