Moved access_list url to <whatever>/id/access_list

Eg: organizations/1/access_list will now return a list of all users who have access to that organization. This replaces our initial implementation which was resources/id/access_list
2026-05-11 11:27:36 -02:30 · 2016-03-09 11:41:42 -05:00
parent efcd4efda2
commit 1989012fd5
4 changed files with 85 additions and 91 deletions
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -703,6 +703,12 @@ class OrganizationNotifiersSuccessList(SubListCreateAttachDetachAPIView):
    parent_model = Organization
    relationship = 'notifiers_success'

+class OrganizationAccessList(ResourceAccessList):
+
+    model = User # needs to be User for AccessLists's
+    resource_model = Organization
+    new_in_300 = True
+
 class TeamList(ListCreateAPIView):

    model = Team
@@ -783,6 +789,11 @@ class TeamActivityStreamList(SubListAPIView):
                         Q(credential__in=parent.credentials.all()) |
                         Q(permission__in=parent.permissions.all()))

+class TeamAccessList(ResourceAccessList):
+
+    model = User # needs to be User for AccessLists's
+    resource_model = Team
+    new_in_300 = True

 class ProjectList(ListCreateAPIView):

@@ -947,6 +958,12 @@ class ProjectUpdateNotificationsList(SubListAPIView):
    parent_model = Project
    relationship = 'notifications'

+class ProjectAccessList(ResourceAccessList):
+
+    model = User # needs to be User for AccessLists's
+    resource_model = Project
+    new_in_300 = True
+
 class UserList(ListCreateAPIView):

    model = User
@@ -1086,6 +1103,12 @@ class UserDetail(RetrieveUpdateDestroyAPIView):
            own_credential.mark_inactive()
        return super(UserDetail, self).destroy(request, *args, **kwargs)

+class UserAccessList(ResourceAccessList):
+
+    model = User # needs to be User for AccessLists's
+    resource_model = User
+    new_in_300 = True
+
 class CredentialList(ListCreateAPIView):

    model = Credential
@@ -1114,6 +1137,11 @@ class CredentialActivityStreamList(SubListAPIView):
        # Okay, let it through.
        return super(type(self), self).get(request, *args, **kwargs)

+class CredentialAccessList(ResourceAccessList):
+
+    model = User # needs to be User for AccessLists's
+    resource_model = Credential
+    new_in_300 = True

 class InventoryScriptList(ListCreateAPIView):

@@ -1174,6 +1202,12 @@ class InventoryActivityStreamList(SubListAPIView):
        qs = self.request.user.get_queryset(self.model)
        return qs.filter(Q(inventory=parent) | Q(host__in=parent.hosts.all()) | Q(group__in=parent.groups.all()))

+class InventoryAccessList(ResourceAccessList):
+
+    model = User # needs to be User for AccessLists's
+    resource_model = Inventory
+    new_in_300 = True
+
 class InventoryJobTemplateList(SubListAPIView):

    model = JobTemplate
@@ -1509,6 +1543,13 @@ class GroupDetail(RetrieveUpdateDestroyAPIView):
            obj.mark_inactive_recursive()
        return Response(status=status.HTTP_204_NO_CONTENT)

+class GroupAccessList(ResourceAccessList):
+
+    model = User # needs to be User for AccessLists's
+    resource_model = Group
+    new_in_300 = True
+
+
 class InventoryGroupsList(SubListCreateAttachDetachAPIView):

    model = Group
@@ -2186,6 +2227,12 @@ class JobTemplateJobsList(SubListCreateAPIView):
    relationship = 'jobs'
    parent_key = 'job_template'

+class JobTemplateAccessList(ResourceAccessList):
+
+    model = User # needs to be User for AccessLists's
+    resource_model = JobTemplate
+    new_in_300 = True
+
 class SystemJobTemplateList(ListAPIView):

    model = SystemJobTemplate
@@ -3268,49 +3315,6 @@ class RoleChildrenList(SubListAPIView):
        role = Role.objects.get(pk=self.kwargs['pk'])
        return role.children

-'''
-class ResourceDetail(RetrieveAPIView):
-
-    model = Resource
-    serializer_class = ResourceSerializer
-    permission_classes = (IsAuthenticated,)
-    new_in_300 = True
-
-    # XXX: Permissions - only roles the user has access to see should be listed here
-    def get_queryset(self):
-        return Resource.objects
-
-class ResourceList(ListAPIView):
-
-    model = Resource
-    serializer_class = ResourceSerializer
-    permission_classes = (IsAuthenticated,)
-    new_in_300 = True
-
-    def get_queryset(self):
-        return Resource.objects.filter(permissions__role__ancestors__members=self.request.user)
-
-'''
-
-class ResourceAccessList(ListAPIView):
-
-    model = User
-    serializer_class = ResourceAccessListElementSerializer
-    permission_classes = (IsAuthenticated,)
-    new_in_300 = True
-
-    def get_queryset(self):
-        self.content_type_id = self.kwargs['content_type_id']
-        self.object_id = self.kwargs['pk']
-        #resource = Resource.objects.get(pk=self.kwargs['pk'])
-        content_type = ContentType.objects.get(pk=self.content_type_id)
-        obj = content_type.model_class().objects.get(pk=self.object_id)
-
-        roles = set([p.role for p in obj.role_permissions.all()])
-        ancestors = set()
-        for r in roles:
-            ancestors.update(set(r.ancestors.all()))
-        return User.objects.filter(roles__in=list(ancestors))