AC-686 Fix permissions for inventory source to allow org admins and users with write permissions to update.

This commit is contained in:
Chris Church
2013-11-20 13:54:51 -05:00
parent 7fa9e3289b
commit 39ad6b0ad1
3 changed files with 103 additions and 1 deletions

View File

@@ -81,6 +81,8 @@ def check_user_access(user, model_class, action, *args, **kwargs):
access_instance = access_class(user)
access_method = getattr(access_instance, 'can_%s' % action, None)
if not access_method:
logger.debug('%s.%s not found', access_instance.__class__.__name__,
'can_%s' % action)
continue
result = access_method(*args, **kwargs)
logger.debug('%s.%s %r returned %r', access_instance.__class__.__name__,
@@ -464,6 +466,9 @@ class InventorySourceAccess(BaseAccess):
else:
return False
def can_start(self, obj):
return self.can_change(obj, {}) and obj.can_update
class InventoryUpdateAccess(BaseAccess):
'''
I can see inventory updates when I can see the inventory source.
@@ -478,6 +483,9 @@ class InventoryUpdateAccess(BaseAccess):
inventory_sources_qs = self.user.get_queryset(InventorySource)
return qs.filter(inventory_source__in=inventory_sources_qs)
def can_cancel(self, obj):
return self.can_change(obj, {}) and obj.can_cancel
class CredentialAccess(BaseAccess):
'''
I can see credentials when:
@@ -646,6 +654,9 @@ class ProjectAccess(BaseAccess):
def can_delete(self, obj):
return self.can_change(obj, None)
def can_start(self, obj):
return self.can_change(obj, {}) and obj.can_update
class ProjectUpdateAccess(BaseAccess):
'''
I can see project updates when I can see the project.
@@ -660,6 +671,9 @@ class ProjectUpdateAccess(BaseAccess):
projects_qs = self.user.get_queryset(Project)
return qs.filter(project__in=projects_qs)
def can_cancel(self, obj):
return self.can_change(obj, {}) and obj.can_cancel
class PermissionAccess(BaseAccess):
'''
I can see a permission when: