From 3d8d27064f72f55e8b0e7569ae98713d7f46f6e4 Mon Sep 17 00:00:00 2001
From: Jared Tabor <jtabor@redhat.com>
Date: Fri, 25 May 2018 00:18:50 -0700
Subject: [PATCH] Makes rows inactive on permissions list if assigning user
 doesn't have

permission to edit the target user
---
 .../rbac-multiselect/permissionsUsers.list.js |  6 ++++++
 .../rbac-multiselect-list.directive.js        | 19 +++++++++++++++++--
 .../inventories/inventory.list.js             |  1 +
 .../list-generator/list-generator.factory.js  | 10 +++++++---
 .../select-list-item.directive.js             |  5 +++--
 5 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/awx/ui/client/src/access/rbac-multiselect/permissionsUsers.list.js b/awx/ui/client/src/access/rbac-multiselect/permissionsUsers.list.js
index 39b083f06c..4a9b053cdd 100644
--- a/awx/ui/client/src/access/rbac-multiselect/permissionsUsers.list.js
+++ b/awx/ui/client/src/access/rbac-multiselect/permissionsUsers.list.js
@@ -16,6 +16,12 @@
         index: false,
         hover: true,
         emptyListText : i18n._('No Users exist'),
+        disableRow: "{{ user.summary_fields.user_capabilities.edit === false }}",
+        disableRowValue: 'summary_fields.user_capabilities.edit === false',
+        disableTooltip: {
+            placement: 'top',
+            tipWatch: 'user.tooltip'
+        },
         fields: {
             first_name: {
                 label: i18n._('First Name'),
diff --git a/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js b/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js
index 8de176322c..2c3a7b9c8c 100644
--- a/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js
+++ b/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js
@@ -7,10 +7,10 @@
 /* jshint unused: vars */
 export default ['addPermissionsTeamsList', 'addPermissionsUsersList', 'TemplateList', 'ProjectList',
     'InventoryList', 'CredentialList', '$compile', 'generateList',
-    'OrganizationList', '$window',
+    'OrganizationList', '$window', 'i18n',
     function(addPermissionsTeamsList, addPermissionsUsersList, TemplateList, ProjectList,
     InventoryList, CredentialList, $compile, generateList,
-    OrganizationList, $window) {
+    OrganizationList, $window, i18n) {
     return {
         restrict: 'E',
         scope: {
@@ -159,6 +159,21 @@ export default ['addPermissionsTeamsList', 'addPermissionsUsersList', 'TemplateL
             // iterate over the list and add fields like type label, after the
             // OPTIONS request returns, or the list is sorted/paginated/searched
             function optionsRequestDataProcessing(){
+                if(scope.list.name === 'users'){
+                    if (scope[list.name] !== undefined) {
+                        scope[list.name].forEach(function(item, item_idx) {
+                            var itm = scope[list.name][item_idx];
+                            if(itm.summary_fields.user_capabilities.edit){
+                                // undefined doesn't render the tooltip, 
+                                // which is intended here.
+                                itm.tooltip = undefined;
+                            }
+                            else if(!itm.summary_fields.user_capabilities.edit){
+                                itm.tooltip = i18n._('You do not have permission to manage this user');
+                            }
+                        });
+                    }
+                }
                 if(scope.list.name === 'projects'){
                     if (scope[list.name] !== undefined) {
                         scope[list.name].forEach(function(item, item_idx) {
diff --git a/awx/ui/client/src/inventories-hosts/inventories/inventory.list.js b/awx/ui/client/src/inventories-hosts/inventories/inventory.list.js
index abcb526d58..c821221d28 100644
--- a/awx/ui/client/src/inventories-hosts/inventories/inventory.list.js
+++ b/awx/ui/client/src/inventories-hosts/inventories/inventory.list.js
@@ -19,6 +19,7 @@ export default ['i18n', function(i18n) {
         basePath: 'inventory',
         title: false,
         disableRow: "{{ inventory.pending_deletion }}",
+        disableRowValue: 'pending_deletion',
 
         fields: {
             status: {
diff --git a/awx/ui/client/src/shared/list-generator/list-generator.factory.js b/awx/ui/client/src/shared/list-generator/list-generator.factory.js
index a1f7088769..8e6b240c87 100644
--- a/awx/ui/client/src/shared/list-generator/list-generator.factory.js
+++ b/awx/ui/client/src/shared/list-generator/list-generator.factory.js
@@ -290,6 +290,7 @@ export default ['$compile', 'Attr', 'Icon',
                 // gotcha: transcluded elements require custom scope linking - binding to $parent models assumes a very rigid DOM hierarchy
                 // see: lookup-modal.directive.js for example
                 innerTable += options.mode === 'lookup' ? `<tbody ng-init="selection.${list.iterator} = {id: $parent.${list.iterator}, name: $parent.${list.iterator}_name}">` : `"<tbody>\n"`;
+
                 innerTable += "<tr ng-class=\"[" + list.iterator;
                 innerTable += (options.mode === 'lookup' || options.mode === 'select') ? ".success_class" : ".active_class";
 
@@ -313,7 +314,7 @@ export default ['$compile', 'Attr', 'Icon',
                     innerTable += `, {'List-tableRow--selected' : $stateParams['${list.iterator}_id'] == ${list.iterator}.id}`;
                 }
 
-                innerTable += (list.disableRow) ? `, {true: 'List-tableRow--disabled'}[${list.iterator}.pending_deletion]` : "";
+                innerTable += (list.disableRow) ? `, {true: 'List-tableRow--disabled'}[${list.iterator}.${list.disableRowValue}]` : "";
 
                 if (list.multiSelect) {
                     innerTable += ", " + list.iterator + ".isSelected ? 'is-selected-row' : ''";
@@ -323,18 +324,21 @@ export default ['$compile', 'Attr', 'Icon',
                 innerTable += "id=\"{{ " + list.iterator + ".id }}\" ";
                 innerTable += "class=\"List-tableRow " + list.iterator + "_class\" ";
                 innerTable += (list.disableRow) ? " disable-row=\"" + list.disableRow + "\" " : "";
+                if(_.has(list, 'disableTooltip')){
+                    let { placement, tipWatch } = list.disableTooltip;
+                    innerTable += `aw-tool-tip="{{tipWatch}}" data-placement="${placement}" data-tip-watch="${tipWatch}"`;
+                }
                 innerTable += "ng-repeat=\"" + list.iterator + " in " + list.name;
                 innerTable += (list.trackBy) ? " track by " + list.trackBy : "";
                 innerTable += (list.orderBy) ? " | orderBy:'" + list.orderBy + "'" : "";
                 innerTable += (list.filterBy) ? " | filter: " + list.filterBy : "";
                 innerTable += "\">\n";
-
                 if (list.index) {
                     innerTable += "<td class=\"index-column hidden-xs List-tableCell\">{{ $index + ((" + list.iterator + "_page - 1) * " + list.iterator + "_page_size) + 1 }}.</td>\n";
                 }
 
                 if (list.multiSelect) {
-                    innerTable += '<td class="col-xs-1 select-column List-staticColumn--smallStatus"><select-list-item item=\"' + list.iterator + '\"></select-list-item></td>';
+                    innerTable += '<td class="col-xs-1 select-column List-staticColumn--smallStatus"><select-list-item item=\"' + list.iterator + '\" disabled="'+list.iterator + '.' + list.disableRowValue+'"></select-list-item></td>';
                 }
 
                 // Change layout if a lookup list, place radio buttons before labels
diff --git a/awx/ui/client/src/shared/multi-select-list/select-list-item.directive.js b/awx/ui/client/src/shared/multi-select-list/select-list-item.directive.js
index aa8397e904..20b9c4e0a0 100644
--- a/awx/ui/client/src/shared/multi-select-list/select-list-item.directive.js
+++ b/awx/ui/client/src/shared/multi-select-list/select-list-item.directive.js
@@ -27,10 +27,11 @@ export default
         return {
             restrict: 'E',
             scope: {
-                item: '=item'
+                item: '=item',
+                disabled: '='
             },
             require: '^multiSelectList',
-            template: '<input type="checkbox" data-multi-select-list-item ng-model="item.isSelected" ng-click="userInteractionSelect()">',
+            template: '<input type="checkbox" data-multi-select-list-item ng-model="item.isSelected" ng-click="userInteractionSelect()" ng-disabled=disabled>',
             link: function(scope, element, attrs, multiSelectList) {
 
                 scope.decoratedItem = multiSelectList.registerItem(scope.item);