remove the ORing of local roles, check against organization roles

2026-01-14 19:30:39 -03:30 · 2016-05-17 13:56:11 -04:00 · 2016-05-17 13:56:11 -04:00 · 2e4c26a77f
commit 2e4c26a77f
parent 863105435e
3 changed files with 5 additions and 12 deletions
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@ -225,14 +225,7 @@ class ImplicitRoleField(models.ForeignKey):
        parent_roles = set()

        for path in paths:
-            if type(path) == tuple:
-                for or_path in path:
-                    if or_path.startswith("singleton:"):
-                        raise Exception("Unable to use Singleton role in an OR context.")
-                    parents = resolve_role_field(instance, or_path)
-                    if len(parents) is not 0:
-                        break
-            elif path.startswith("singleton:"):
+            if path.startswith("singleton:"):
                singleton_name = path[10:]
                Role_ = get_current_apps().get_model('main', 'Role')
                qs = Role_.objects.filter(singleton_name=singleton_name)
--- a/awx/main/migrations/0008_v300_rbac_changes.py
+++ b/awx/main/migrations/0008_v300_rbac_changes.py
@ -220,7 +220,7 @@ class Migration(migrations.Migration):
        migrations.AddField(
            model_name='jobtemplate',
            name='admin_role',
-            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[(b'project.admin_role', b'inventory.admin_role')], to='main.Role', null=b'True'),
+            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'project.organization.admin_role', b'inventory.organization.admin_role'], to='main.Role', null=b'True'),
        ),
        migrations.AddField(
            model_name='jobtemplate',
@ -230,7 +230,7 @@ class Migration(migrations.Migration):
        migrations.AddField(
            model_name='jobtemplate',
            name='read_role',
-            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[(b'project.organization.auditor_role', b'inventory.organization.auditor_role'), b'execute_role', b'admin_role'], to='main.Role', null=b'True'),
+            field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'project.organization.auditor_role', b'inventory.organization.auditor_role', b'execute_role', b'admin_role'], to='main.Role', null=b'True'),
        ),
        migrations.AddField(
            model_name='organization',
--- a/awx/main/models/jobs.py
+++ b/awx/main/models/jobs.py
@ -221,13 +221,13 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, ResourceMixin):
        default={},
    )
    admin_role = ImplicitRoleField(
-        parent_role=[('project.admin_role', 'inventory.admin_role')]
+        parent_role=['project.organization.admin_role', 'inventory.organization.admin_role']
    )
    execute_role = ImplicitRoleField(
        parent_role=['admin_role'],
    )
    read_role = ImplicitRoleField(
-        parent_role=[('project.organization.auditor_role', 'inventory.organization.auditor_role'), 'execute_role', 'admin_role'],
+        parent_role=['project.organization.auditor_role', 'inventory.organization.auditor_role', 'execute_role', 'admin_role'],
    )

    @classmethod