External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-06 03:01:06 -03:30
Code Issues Packages Projects Releases Wiki Activity

Added singleton role support method and parent_role auto-binder in the ImplicitRoleField

Browse Source 
Also fixed bug in the single object permission lookup.
This commit is contained in:
Akita Noek
2016-01-29 16:37:13 -05:00
parent 4d080497cc
commit 1035a6737e
3 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
awx/main/fields.py
View File

@@ -119,11 +119,17 @@ class ImplicitRoleDescriptor(ReverseSingleRelatedObjectDescriptor):
# Add all non-null parent roles as parents # Add all non-null parent roles as parents
if type(self.parent_role) is list: if type(self.parent_role) is list:
for path in self.parent_role: for path in self.parent_role:
parent = resolve_field(instance, path) if path.startswith("singleton:"):
parent = Role.singleton(path[10:])
else:
parent = resolve_field(instance, path)
if parent: if parent:
role.parents.add(parent) role.parents.add(parent)
else: else:
parent = resolve_field(instance, self.parent_role) if self.parent_role.startswith("singleton:"):
parent = Role.singleton(self.parent_role[10:])
else:
parent = resolve_field(instance, self.parent_role)
if parent: if parent:
role.parents.add(parent) role.parents.add(parent)
setattr(instance, self.field.name, role) setattr(instance, self.field.name, role)

4
awx/main/models/mixins.py
View File

@@ -113,7 +113,7 @@ class ResourceMixin(models.Model):
FROM %(rbac_permission)s FROM %(rbac_permission)s
LEFT JOIN %(rbac_role_hierachy)s LEFT JOIN %(rbac_role_hierachy)s
ON (%(rbac_permission)s.role_id = %(rbac_role_hierachy)s.role_id) ON (%(rbac_permission)s.role_id = %(rbac_role_hierachy)s.role_id)
LEFT JOIN %(rbac_role)s_members INNER JOIN %(rbac_role)s_members
ON ( ON (
%(rbac_role)s_members.role_id = %(rbac_role_hierachy)s.ancestor_id %(rbac_role)s_members.role_id = %(rbac_role_hierachy)s.ancestor_id
AND %(rbac_role)s_members.user_id = %(user_id)d AND %(rbac_role)s_members.user_id = %(user_id)d
@@ -142,6 +142,8 @@ class ResourceMixin(models.Model):
''' '''
perms = self.get_permissions(user) perms = self.get_permissions(user)
if not perms:
return False
for k in permissions: for k in permissions:
if k not in perms or perms[k] < permissions[k]: if k not in perms or perms[k] < permissions[k]:
return False return False

11
awx/main/models/rbac.py
View File

@@ -26,6 +26,7 @@ class Role(CommonModelNameNotUnique):
verbose_name_plural = _('roles') verbose_name_plural = _('roles')
db_table = 'main_rbac_roles' db_table = 'main_rbac_roles'
singleton_name = models.TextField(null=True, default=None, db_index=True, unique=True)
parents = models.ManyToManyField('Role', related_name='children') parents = models.ManyToManyField('Role', related_name='children')
members = models.ManyToManyField('auth.User', related_name='roles') members = models.ManyToManyField('auth.User', related_name='roles')
@@ -74,6 +75,16 @@ class Role(CommonModelNameNotUnique):
setattr(permission, k, int(permissions[k])) setattr(permission, k, int(permissions[k]))
permission.save() permission.save()
@staticmethod
def singleton(name):
try:
return Role.objects.get(singleton_name=name)
except Role.DoesNotExist:
ret = Role(singleton_name=name)
ret.save()
return ret;
class RoleHierarchy(CreatedModifiedModel): class RoleHierarchy(CreatedModifiedModel):
''' '''