External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-23 14:05:59 -03:30
Code Issues Packages Projects Releases Wiki Activity

Fix Role Definition Reverse Sync (#7097)

Browse Source 
* created manual sync for role definition

* made changes for only read role
This commit is contained in:
Stevenson Michel
2025-09-11 14:51:24 -04:00
committed by AlanCoding
parent 8fb6a3a633
commit 0fa8135691
1 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
awx/main/models/rbac.py
View File

@@ -29,6 +29,7 @@ from django.conf import settings
from ansible_base.rbac.models import RoleDefinition, RoleUserAssignment, RoleTeamAssignment
from ansible_base.rbac.sync import maybe_reverse_sync_assignment, maybe_reverse_sync_unassignment
from ansible_base.rbac import permission_registry
from ansible_base.resource_registry.signals.handlers import no_reverse_sync
from ansible_base.lib.utils.models import get_type_for_model
# AWX
@@ -570,13 +571,18 @@ def get_role_definition(role):
with impersonate(None):
try:
rd, created = RoleDefinition.objects.get_or_create(name=rd_name, permissions=perm_list, defaults=defaults)
with no_reverse_sync():
rd, created = RoleDefinition.objects.get_or_create(name=rd_name, permissions=perm_list, defaults=defaults)
except ValidationError:
# This is a tricky case - practically speaking, users should not be allowed to create team roles
# or roles that include the team member permission.
# If we need to create this for compatibility purposes then we will create it as a managed non-editable role
defaults['managed'] = True
rd, created = RoleDefinition.objects.get_or_create(name=rd_name, permissions=perm_list, defaults=defaults)
with no_reverse_sync():
rd, created = RoleDefinition.objects.get_or_create(name=rd_name, permissions=perm_list, defaults=defaults)
if created and rbac_sync_enabled.enabled:
sync_role_definition_manually(rd)
return rd
@@ -899,3 +905,13 @@ def sync_user_assignments_to_old_rbac_create(instance, **kwargs):
m2m_changed.connect(sync_members_to_new_rbac, Role.members.through)
m2m_changed.connect(sync_parents_to_new_rbac, Role.parents.through)
def sync_role_definition_manually(role_definition):
"""
Manually sync a RoleDefinition using the existing sync methods.
"""
if not rbac_sync_enabled.enabled:
return
maybe_reverse_sync_assignment(role_definition)