External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-14 12:57:40 -02:30
Code Issues Packages Projects Releases Wiki Activity

update TODO

Browse Source
This commit is contained in:
Michael DeHaan
2013-04-19 11:15:02 -04:00
parent 761354067f
commit 4cd7405a37
3 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
TODO.md
View File

@@ -46,6 +46,9 @@ directory. Project directories must be unique and be (also no ../, etc). defau
* permissions on launching a job should be same as creating a job template * permissions on launching a job should be same as creating a job template
* should be able to access permissions as subcollection off of users or teams (no need for permissions tab) * should be able to access permissions as subcollection off of users or teams (no need for permissions tab)
* make sure all can_user_add/edit methods ensure ownership/access on subobjects * make sure all can_user_add/edit methods ensure ownership/access on subobjects
* project should have a method to list valid YAML files and not require default playbook
* do not allow ../ in paths (etc)
* should be able to specify in a launch job a limit string, combine with shell=False when using subprocess
QUESTIONS QUESTIONS
--------- ---------

3
lib/main/base_views.py
View File

@@ -45,6 +45,7 @@ class BaseList(generics.ListCreateAPIView):
raise PermissionDenied() raise PermissionDenied()
return True return True
else: else:
# audit all of these to check ownership/readability of subobjects
if not self.__class__.model.can_user_add(request.user, self.request.DATA): if not self.__class__.model.can_user_add(request.user, self.request.DATA):
raise PermissionDenied() raise PermissionDenied()
return True return True
@@ -236,8 +237,10 @@ class BaseDetail(generics.RetrieveUpdateDestroyAPIView):
return self.__class__.model.can_user_read(request.user, obj) return self.__class__.model.can_user_read(request.user, obj)
elif request.method in [ 'PUT' ]: elif request.method in [ 'PUT' ]:
if type(obj) == User: if type(obj) == User:
# FIXME: pass request.DATA to all of these and verify permissions on subobjects
return UserHelper.can_user_administrate(request.user, obj) return UserHelper.can_user_administrate(request.user, obj)
else: else:
# FIXME: pass request.DATA to all of these and verify permission on subobjects
return self.__class__.model.can_user_administrate(request.user, obj) return self.__class__.model.can_user_administrate(request.user, obj)
return False return False

1
lib/main/serializers.py
View File

@@ -154,6 +154,7 @@ class CredentialSerializer(BaseSerializer):
def validate(self, attrs): def validate(self, attrs):
''' some fields cannot be changed once written ''' ''' some fields cannot be changed once written '''
import epdb; epdb.st()
if self.object is not None: if self.object is not None:
# this is an update # this is an update
if self.object.user != attrs['user']: if self.object.user != attrs['user']: