External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-02 01:08:48 -03:30
Code Issues Packages Projects Releases Wiki Activity

Make system admin and system auditor visible to oprhaned users.

Browse Source
This commit is contained in:
Aaron Tan
2016-08-10 14:33:25 -04:00
parent 9fe408c6f7
commit 300020df07
1 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
awx/main/models/rbac.py
View File

@@ -376,12 +376,13 @@ class Role(models.Model):
@staticmethod @staticmethod
@check_singleton @check_singleton
def visible_roles(user): def visible_roles(user, include_super=True):
sql_params = { sql_params = {
'ancestors_table': Role.ancestors.through._meta.db_table, 'ancestors_table': Role.ancestors.through._meta.db_table,
'parents_table': Role.parents.through._meta.db_table, 'parents_table': Role.parents.through._meta.db_table,
'roles_table': Role._meta.db_table, 'roles_table': Role._meta.db_table,
'ids': ','.join(str(x) for x in user.roles.values_list('id', flat=True)) 'ids': ','.join(str(x) for x in user.roles.values_list('id', flat=True)),
'mandatories': ','.join(('\'system_administrator\'', '\'system_auditor\'')),
} }
qs = Role.objects.extra( qs = Role.objects.extra(
@@ -394,6 +395,17 @@ class Role(models.Model):
) )
''' % sql_params] ''' % sql_params]
) )
if include_super:
super_qs = Role.objects.extra(
where = ['''
%(roles_table)s.id IN (
SELECT DISTINCT visible_roles_t3.id
FROM %(roles_table)s as visible_roles_t3
WHERE visible_roles_t3.singleton_name IN (%(mandatories)s)
)
''' % sql_params]
)
qs = qs | super_qs
return qs return qs
@staticmethod @staticmethod