mirror of
https://github.com/ansible/awx.git
synced 2026-07-09 15:28:05 -02:30
AC-686 Fix permissions for inventory source to allow org admins and users with write permissions to update.
This commit is contained in:
@@ -81,6 +81,8 @@ def check_user_access(user, model_class, action, *args, **kwargs):
|
||||
access_instance = access_class(user)
|
||||
access_method = getattr(access_instance, 'can_%s' % action, None)
|
||||
if not access_method:
|
||||
logger.debug('%s.%s not found', access_instance.__class__.__name__,
|
||||
'can_%s' % action)
|
||||
continue
|
||||
result = access_method(*args, **kwargs)
|
||||
logger.debug('%s.%s %r returned %r', access_instance.__class__.__name__,
|
||||
@@ -464,6 +466,9 @@ class InventorySourceAccess(BaseAccess):
|
||||
else:
|
||||
return False
|
||||
|
||||
def can_start(self, obj):
|
||||
return self.can_change(obj, {}) and obj.can_update
|
||||
|
||||
class InventoryUpdateAccess(BaseAccess):
|
||||
'''
|
||||
I can see inventory updates when I can see the inventory source.
|
||||
@@ -478,6 +483,9 @@ class InventoryUpdateAccess(BaseAccess):
|
||||
inventory_sources_qs = self.user.get_queryset(InventorySource)
|
||||
return qs.filter(inventory_source__in=inventory_sources_qs)
|
||||
|
||||
def can_cancel(self, obj):
|
||||
return self.can_change(obj, {}) and obj.can_cancel
|
||||
|
||||
class CredentialAccess(BaseAccess):
|
||||
'''
|
||||
I can see credentials when:
|
||||
@@ -646,6 +654,9 @@ class ProjectAccess(BaseAccess):
|
||||
def can_delete(self, obj):
|
||||
return self.can_change(obj, None)
|
||||
|
||||
def can_start(self, obj):
|
||||
return self.can_change(obj, {}) and obj.can_update
|
||||
|
||||
class ProjectUpdateAccess(BaseAccess):
|
||||
'''
|
||||
I can see project updates when I can see the project.
|
||||
@@ -660,6 +671,9 @@ class ProjectUpdateAccess(BaseAccess):
|
||||
projects_qs = self.user.get_queryset(Project)
|
||||
return qs.filter(project__in=projects_qs)
|
||||
|
||||
def can_cancel(self, obj):
|
||||
return self.can_change(obj, {}) and obj.can_cancel
|
||||
|
||||
class PermissionAccess(BaseAccess):
|
||||
'''
|
||||
I can see a permission when:
|
||||
|
||||
Reference in New Issue
Block a user