From 8645602b0a057bbf7f33a2e745afb60a90a726c2 Mon Sep 17 00:00:00 2001 From: John Mitchell Date: Mon, 5 Nov 2018 16:45:35 -0500 Subject: [PATCH 1/3] fix permission issue where regular users assigned jt admin could not add user jt roles they couldn't edit --- .../access/add-rbac-resource/rbac-resource.directive.js | 2 ++ .../access/add-rbac-resource/rbac-resource.partial.html | 4 ++-- .../src/access/rbac-multiselect/permissionsUsers.list.js | 4 ++-- .../rbac-multiselect/rbac-multiselect-list.directive.js | 7 +++++-- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js index f125c64afd..eaf5aa4d52 100644 --- a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js +++ b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js @@ -29,6 +29,8 @@ export default ['templateUrl', '$state', }; window.scrollTo(0, 0); + + scope.objectType = scope.object.type; } }; } diff --git a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html index 46b50b6e06..61f83c679d 100644 --- a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html +++ b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.partial.html @@ -45,10 +45,10 @@
- +
- +
diff --git a/awx/ui/client/src/access/rbac-multiselect/permissionsUsers.list.js b/awx/ui/client/src/access/rbac-multiselect/permissionsUsers.list.js index c8333b9434..4adf67a8dd 100644 --- a/awx/ui/client/src/access/rbac-multiselect/permissionsUsers.list.js +++ b/awx/ui/client/src/access/rbac-multiselect/permissionsUsers.list.js @@ -16,8 +16,8 @@ index: false, hover: true, emptyListText : i18n._('No Users exist'), - disableRow: "{{ user.summary_fields.user_capabilities.edit === false }}", - disableRowValue: "user.summary_fields.user_capabilities.edit === false", + disableRow: "{{ objectType === 'organization' && user.summary_fields.user_capabilities.edit === false }}", + disableRowValue: "objectType === 'organization' && user.summary_fields.user_capabilities.edit === false", disableTooltip: { placement: 'top', tipWatch: 'user.tooltip' diff --git a/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js b/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js index 175ae7452a..308364f194 100644 --- a/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js +++ b/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js @@ -16,7 +16,8 @@ export default ['addPermissionsTeamsList', 'addPermissionsUsersList', 'TemplateL scope: { allSelected: '=', view: '@', - dataset: '=' + dataset: '=', + objectType: '=' }, template: "
", link: function(scope, element, attrs, ctrl) { @@ -39,6 +40,8 @@ export default ['addPermissionsTeamsList', 'addPermissionsUsersList', 'TemplateL delete list.actions; delete list.fieldActions; + console.log(scope.objectType); + switch(scope.view){ case 'Projects': @@ -170,7 +173,7 @@ export default ['addPermissionsTeamsList', 'addPermissionsUsersList', 'TemplateL // which is intended here. itm.tooltip = undefined; } - else if(!itm.summary_fields.user_capabilities.edit){ + else if(scope.objectType === 'organization' && !itm.summary_fields.user_capabilities.edit){ itm.tooltip = i18n._('You do not have permission to manage this user'); } }); From d5ba9815159e411e48813e4747af15255333a9a6 Mon Sep 17 00:00:00 2001 From: John Mitchell Date: Tue, 6 Nov 2018 10:50:15 -0500 Subject: [PATCH 2/3] remove inadverdent log statement --- .../access/rbac-multiselect/rbac-multiselect-list.directive.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js b/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js index 308364f194..e95efb694d 100644 --- a/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js +++ b/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js @@ -40,8 +40,6 @@ export default ['addPermissionsTeamsList', 'addPermissionsUsersList', 'TemplateL delete list.actions; delete list.fieldActions; - console.log(scope.objectType); - switch(scope.view){ case 'Projects': From da7834476b96a2dad86c288772a3230ebe8ac92b Mon Sep 17 00:00:00 2001 From: John Mitchell Date: Tue, 6 Nov 2018 10:52:16 -0500 Subject: [PATCH 3/3] remove inadverdent scope variable that was added --- .../src/access/add-rbac-resource/rbac-resource.directive.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js index eaf5aa4d52..f125c64afd 100644 --- a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js +++ b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.directive.js @@ -29,8 +29,6 @@ export default ['templateUrl', '$state', }; window.scrollTo(0, 0); - - scope.objectType = scope.object.type; } }; }