External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-21 07:47:44 -02:30
Code Issues Packages Projects Releases Wiki Activity

Fix AC-975... filter inactive permissions in some of the access code.

Browse Source
This commit is contained in:
Matthew Jones
2014-02-06 08:46:54 -05:00
parent 8c5fb4bca4
commit 57030390c0
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
awx/main/access.py
View File

@@ -262,10 +262,12 @@ class InventoryAccess(BaseAccess):
has_user_perms = qs.filter( has_user_perms = qs.filter(
permissions__user__in=[self.user], permissions__user__in=[self.user],
permissions__permission_type__in=allowed, permissions__permission_type__in=allowed,
permissions__active=True,
).distinct() ).distinct()
has_team_perms = qs.filter( has_team_perms = qs.filter(
permissions__team__users__in=[self.user], permissions__team__users__in=[self.user],
permissions__permission_type__in=allowed, permissions__permission_type__in=allowed,
permissions__active=True,
).distinct() ).distinct()
return admin_of | has_user_perms | has_team_perms return admin_of | has_user_perms | has_team_perms
@@ -640,8 +642,8 @@ class ProjectAccess(BaseAccess):
Q(organizations__admins__in=[self.user]) | Q(organizations__admins__in=[self.user]) |
Q(organizations__users__in=[self.user]) | Q(organizations__users__in=[self.user]) |
Q(teams__users__in=[self.user]) | Q(teams__users__in=[self.user]) |
Q(permissions__user=self.user, permissions__permission_type__in=allowed) | Q(permissions__user=self.user, permissions__permission_type__in=allowed, permissions__active=True) |
Q(permissions__team__users__in=[self.user], permissions__permission_type__in=allowed) Q(permissions__team__users__in=[self.user], permissions__permission_type__in=allowed, permissions__active=True)
) )
def can_add(self, data): def can_add(self, data):
@@ -810,6 +812,8 @@ class JobTemplateAccess(BaseAccess):
Q(project__permissions__user=self.user) | Q(project__permissions__team__users__in=[self.user]), Q(project__permissions__user=self.user) | Q(project__permissions__team__users__in=[self.user]),
inventory__permissions__permission_type__in=allowed, inventory__permissions__permission_type__in=allowed,
project__permissions__permission_type__in=allowed, project__permissions__permission_type__in=allowed,
inventory__permissions__active=True,
project__permissions__active=True,
inventory__permissions__pk=F('project__permissions__pk'), inventory__permissions__pk=F('project__permissions__pk'),
) )
# FIXME: I *think* this should work... needs more testing. # FIXME: I *think* this should work... needs more testing.
@@ -914,6 +918,8 @@ class JobAccess(BaseAccess):
Q(project__permissions__user=self.user) | Q(project__permissions__team__users__in=[self.user]), Q(project__permissions__user=self.user) | Q(project__permissions__team__users__in=[self.user]),
inventory__permissions__permission_type__in=allowed, inventory__permissions__permission_type__in=allowed,
project__permissions__permission_type__in=allowed, project__permissions__permission_type__in=allowed,
inventory__permissions__active=True,
project__permissions__active=True,
inventory__permissions__pk=F('project__permissions__pk'), inventory__permissions__pk=F('project__permissions__pk'),
) )
# FIXME: I *think* this should work... needs more testing. # FIXME: I *think* this should work... needs more testing.