External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-17 14:27:42 -02:30
Code Issues Packages Projects Releases Wiki Activity

Project migration and tests

Browse Source
This commit is contained in:
Akita Noek
2016-02-08 22:49:10 -05:00
parent d51447e158
commit 34067d9c0e
4 changed files with 137 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
awx/main/migrations/_rbac.py
View File

@@ -86,3 +86,49 @@ def migrate_inventory(apps, schema_editor):
migrations[inventory.name]['teams'] = teams
migrations[inventory.name]['users'] = users
return migrations
def migrate_projects(apps, schema_editor):
'''
I can see projects when:
X I am a superuser.
X I am an admin in an organization associated with the project.
X I am a user in an organization associated with the project.
X I am on a team associated with the project.
X I have been explicitly granted permission to run/check jobs using the
project.
X I created the project but it isn't associated with an organization
I can change/delete when:
X I am a superuser.
X I am an admin in an organization associated with the project.
X I created the project but it isn't associated with an organization
'''
migrations = defaultdict(lambda: defaultdict(set))
Project = apps.get_model('main', 'Project')
Permission = apps.get_model('main', 'Permission')
for project in Project.objects.all():
if project.organization is None and project.created_by is not None:
project.admin_role.members.add(project.created_by)
migrations[project.name]['users'].add(project.created_by)
for team in project.teams.all():
team.member_role.children.add(project.member_role)
migrations[project.name]['teams'].add(team)
if project.organization is not None:
for user in project.organization.users.all():
project.member_role.members.add(user)
migrations[project.name]['users'].add(user)
for perm in Permission.objects.filter(project=project):
# All perms at this level just imply a user or team can read
if perm.team:
team.member_role.children.add(project.member_role)
migrations[project.name]['teams'].add(team)
if perm.user:
project.member_role.members.add(perm.user)
migrations[project.name]['users'].add(perm.user)
return migrations