External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-12 18:40:01 -03:30
Code Issues Packages Projects Releases Wiki Activity

Change org admin role access for inventory scripts

Browse Source 
Previously a super user was required to create and administer custom
inventory scripts.   Since these are tied to organizations this commit
extends orgadmin admininstration abilities to custom scripts within
their organization
This commit is contained in:
Matthew Jones 2016-06-22 13:58:14 -04:00
parent 87f1f6f8e6
commit 0fda36116a
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
awx/main/access.py
View File

@ -1506,6 +1506,12 @@ class CustomInventoryScriptAccess(BaseAccess):
return self.model.objects.distinct().all()
return self.model.accessible_objects(self.user, 'read_role').all()
@check_superuser
def can_add(self, data):
org_pk = get_pk_from_dict(data, 'organization')
org = get_object_or_400(Organization, pk=org_pk)
return self.user in org.admin_role
@check_superuser
def can_admin(self, obj):
return self.user in obj.admin_role

4
awx/main/tests/functional/test_rbac_inventory.py
View File

@ -12,6 +12,7 @@ from django.apps import apps
@pytest.mark.django_db
def test_custom_inv_script_access(organization, user):
u = user('user', False)
ou = user('oadm', False)
custom_inv = CustomInventoryScript.objects.create(name='test', script='test', description='test')
custom_inv.organization = organization
@ -21,6 +22,9 @@ def test_custom_inv_script_access(organization, user):
organization.member_role.members.add(u)
assert u in custom_inv.read_role
organization.admin_role.members.add(ou)
assert ou in custom_inv.admin_role
@pytest.mark.django_db
def test_inventory_admin_user(inventory, permissions, user):
u = user('admin', False)