Added singleton role support method and parent_role auto-binder in the ImplicitRoleField

Also fixed bug in the single object permission lookup.
2026-01-12 02:19:58 -03:30 · 2016-01-29 16:37:13 -05:00 · 2016-01-29 16:37:13 -05:00 · 1035a6737e
commit 1035a6737e
parent 4d080497cc
3 changed files with 22 additions and 3 deletions
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@ -119,11 +119,17 @@ class ImplicitRoleDescriptor(ReverseSingleRelatedObjectDescriptor):
            # Add all non-null parent roles as parents
            if type(self.parent_role) is list:
                for path in self.parent_role: 
-                    parent = resolve_field(instance, path)
+                    if path.startswith("singleton:"):
+                        parent = Role.singleton(path[10:])
+                    else:
+                        parent = resolve_field(instance, path)
                    if parent:
                        role.parents.add(parent)
            else:
-                parent = resolve_field(instance, self.parent_role)
+                if self.parent_role.startswith("singleton:"):
+                    parent = Role.singleton(self.parent_role[10:])
+                else:
+                    parent = resolve_field(instance, self.parent_role)
                if parent:
                    role.parents.add(parent)
        setattr(instance, self.field.name, role)
--- a/awx/main/models/mixins.py
+++ b/awx/main/models/mixins.py
@ -113,7 +113,7 @@ class ResourceMixin(models.Model):
                      FROM %(rbac_permission)s 
                      LEFT JOIN %(rbac_role_hierachy)s 
                           ON (%(rbac_permission)s.role_id = %(rbac_role_hierachy)s.role_id)
-                      LEFT JOIN %(rbac_role)s_members 
+                     INNER JOIN %(rbac_role)s_members 
                           ON (
                                 %(rbac_role)s_members.role_id = %(rbac_role_hierachy)s.ancestor_id
                                 AND %(rbac_role)s_members.user_id = %(user_id)d
@ -142,6 +142,8 @@ class ResourceMixin(models.Model):
        '''

        perms = self.get_permissions(user)
+        if not perms:
+            return False
        for k in permissions:
            if k not in perms or perms[k] < permissions[k]:
                return False
--- a/awx/main/models/rbac.py
+++ b/awx/main/models/rbac.py
@ -26,6 +26,7 @@ class Role(CommonModelNameNotUnique):
        verbose_name_plural = _('roles')
        db_table = 'main_rbac_roles'

+    singleton_name = models.TextField(null=True, default=None, db_index=True, unique=True)
    parents = models.ManyToManyField('Role', related_name='children')
    members = models.ManyToManyField('auth.User', related_name='roles')

@ -74,6 +75,16 @@ class Role(CommonModelNameNotUnique):
            setattr(permission, k, int(permissions[k]))
        permission.save()

+    @staticmethod
+    def singleton(name):
+        try:
+            return Role.objects.get(singleton_name=name)
+        except Role.DoesNotExist:
+            ret = Role(singleton_name=name)
+            ret.save()
+            return ret;
+
+

 class RoleHierarchy(CreatedModifiedModel):
    '''