Moved RBAC get_permissions implemenation to the Resource model

I had need to perform this query right on a Resource, so I moved it from the mixin to the Resource
2026-01-20 06:01:25 -03:30 · 2016-02-22 14:54:27 -05:00 · 2016-02-22 14:54:27 -05:00 · 5071dba4ff
commit 5071dba4ff
parent 7d4b54a651
2 changed files with 38 additions and 34 deletions
--- a/awx/main/models/mixins.py
+++ b/awx/main/models/mixins.py
@ -43,40 +43,7 @@ class ResourceMixin(models.Model):


    def get_permissions(self, user):
-        '''
-        Returns a dict (or None) of the permissions a user has for a given
-        resource.
-
-        Note: Each field in the dict is the `or` of all respective permissions
-        that have been granted to the roles that are applicable for the given
-        user.
-
-        In example, if a user has been granted read access through a permission
-        on one role and write access through a permission on a separate role,
-        the returned dict will denote that the user has both read and write
-        access.
-        '''
-
-        qs = user.__class__.objects.filter(id=user.id, roles__descendents__permissions__resource=self.resource)
-
-        qs = qs.annotate(max_create = Max('roles__descendents__permissions__create'))
-        qs = qs.annotate(max_read = Max('roles__descendents__permissions__read'))
-        qs = qs.annotate(max_write = Max('roles__descendents__permissions__write'))
-        qs = qs.annotate(max_update = Max('roles__descendents__permissions__update'))
-        qs = qs.annotate(max_delete = Max('roles__descendents__permissions__delete'))
-        qs = qs.annotate(max_scm_update = Max('roles__descendents__permissions__scm_update'))
-        qs = qs.annotate(max_execute = Max('roles__descendents__permissions__execute'))
-        qs = qs.annotate(max_use = Max('roles__descendents__permissions__use'))
-
-        qs = qs.values('max_create', 'max_read', 'max_write', 'max_update',
-                       'max_delete', 'max_scm_update', 'max_execute', 'max_use')
-
-        res = qs.all()
-        if len(res):
-            # strip away the 'max_' prefix
-            return {k[4:]:v for k,v in res[0].items()}
-        return None
-
+        return self.resource.get_permissions(user)

    def accessible_by(self, user, permissions):
        '''
--- a/awx/main/models/rbac.py
+++ b/awx/main/models/rbac.py
@ -6,6 +6,8 @@ import logging

 # Django
 from django.db import models
+from django.db.models.aggregates import Max
+from django.core.urlresolvers import reverse
 from django.utils.translation import ugettext_lazy as _
 from django.contrib.contenttypes.models import ContentType
 from django.contrib.contenttypes.fields import GenericForeignKey
@ -116,6 +118,41 @@ class Resource(CommonModelNameNotUnique):
    object_id = models.PositiveIntegerField(null=True, default=None)
    content_object = GenericForeignKey('content_type', 'object_id')

+    def get_permissions(self, user):
+        '''
+        Returns a dict (or None) of the permissions a user has for a given
+        resource.
+
+        Note: Each field in the dict is the `or` of all respective permissions
+        that have been granted to the roles that are applicable for the given
+        user.
+
+        In example, if a user has been granted read access through a permission
+        on one role and write access through a permission on a separate role,
+        the returned dict will denote that the user has both read and write
+        access.
+        '''
+
+        qs = user.__class__.objects.filter(id=user.id, roles__descendents__permissions__resource=self)
+
+        qs = qs.annotate(max_create = Max('roles__descendents__permissions__create'))
+        qs = qs.annotate(max_read = Max('roles__descendents__permissions__read'))
+        qs = qs.annotate(max_write = Max('roles__descendents__permissions__write'))
+        qs = qs.annotate(max_update = Max('roles__descendents__permissions__update'))
+        qs = qs.annotate(max_delete = Max('roles__descendents__permissions__delete'))
+        qs = qs.annotate(max_scm_update = Max('roles__descendents__permissions__scm_update'))
+        qs = qs.annotate(max_execute = Max('roles__descendents__permissions__execute'))
+        qs = qs.annotate(max_use = Max('roles__descendents__permissions__use'))
+
+        qs = qs.values('max_create', 'max_read', 'max_write', 'max_update',
+                       'max_delete', 'max_scm_update', 'max_execute', 'max_use')
+
+        res = qs.all()
+        if len(res):
+            # strip away the 'max_' prefix
+            return {k[4:]:v for k,v in res[0].items()}
+        return None
+

 class RolePermission(CreatedModifiedModel):
    '''