diff --git a/awx/api/generics.py b/awx/api/generics.py index 23dcce4d35..cdd10e497d 100644 --- a/awx/api/generics.py +++ b/awx/api/generics.py @@ -13,6 +13,7 @@ from django.shortcuts import get_object_or_404 from django.template.loader import render_to_string from django.utils.encoding import smart_text from django.utils.safestring import mark_safe +from django.contrib.contenttypes.models import ContentType # Django REST Framework from rest_framework.authentication import get_authorization_header @@ -475,7 +476,9 @@ class ResourceAccessList(ListAPIView): resource_model = getattr(self, 'resource_model') obj = resource_model.objects.get(pk=self.object_id) - roles = set([p.role for p in obj.role_permissions.all()]) + content_type = ContentType.objects.get_for_model(obj) + roles = set(Role.objects.filter(content_type=content_type, object_id=obj.id)) + ancestors = set() for r in roles: ancestors.update(set(r.ancestors.all())) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index fa6f56fe2a..bce2484e23 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -1518,8 +1518,10 @@ class ResourceAccessListElementSerializer(UserSerializer): team_content_type = ContentType.objects.get_for_model(Team) content_type = ContentType.objects.get_for_model(obj) - direct_permissive_role_ids = RolePermission.objects.filter(content_type=content_type, object_id=obj.id).values_list('role__id') - all_permissive_role_ids = RolePermission.objects.filter(content_type=content_type, object_id=obj.id).values_list('role__ancestors__id') + + content_type = ContentType.objects.get_for_model(obj) + direct_permissive_role_ids = Role.objects.filter(content_type=content_type, object_id=obj.id).values_list('id', flat=True) + all_permissive_role_ids = Role.objects.filter(content_type=content_type, object_id=obj.id).values_list('ancestors__id', flat=True) direct_access_roles = user.roles \ .filter(id__in=direct_permissive_role_ids).all()