Add new endpoint for creation of approval nodes

2026-03-27 05:45:02 -02:30 · 2019-07-18 09:33:16 -04:00
parent 83f9681941
commit 320284267c
20 changed files with 148 additions and 76 deletions
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -2792,24 +2792,32 @@ class WorkflowApprovalAccess(BaseAccess):

    def can_start(self, obj, validate_license=True):
        return False
+    # &&&&&& ??? Start of the RBAC method ???
+    # def can_approve_or_deny(self, obj):
+    #     if self.user.is_superuser: # &&&&&& add "or self.user.approval_role"?
+    #         return True
+    #     return self.can_change(obj, ????)


+# &&&&&& Why is the below not showing up as a class now??
 class WorkflowApprovalTemplateAccess(BaseAccess):
    '''
+    I can create approval nodes when:
+     -
    I can approve workflows when:
-     - I'm authenticated
-    I can create when:
-     - I'm a superuser:
+     -
    '''

    model = WorkflowApprovalTemplate
    prefetch_related = ('created_by', 'modified_by',)

-    def can_read(self, obj):
-        return True
-
-    def can_use(self, obj):
-        return True
+    # &&&&&& I need to get the admin role of the WFJT, where WFJT is provided in the key portion vs the data (Alan said that, what does it mean exactly???)
+    @check_superuser
+    def can_add(self, data):
+        if data is None:  # Hide direct creation in API browser
+            return False
+        return (
+            self.check_related('workflow_approval_template', UnifiedJobTemplate, role_field='admin_role')

    def filtered_queryset(self):
        return self.model.filter(workflowjobtemplatenodes__workflow_job_template=WorkflowJobTemplate.accessible_pk_qs(self.user, 'read_role'))