External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-22 08:17:39 -02:30
Code Issues Packages Projects Releases Wiki Activity

Add Credential Admin role

Browse Source
This commit is contained in:
Wayne Witzel III
2018-01-26 15:43:00 +00:00
parent 6c951aa883
commit 109841c350
4 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
awx/main/access.py
View File

@@ -991,7 +991,7 @@ class CredentialAccess(BaseAccess):
def can_change(self, obj, data): def can_change(self, obj, data):
if not obj: if not obj:
return False return False
return self.user in obj.admin_role and self.check_related('organization', Organization, data, obj=obj) return self.user in obj.admin_role and self.check_related('organization', Organization, data, obj=obj, role_field='credential_admin_role')
def can_delete(self, obj): def can_delete(self, obj):
# Unassociated credentials may be marked deleted by anyone, though we # Unassociated credentials may be marked deleted by anyone, though we

2
awx/main/models/credential/__init__.py
View File

@@ -262,7 +262,7 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin):
admin_role = ImplicitRoleField( admin_role = ImplicitRoleField(
parent_role=[ parent_role=[
'singleton:' + ROLE_SINGLETON_SYSTEM_ADMINISTRATOR, 'singleton:' + ROLE_SINGLETON_SYSTEM_ADMINISTRATOR,
'organization.admin_role', 'organization.credential_admin_role',
], ],
) )
use_role = ImplicitRoleField( use_role = ImplicitRoleField(

3
awx/main/models/organization.py
View File

@@ -49,6 +49,9 @@ class Organization(CommonModel, NotificationFieldsModel, ResourceMixin, CustomVi
inventory_admin_role = ImplicitRoleField( inventory_admin_role = ImplicitRoleField(
parent_role='admin_role', parent_role='admin_role',
) )
credential_admin_role = ImplicitRoleField(
parent_role='admin_role',
)
auditor_role = ImplicitRoleField( auditor_role = ImplicitRoleField(
parent_role='singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR, parent_role='singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR,
) )

2
awx/main/models/rbac.py
View File

@@ -39,6 +39,7 @@ role_names = {
'admin_role' : _('Admin'), 'admin_role' : _('Admin'),
'project_admin_role' : _('Project Admin'), 'project_admin_role' : _('Project Admin'),
'inventory_admin_role' : _('Inventory Admin'), 'inventory_admin_role' : _('Inventory Admin'),
'credential_admin_role': _('Credential Admin'),
'auditor_role' : _('Auditor'), 'auditor_role' : _('Auditor'),
'execute_role' : _('Execute'), 'execute_role' : _('Execute'),
'member_role' : _('Member'), 'member_role' : _('Member'),
@@ -54,6 +55,7 @@ role_descriptions = {
'admin_role' : _('Can manage all aspects of the %s'), 'admin_role' : _('Can manage all aspects of the %s'),
'project_admin_role' : _('Can manage all projects of the %s'), 'project_admin_role' : _('Can manage all projects of the %s'),
'inventory_admin_role' : _('Can manage all inventories of the %s'), 'inventory_admin_role' : _('Can manage all inventories of the %s'),
'credential_admin_role': _('Can manage all credentials of the %s'),
'auditor_role' : _('Can view all settings for the %s'), 'auditor_role' : _('Can view all settings for the %s'),
'execute_role' : _('May run the %s'), 'execute_role' : _('May run the %s'),
'member_role' : _('User is a member of the %s'), 'member_role' : _('User is a member of the %s'),