Hardening_conductor_entry_points

Hardening/Conductor entry points

Hardening home page - [[Hardeningtheapp]]

Conductor Entry Points

api controller namespace ‘’’not’’’ analyzed as it is being removed

|.Controller|.Method|.Authenticates User|.Authorizes User + Data|.Validates Data|.Securely invokes functionality|.Other|
| | | | | | |
|usersessions|new|no|||yes||
|usersessions|create|no||uses :login, :password params to login|?|uses regex global variable when doing http basic auth validation|
|usersessions|edit|||||method does not exist|
|usersessions|show|||||method does not exist|
|usersessions|update|||||method does not exist|
|usersessions|destroy|yes|||yes||
|users|new|n/a|Privilege::CREATE on User class if user is logged in|n/a|yes|
|users|create|n/a|Privilege::MODIFY on User class if user is logged in|params tested against static string, params used to create new User instance|yes|Quota may be set twice, is this correct ;|
|users|edit|yes|Privilege::MODIFY on User class unless user being edited is current user|looks up user by ‘id’ parameter|yes|
|users|show|yes|Privilege::VIEW on User class unless user being viewed is current user|looks up user by ‘id’ parameter, uses ‘detailstab’, ’detailspane’ to determine which view is rendered, |yes||
|users|update|yes|Privilege::MODIFY on User class unless user being updated is current user|looks up user by ‘id’ param, updates user instance w/ ‘user’ param, tests ‘commit’ param against static ‘Reset’ string to control workflow|yes||
|users|destroy|yes|Privilege::MODIFY on User class|looks up user by ‘id’ param|yes|
|users|multidestroy|yes|Privilege::MODIFY on User class|looks up users by ‘userselected’ param|yes|
|users|filter|no |no|uses :currentpath, :userspresetfilter, and :userssearch params to construct redirectto location|yes|
|users|index|yes|Privilege::VIEW on User class|makes ’params’ array available to views (good idea?); uses :userspresetfilter, :userssearch params to filter users, :sortby to sort users |yes| (method needs to be optimized)|
|permissions|loadheaders|n/a|n/a|uses :sortby parameter to specify ‘order’ to db users query|yes||
|permissions|setpermissionobject|n/a|Privilege::PERMSET on db entity specified by :permissionobjecttype,:permissionobjectid|uses :permissionobjecttype,:permissionobjectid params to lookup db entity; :pathprefix, :usetabs, :polymorphicpathextras params to construct url path|yes||
|permissions|index|yes|Privilege::PERMVIEW on db entity specified by :permissionobjecttype,:permissionobjectid|see permissions::setpermissionobject and permissions::loadheaders|yes|
|permissions|list|yes||||
|permissions|multidestroy|yes|Privilege::PERMSET on db entity specified by :permissionobjecttype,:permissionobjectid and Privilege::PERMSET on permissionobjects of permissions specified :permissionselected|see permissions::setpermissionobject; uses :permissionselected param to find Permission entities to delete|yes|
|permissions|multiupdate|yes|Privilege::PERMSET on db entity specified by :permissionobjecttype,:permissionobjectid|see permissions::setpermissionobject; uses:userroleselected parameter for userid/roleid inputs to new Permission entity|yes|
|permissions|filter|yes|||yes||
|permissions|create|yes|Privilege::PERMSET on db entity specified by :permissionobjecttype,:permissionobjectid|see permissions::setpermissionobject; uses:userroleselected parameter for userid/roleid inputs to new Permission entity|yes|
|permissions|new|yes|Privilege::PERMSET on db entity specified by :permissionobjecttype,:permissionobjectid|see permissions::setpermissionobject and permissions::loadheaders|yes|
|permissions|edit|||||method does not exist|
|permissions|show|yes||||method does not exist|
|permissions|update|yes||||method does not exist|
|permissions|destroy|yes|Privilege::PERMSET on db entity specified by :permission|uses :permission to find permission to destroy|yes||
|settings|selfservice|yes|Privilege::MODIFY|n/a|yes||
|settings|generalsettings|yes|Privilege::MODIFY|n/a|yes||
|settings|index|yes|no|n/a|yes||
|settings|create|||||method does not exist|
|settings|new|||||method does not exist|
|settings|edit|||||method does not exist|
|settings|show|||||method does not exist|
|settings|update|yes|no|if params is set, it is used to updateattributes of the selfservicedefaultquotametadata object|no|this method should be locked down + simplified (especially given the KEYS array) or removed alltogether|
|settings|destroy|||||method does not exist|
|pools|hardwareprofiles|||||method does not exist, route should be removed|
|pools|realms|||||method does not exist, route should be removed|
|pools|multidestroy|yes|Privilege::MODIFY on pools specified by params[:poolsselected]|params used as an array of ids to find|yes||
|pools|filter|no |no|uses:poolspresetfilter and :poolssearch params to construct redirectto location|yes||
|pools|index|yes|retrieves list of pools for current user for which they have Privilege::Create on deployments|used :detailstab, :onlytab, :view params to construct view components; uses :poolspresetfilter, :poolssearch, :instancespresetfilter, :instancessearch, :deploymentspresetfilter,:deploymentssearch to applyfilters to Pools, Instances, Deployments|yes||
|pools|create|yes|Privilege::CREATE on Pool|uses params to create a new pool|yes||
|pools|new|yes|Privilege::CREATE on Pool|uses params to lookup pool|yes|should there be an additional privilege check for the pool family?|
|pools|edit|yes|Privilege::MODIFY on the pool specified by params|uses params to find pool|yes||
|pools|show|yes|Privilege::VIEW on the pools specified by params|uses :detailstab, to format view components, uses :deploymentspresetfilter, :deploymentssearch to applyfilters to pool deployments|yes||
|pools|update|yes|Privilege::MODIFY on the pool specified by params[:id]|uses params[:id] to find pool; uses params[:pool] to update pool; uses params[:quota] and :unlimitedquota to set maxrunninginstances of pool’s quota|yes||
|pools|destroy|yes|Privilege::MODIFY on the pool specified by :poolsselected/:id/:ids params|uses :poolsselected/:id/:ids params to find pools to destroy|yes||
|deployments|multistop|yes|retrieves pools which the currentuser has Privilege::Create on deployments, requires Privilege::Use of deployments’ instances|uses :deploymentsselected to find deployments, uses :deploymentspresetfilter, :deploymentssearch params to applyfilters to Deployment, and :page param to paginate Deployments |yes|can functionality can be delegated to a lower method?|
|deployments|multidestroy|y|requires Privilege::Modify on deployments specified by :deploymentsselected, retrieves pools which the currentuser has Privilege::Create on deployments|uses :deploymentsselected param to find deployment, uses :backlink param as redirect path, uses :deploymentspresetfilter, :deploymentssearch params to applyfilters to Deployment, and :page param to paginate Deployments|yes| |
|deployments|launchnew|y|requires Privilege::Create on deployments in the pool specified by the :poolid param|uses :poolid param to find Pool|yes| |
|deployments|launchtimeparams|y|requires Privileges::Create on deployments in the pool corresponding to that specified in the :deployment param|:deployableid param is used to find the deployable, :deployment param is used to construct a new deployment|yes| |
|deployments|overview|y|requires Privileges::Create on deployments in the pool corresponding to that specified in the :deployment param, retrieves deployables which the currentuser has Privilege::USE on, retrieves pools which the currentuser has Privilege::Create on deployments|:deployableid param is used to find the deployable, :deployment param is used to construct a new deployment|yes|Does not enforce permission checks on deployable found by deployableid or realms/hardwareprofiles retrieved (change?)|
|deployments|checkname|y|n|uses :name param to find deployable by name, returns true/false|yes|remove race condition comment|
|deployments|launchfromcatalog|y|requires Privilege::View on catalog specified by catalogid|uses :catalogid to find catalog, uses :page command to paginate catalog deployables|yes| |
|deployments|filter|y|no|uses :deploymentspresetfilter and :deploymentssearch params to construct redirectto location|yes||
|deployments|index|y|retrieves pools which the currentuser has Privilege::Create on deployments, retrieves deployments in those pools|uses :deploymentspresetfilter and :deploymentssearch params to filter deployments and :page param to paginate|yes| |
|deployments|create|y|requires Privileges::Create on deployments in the pool corresponding to that specified in the :deployment param, retrieves deployables which the currentuser has Privilege::USE on, retrieves pools which the currentuser has Privilege::Create on deployments|:deployableid param is used to find the deployable, :launchparametersencoded param is used to populate params[:deployment][:launchparameters], :deployment param is used to construct a new deployment, :commit param used to direct flow control|yes|method can be simplified? scope of respondto should be reduced, seems to do some steps twice|
|deployments|new|y| | | | |
|deployments|edit|y|requires Privilege::Modify on deployment specified by :id|uses :id param to find deployment|yes||
|deployments|show|y|requires Privilege::VIEW on deployment found w/ :id param, retrieves deployables which the currentuser has Privilege::USE on, retrieves pools which the currentuser has Privilege::Create on deployments|uses :id param to find deployment, uses :instancespresetfilter, :instancesearch params to applyfilters to Instance, uses :detailtab param to render view components|y|should further permission checks be performed on instances?|
|deployments|update|y|requires Privilege::Modify on deployment specified by :id|uses :id param to find deployment, uses :deployment param to updateattributes of deployment found|yes||
|deployments|destroy|y|requires Privilege::Modify on deployment specified by :id, retrieves pools which the currentuser has Privilege::Create on deployments|uses :id param to find deployment, uses :deployment param to updateattributes of deployment found|yes| |
|instances|index|yes|instances are loaded for pools which currentuser has Privilege::CREATE on Instance|assigns params array to params member and uses :deployment_id, :instances_preset_filter, and :instances_search params to apply_filter and where clause of Instance queries, uses :deployments_preset_filter, :deployments_search params to apply_filters to Deployment, and :page param to paginate Deployments|yes|| |instances|create|yes||||empty method, remove?| |instances|new|yes||||emtpy method, remove?| |instances|edit|yes|Privilege::MODIFY and Privilege::USE on the instance specified with :id param|:id param is used to find the instance|yes|| |instances|show|yes|instances are loaded for pools which current_user has Privilege::CREATE on Instance and requires Privilege::USE on instances specified by :id param|uses :details_tab and :details pane params to format view components, :page param to paginate instance events|yes|| |instances|update|yes|Privilege::MODIFY on instance specified w/ :id param|uses params to updateattributes of instance specified by :id param|yes||
|instances|destroy|yes|Privilege::MODIFY on instance (s) specified by :id or :ids params|:id and :ids params used to lookup instances|yes||
|instances|start|||||method not defined, remove?|
|instances|multistop|yes|Privilege::USE,instance on instances specified with:instanceselected param|params[:instanceselected] used to find Instances, params used as the redirectto path on success|yes||
|instances|multireboot|yes|Privilege::USE,instance on instances specified with:instanceselected param|params[:instanceselected] used to find Instances, params used as the redirectto path on success|yes||
|instances|removefailed|||||method not defined, remove?|
|instances|exportevents|yes|instances are loaded for pools which currentuser has Privilege::CREATE on Instance|uses :deploymentid, :instancespresetfilter, and :instancessearch params to applyfilter and where clause of Instance queries|yes|will export.csv be ovrerridden for each request? (will this result in a race condition on parallel requests?)|
|instances|filter|yes|no|uses :instancespresetfilter and :instancessearch params to construct redirectto location|yes||
|instances|key|yes|Privilege::MODIFY on instance specified w/ :id param|uses :id to find instance|yes|| |instances|stop|yes|no!|:id is used to lookup instance|yes|| |instances|reboot|yes|no!|:id is used to lookup instance|yes|| |instance_parameters|index|||||controller does not exist, route placeholder added, never implemented| |instance_parameters|create|||||controller does not exist| |instance_parameters|new|||||controller does not exist| |instance_parameters|edit|||||controller does not exist| |instance_parameters|show|||||controller does not exist| |instance_parameters|update|||||controller does not exist| |instance_parameters|destroy|||||controller does not exist| |image_imports|index|||||controller does not exist, removed [https://github.com/aeolusproject/conductor/commit/32cbe3b1c69c14c18b35300ecb903c4e103aefa6], route should be removed| |image_imports|create|||||controller does not exist, removed| |image_imports|new|||||controller does not exist, removed| |image_imports|edit|||||controller does not exist, removed| |image_imports|show|||||controller does not exist, removed| |image_imports|update|||||controller does not exist, removed| |image_imports|destroy|||||controller does not exist, removed| |hardware_profiles|multi_destroy|yes|Privilege::MODIFY on hardware profiles specified by params[::hardware_profile_selected]|:hardware_profile_selected param used to find hardwareprofiles to destroy|yes|| |hardware_profiles|filter|yes|no (change?)|uses :hardware_profiles_preset_filter and :hardware_profiles_search params to construct redirect_to location|yes|| |hardware_profiles|index|yes|no|assigns params array to params member and uses params[:hardwareprofile] subattributes to construct new hwp|yes||
|hardwareprofiles|create|yes|Privilege::CREATE on HardwareProfile|params[:hardwareprofile] used to create a new hwp and :commit param used to determine rendering/redirect flow control|yes|see note about matchingproviderhardwareprofiles|
|hardwareprofiles|new|yes|Privilege::CREATE on HardwareProfile|n/a|yes|
|hardwareprofiles|edit|yes|Privilege::MODIFY on hardwareprofile specified by :id param|:id param is used to find User|yes|see note about matchingproviderhardwareprofiles|
|hardwareprofiles|show|yes|Privilege::VIEW on hardware_profile specified by :id param|uses :details_tab and :details pane params to format view components, :id param to lookup hwp|yes|| |hardware_profiles|update|yes|Privilege::MODIFY on hardwareprofile specified by id; and Privilege::VIEW on HardwareProfile|params[:id] used to find hwp, params[:hardwareprofile] used to construct hwp|yes|see note about matchingproviderhardwareprofiles|
|hardwareprofiles|destroy|yes|Privilege::MODIFY on hardwareprofile specified by :id param|:id param is used to find User|yes||
|provideraccounts|multidestroy|yes|requires Privilege::Modify on provideraccounts specified by :accountsselected param|uses providerid param to find provider, uses :accountsselected param to find provideraccounts to destroy|yes|require privilege::modify on provider?|
|provideraccounts|setselectedprovider|yes|n/a|uses :provideraccount to find provider|yes||
|provideraccounts|index|yes|retrieves provider accounts the currentuser has Privilege::VIEW on||yes||
|provideraccounts|create|yes|requires Privilege::Create on ProviderAccounts on provider specified by params[:provideraccount]|uses :provideraccount[:provider] param to find provider by name, uses :provideraccount param to find provider, uses :provideraccount param to create new provider, uses :quota][:maximumrunninginstances] to setmaximumrunninginstance on provider account quota|yes||
|provideraccounts|new|yes|n/a|uses :providerid to find provider|yes||
|provideraccounts|edit|yes|requires Privilege::Modify on provideraccount specified by :id param|uses :id to find provideraccount, uses :providerid to find provider|yes|update method also requires user to have Privilege::Modify on provider, need to enforce that here by restricting which provider accounts are retrieved?|
|provideraccounts|show|yes|retrieves provider accounts the currentuser has Privilege::VIEW on, requires Privilege::VIEW on the provideraccount specified by the :id param|uses :id param to find provider account, uses :providerid to find provider, uses :detailstab param to render view components, uses :testaccount param to direct flow control|yes||
|provideraccounts|update|yes|requires Privilege::Modify on provideraccount specified by :id param, and provideraccount.provider|uses :id param to find provideraccount to update, uses :quota to setmaximumrunninginstances on provider account ,uses :provideraccount param to updateattributes of provideraccount |yes||
|provideraccounts|destroy|yes|requires Privilege::Modify on provider_account|uses :id param to find provider_account to destroy, uses :provider_id param to find provider|yes|| |providers|multi_destroy|||||method does not exist, remove| |providers|index|yes|retrieves list of providers current user has Privilege::View on|assigns params array to params member and uses session[:currentproviderid] to find provider|yes||
|providers|create|yes|retrieves list of providers current user has Privilege::View on and Privilege::CREATE on Provider|uses :provider param to create new provider and lookup provider type|yes||
|providers|new|yes|retrieves list of providers current user has Privilege::View on and requires Privilege::CREATE on Provider |n/a|yes||
|providers|edit|yes|retrieves list of providers current user has Privilege::View on, list of provider accounts current user has Privilege::View on, and requires Privilege::MODIFY & Privilege::VIEW on provider specified by :id|uses :id param to lookup provider, :testprovider param as flow control boolean, :detailstab to format view component|yes||
|providers|show|yes|retrieves list of providers current user has Privilege::View on and requires Privilege::VIEW on provider specified by :id|uses :id param to lookup provider, :testprovider param as flow control boolean, :detailstab and :detailspane parameters to format view components|yes||
|providers|update|yes|retrieves list of providers current user has Privilege::View on, list of provider accounts current user has Privilege::View on, and requires Privilege::MODIFY & Privilege::VIEW on provider specified by :id param|uses :id param to find provider, params to update provider attributes, :detailstab to format view components,:provideraccountspresetfilter and :provideraccountssearch to applyfilters to provider accounts|yes||
|providers|destroy|yes|retrieves list of providers current user has Privilege::View on and requires Privilege::MODIFY on provider specified by :id param|uses :id param to find provider to destroy|yes||
|configservers|test|yes|no|uses :id param to find config server|yes|evaluated v0.9.0rc1 as 0.4.0 didn’t incorporate configservers|
|configservers|index|yes||||method missing|
|configservers|new|yes|requires Privilege::Modify on provideraccount specified by :provideraccountid param|uses :provideraccountid to find provideraccount|yes||
|configservers|create|yes|requires Privilege::Modify on provideraccount specified by :provideraccountid param|uses :provideraccountid to find provideraccount, uses :configserver to create new configserver|yes|calls strip! on each configserver param|
|configservers|edit|yes|requires Privilege::Modify on provideraccount of configserver specified by :id|uses :id to find configserver|yes||
|configservers|show|yes||||method missing|
|configservers|update|yes|requires Privilege::Modify on provideraccount of configserver specified by :id param|uses :id to find configserver to update, uses :configserver to updateattributes of configserver found|yes|calls strip! on each configserver param|
|configservers|destroy|yes|requires Privilege::Modify on provideraccount of configserver specified by :id param|uses :id to find configserver to destroy|yes||
|roles|multidestroy|y|requires Privilege::PERMSET|uses :roleselected param to find roles to destroy|yes||
|roles|index|y|no?|uses :orderfield, :orderdir, :page to paginate / sort roles retrieved|yes||
|roles|create|y|requires Privilege::PERMSET|n/a|yes|
|roles|new|y|requires Privilege::PERMSET|uses :role param to create new role|yes|note about roles scope needs to be flushed out|
|roles|edit|y|requires Privilege::PERMSET|uses :id param to find the role|yes||
|roles|show|y|requires Privilege::PERMVIEW|uses :id param to find the role; uses :detailstab, :detailspane params to format view components|no|details tab param should be validated before being passed into render partial|
|roles|update|y|requires Privilege::PERMSET|uses :id param to find the role; uses :commit param to direct flow control, uses :role param to update role found|yes||
|roles|destroy|y|requires Privilege::PERMSET|uses :id param to find the role|yes||
|poolfamilies|multidestroy|y|requires Privilege::Modify on pool families specified by :poolfamilyselect param|uses :poolfamilyselect param to find pool families to destroy|yes||
|poolfamilies|addprovideraccount|y|requires Privilege::Modify on pool family specified by :id, requires Privileges::Use on provider accounts specified by :accountsselected param, retrieves provider accounts the current user has Privilege::User on|uses :id param to find pool family, uses :accountsselected param to find provider accounts to add to pool family|yes||
|poolfamilies|removeprovideraccounts|y|requires Privilege::Modify on pool family specified by :id|uses :id param to find pool family, uses :accountsselected param to find provider accounts to remove from pool family|yes||
|poolfamilies|index|y|retrieves PoolFamilies which the currentuser has Privilege::View on Pool|uses :orderfield, :orderdir params to sort pool families|yes||
|poolfamilies|create|y|requires Privilege::Create on PoolFamily|n/a|yes|
|poolfamilies|new|y|requires Privilege::Create on PoolFamily|uses :poolfamily param to create new pool family|yes||
|poolfamilies|edit|y|requires Privilege::Modify on pool family specified by :id|uses :id param to find pool family|yes||
|poolfamilies|show|y|requires Privilege::View on pool family specified by :id param, retrieves PoolFamilies which the currentuser has Privilege::View on Pool|uses :id to find PoolFamily, uses :orderfield, :orderdir params to sort pool families, uses detailstab param to render view components|yes|should restrict found images?|
|poolfamilies|update|y|requires Privilege::Modify on pool family specified by :id|uses :id param to find pool family, uses :poolfamily param to updateattributes of pool family|yes||
|poolfamilies|destroy|y|requires Privilege::Modify on pool family specified by :id|uses :id param to find pool family|yes||
|realms|multidestroy|y|requires Privilege::MODIFY on Realm|uses :realmselected param to find realms to destroy |yes|can be optimized to call requireprivilege method once|
|realms|index|y|no|uses :realmspresetfilter, :realmssearch params to applyfilters to FrontendRealms retrieved|yes||
|realms|filter|y|no |uses :realmspresetfilter and :realmssearch params to construct redirectto location|yes||
|realms|new|y|requires Privilege::CREATE on Realm, retrieves privileges on which currentuser has Privilege::VIEW|n/a|yes||
|realms|create|y|requires Privilege::CREATE on Realm, retrieves privileges on which currentuser has Privilege::VIEW|uses :frontendrealm param to create new realm|yes||
|realms|edit|y|requires Privilege::MODIFY on Realm, retrieves privileges on which currentuser has Privilege::VIEW|uses :id param to find FrontendRealm|yes||
|realms|show|y|no?|uses :id param to find FrontendRealm; uses :detailstab, :detailspane params to format view components|yes||
|realms|update|y|requires Privilege::MODIFY on Realm, retrieves privileges on which currentuser has Privilege::VIEW|uses :id param to find FrontendRealm; uses :commit param to direct flow control, uses :frontendrealm param to updateattributes of realm found|yes||
|realms|destroy|y|requires Privilege::MODIFY on Realm|uses :id param to find FrontendRealm to destroy|yes||
|providerrealms|index|yes|n/a|uses :providerrealmspresetfilter, and :providerrealmssearch to applyfilters params to realms|yes |evaluated v0.9.0rc1 as 0.4.0 didn’t incorporate providerrealms, should restrict providers retrieved in any way?|
|providerrealms|filter|yes|n/a|uses :providerrealmspresetfilter, and :providerrealmssearch params to construct redirectto location|yes||
|providerrealms|create|||||method does not exist|
|providerrealms|new|||||method does not exist|
|providerrealms|edit|||||method does not exist|
|providerrealms|show|yes|n/a|uses :id param to find realm, uses :detailstab and :details pane params to format view components|yes||
|providerrealms|update|||||method does not exist|
|providerrealms|destroy|||||method does not exist|
|realmmappings|new|yes|requires Privilege::Create on Realm, retrieves providers which the currentuser has Privilege::View on|uses :frontendrealmid, :realmorprovidertype to construct placeholder RealmBackendTarget |yes |if :realmorprovidertype param == ‘Realm’, all realms are retrieved, want to limit this?|
|realmmappings|multidestroy|yes|requires Privilege::Modify on Realm|uses :id param to find RealmBackendTarget to destroy, uses :frontendrealmid param to construct redirect path|yes||
|realmmappings|index|||||method does not exist|
|realmmappings|create|yes|requires Privilege::Create on Realm|uses :realmbackendtargets param to create new RealmBackendTarget|yes||
|realmmappings|edit|||||method does not exist|
|realmmappings|show|||||method does not exist|
|realmmappings|update|||||method does not exist|
|realmmappings|destroy|||||method does not exist|
|deployables|multidestroy|y|requires Privilege::Modify on deployables found w/ :deployablesselected param|:deployablesselected param is used to find deployable, :catalogid param is used to find catalog if present|no|Permission check should be enforced on catalog retrieved|
|deployables|filter|y|no (change?)|uses :catalogentriespresetfilter and :catalogentriessearch params to construct redirectto location|yes||
|deployables|definition|y|requires Privilege::View on deployable found w/ :id param|:id param is used to find deployable|yes||
|deployables|build|y|requires Privilege::View on deployable found w/ :id param, requires Privilege::Modify on catalog found by :catalogid param if present, retrieves provider accounts currentuser has Privilege::VIEW on|:id param is used to find deployable, :catalogid param is used to find catalog if present, uses :buildoptions to determine flow control |yes||
|deployables|index|y|retrieves all deployables which currentuser has Privilege::VIEW on ‘’’only if’’’ catalogid is not self, no permission check otherwise|uses :catalogid to lookup catalog|no|uses :environment param to find pool family, sets name member var using :name param, sets xml using :imagexml param; :back, :makedeployable params is used to direct flow control|yes||
|images|new|y|retrieves provider accounts which currentuser has Privilege::Use on|uses :tab param to direct flow control, uses :enviornment param to find PoolFamilies|yes||
|images|edit|||||method does not exist and should be removed|
|images|show|y|no!|uses :id param to find warehouse image, uses :build param to select build if present|yes||
|images|update|||||method does not exist and should be removed|
|images|multidestroy|y|no|uses :imagesselected param to find image warehouse images to destroy|yes||
|targetimages|index|||||method does not exist|
|targetimages|create|yes|requires Privilege::Use on poolfamily of warehouse image specified by :imageid param|uses :imageid to find warehouse image, uses :imageid, :buildid, and :target params to create new image factory image; uses :imageid, :buildid params to construct redirectpath|no|should verify user has rights to warehouse image and build, should not use global exception variables, evaluated v0.9.0rc1 as 0.4.0 didn’t incorporate targetimages|
|targetimages|new|||||method does not exist|
|targetimages|edit|||||method does not exist|
|targetimages|show|||||method does not exist|
|targetimages|update|||||method does not exist|
|targetimages|destroy|yes|requires Privilege::Use on poolfamily of warehouse image specified by :imageid param|uses :imageid param to find warehouse image, uses :id param to find warehouse target image to destroy; uses :imageid param to construct redirectpath|yes |should require additional restrictions to delete image, look into rescue nil bit|
|providerimages|index|||||method does not exist|
|providerimages|create|yes|requires Privilege::Use on poolfamily of warehouse image specified by :imageid param|uses :imageid to find warehouse image, uses :accountid to find provideraccount, uses :imageid, :buildid, :targetimageid params to create new image factory provider image; uses :imageid, :buildid to construct redirectto path|no|should restrict provider account to ensure user has access; evaluated v0.9.0rc1 as 0.4.0 didn’t incorporate providerimages|
|providerimages|new|||||method does not exist|
|providerimages|edit|||||method does not exist|
|providerimages|show|||||method does not exist|
|providerimages|update|||||method does not exist|
|providerimages|destroy|yes|requires Privilege::Use on poolfamily of warehouse image specified by :imageid param|uses :imageid param to find warehouse image, uses :id param to find warehouse image to destroy; uses :imageid param to construct redirectpath|yes (?)|should require additional restrictions to delete image, look into rescue nil bit|
|providerimages|index|||||method does not exist|
|providertypes|index|yes||||yes||
|dashboard|dashboard|||||dashboard controller removed|