add RBAC definitions for CredentialInputSource

This commit is contained in:
Ryan Petrello
2019-02-26 11:46:38 -05:00
committed by Jake McDermott
parent dcf17683e2
commit 35cca68f04
2 changed files with 177 additions and 6 deletions

View File

@@ -1165,16 +1165,43 @@ class CredentialAccess(BaseAccess):
class CredentialInputSourceAccess(BaseAccess):
'''
I can see credential input sources when:
- I'm a superuser (TODO: Update)
I can create credential input sources when:
- I'm a superuser (TODO: Update)
I can delete credential input sources when:
- I'm a superuser (TODO: Update)
I can see a CredentialInputSource when:
- I can see the associated target_credential
I can create/change a CredentialInputSource when:
- I'm an admin of the associated target_credential
- I have use access to the associated source credential
I can delete a CredentialInputSource when:
- I'm an admin of the associated target_credential
'''
model = CredentialInputSource
def filtered_queryset(self):
return CredentialInputSource.objects.filter(
target_credential__in=Credential.accessible_pk_qs(self.user, 'read_role'))
@check_superuser
def can_read(self, obj):
return self.user in obj.target_credential.read_role
@check_superuser
def can_add(self, data):
return (
self.check_related('target_credential', Credential, data, role_field='admin_role') and
self.check_related('source_credential', Credential, data, role_field='use_role')
)
@check_superuser
def can_change(self, obj, data):
if self.can_add(data) is False:
return False
return self.user in obj.target_credential.admin_role
@check_superuser
def can_delete(self, obj):
return self.user in obj.target_credential.admin_role
class TeamAccess(BaseAccess):
'''