External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-13 11:00:03 -03:30
Code Issues Packages Projects Releases Wiki Activity

Make system admin and system auditor visible to oprhaned users.

Browse Source
This commit is contained in:
Aaron Tan 2016-08-10 14:33:25 -04:00
parent 9fe408c6f7
commit 300020df07
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
awx/main/models/rbac.py
View File

@ -376,12 +376,13 @@ class Role(models.Model):
@staticmethod
@check_singleton
def visible_roles(user):
def visible_roles(user, include_super=True):
sql_params = {
'ancestors_table': Role.ancestors.through._meta.db_table,
'parents_table': Role.parents.through._meta.db_table,
'roles_table': Role._meta.db_table,
'ids': ','.join(str(x) for x in user.roles.values_list('id', flat=True))
'ids': ','.join(str(x) for x in user.roles.values_list('id', flat=True)),
'mandatories': ','.join(('\'system_administrator\'', '\'system_auditor\'')),
}
qs = Role.objects.extra(
@ -394,6 +395,17 @@ class Role(models.Model):
)
''' % sql_params]
)
if include_super:
super_qs = Role.objects.extra(
where = ['''
%(roles_table)s.id IN (
SELECT DISTINCT visible_roles_t3.id
FROM %(roles_table)s as visible_roles_t3
WHERE visible_roles_t3.singleton_name IN (%(mandatories)s)
)
''' % sql_params]
)
qs = qs | super_qs
return qs
@staticmethod