diff --git a/lib/main/models/__init__.py b/lib/main/models/__init__.py index fd14946cfd..969ee920cb 100644 --- a/lib/main/models/__init__.py +++ b/lib/main/models/__init__.py @@ -542,6 +542,8 @@ class Project(CommonModel): return False + + class Permission(CommonModelNameNotUnique): ''' A permission allows a user, project, or team to be able to use an inventory source. diff --git a/lib/main/tests/__init__.py b/lib/main/tests/__init__.py index 99f0a3a03d..6700b95104 100644 --- a/lib/main/tests/__init__.py +++ b/lib/main/tests/__init__.py @@ -19,5 +19,6 @@ from lib.main.tests.organizations import OrganizationsTest from lib.main.tests.users import UsersTest from lib.main.tests.inventory import InventoryTest +from lib.main.tests.projects import ProjectsTest from lib.main.tests.commands import AcomInventoryTest from lib.main.tests.tasks import RunLaunchJobTest diff --git a/lib/main/views.py b/lib/main/views.py index 9020f573cd..040d5ece4c 100644 --- a/lib/main/views.py +++ b/lib/main/views.py @@ -146,6 +146,30 @@ class OrganizationsTagsList(BaseSubList): raise PermissionDenied() return Tag.objects.filter(organization_by_tag__in = [ organization ]) +class ProjectsList(BaseList): + + model = Project + serializer_class = ProjectSerializer + permission_classes = (CustomRbac,) + + # I can see a project if + # I am a superuser + # I am an admin of the organization that contains the project + # I am a member of a team that also contains the project + + def _get_queryset(self): + ''' I can see organizations when I am a superuser, or I am an admin or user in that organization ''' + base = Project.objects + if self.request.user.is_superuser: + return base.all() + my_teams = Team.objects.filter(users__in = [ self.request.user]) + my_orgs = Organization.objects.filter(admins__in = [ self.request.user ]) + return base.filter( + teams__in = my_teams + ).distinct() | base.filter( + organizations__in = my_orgs + ).distinct() + class ProjectsDetail(BaseDetail): model = Project diff --git a/lib/urls.py b/lib/urls.py index e0bfeeef16..0b3423073f 100644 --- a/lib/urls.py +++ b/lib/urls.py @@ -37,7 +37,8 @@ views_UsersOrganizationsList = views.UsersOrganizationsList.as_view() views_UsersAdminOrganizationsList = views.UsersAdminOrganizationsList.as_view() # projects service -views_ProjectsDetail = views.OrganizationsDetail.as_view() +views_ProjectsList = views.ProjectsList.as_view() +views_ProjectsDetail = views.ProjectsDetail.as_view() # audit trail service @@ -75,7 +76,7 @@ views_TagsDetail = views.TagsDetail.as_view() urlpatterns = patterns('', - # organizations service + # organizations vice url(r'^api/v1/organizations/$', views_OrganizationsList), url(r'^api/v1/organizations/(?P[0-9]+)/$', views_OrganizationsDetail), url(r'^api/v1/organizations/(?P[0-9]+)/audit_trail/$', views_OrganizationsAuditTrailList), @@ -93,6 +94,7 @@ urlpatterns = patterns('', url(r'^api/v1/users/(?P[0-9]+)/admin_of_organizations/$', views_UsersAdminOrganizationsList), # projects service + url(r'^api/v1/projects/$', views_ProjectsList), url(r'^api/v1/projects/(?P[0-9]+)/$', views_ProjectsDetail), # audit trail service