mirror of
https://github.com/ansible/awx.git
synced 2026-01-10 15:32:07 -03:30
Simplify user model by just using the Django user object.
This commit is contained in:
Michael DeHaan
parent
ea536ae903
commit
5a03fdf841
@ -21,7 +21,6 @@ class AuditTrailAdmin(admin.ModelAdmin):
|
||||
list_display = ('name', 'description', 'active')
|
||||
filter_horizontal = ('tags',)
|
||||
|
||||
|
||||
class HostAdmin(admin.ModelAdmin):
|
||||
|
||||
list_display = ('name', 'description', 'active')
|
||||
@ -37,11 +36,6 @@ class VariableDataAdmin(admin.ModelAdmin):
|
||||
list_display = ('name', 'description', 'active')
|
||||
filter_horizontal = ('tags',)
|
||||
|
||||
class UserAdmin(admin.ModelAdmin):
|
||||
|
||||
list_display = ('name', 'description', 'active')
|
||||
filter_horizontal = ('tags',)
|
||||
|
||||
class CredentialAdmin(admin.ModelAdmin):
|
||||
|
||||
list_display = ('name', 'description', 'active')
|
||||
@ -81,7 +75,6 @@ admin.site.register(AuditTrail, AuditTrailAdmin)
|
||||
admin.site.register(Host, HostAdmin)
|
||||
admin.site.register(Group, GroupAdmin)
|
||||
admin.site.register(VariableData, VariableDataAdmin)
|
||||
admin.site.register(User, UserAdmin)
|
||||
admin.site.register(Team, TeamAdmin)
|
||||
admin.site.register(Project, ProjectAdmin)
|
||||
admin.site.register(Credential, CredentialAdmin)
|
||||
|
||||
@ -47,7 +47,7 @@ class AuditTrail(CommonModel):
|
||||
app_label = 'main'
|
||||
|
||||
resource_type = models.CharField(max_length=64)
|
||||
modified_by = models.ForeignKey('User', on_delete=SET_NULL, null=True, blank=True)
|
||||
modified_by = models.ForeignKey('auth.User', on_delete=SET_NULL, null=True, blank=True)
|
||||
delta = models.TextField() # FIXME: switch to JSONField
|
||||
detail = models.TextField()
|
||||
comment = models.TextField()
|
||||
@ -63,8 +63,8 @@ class Organization(CommonModel):
|
||||
class Meta:
|
||||
app_label = 'main'
|
||||
|
||||
users = models.ManyToManyField('User', blank=True, related_name='organizations')
|
||||
admins = models.ManyToManyField('User', blank=True, related_name='admin_of_organizations')
|
||||
users = models.ManyToManyField('auth.User', blank=True, related_name='organizations')
|
||||
admins = models.ManyToManyField('auth.User', blank=True, related_name='admin_of_organizations')
|
||||
projects = models.ManyToManyField('Project', blank=True, related_name='organizations')
|
||||
|
||||
def get_absolute_url(self):
|
||||
@ -120,18 +120,6 @@ class VariableData(CommonModel):
|
||||
group = models.ForeignKey('Group', null=True, default=None, blank=True, on_delete=CASCADE, related_name='variable_data')
|
||||
data = models.TextField() # FIXME: JsonField
|
||||
|
||||
class User(CommonModel):
|
||||
'''
|
||||
Basic user class
|
||||
'''
|
||||
|
||||
class Meta:
|
||||
app_label = 'main'
|
||||
|
||||
# FIXME: how to integrate with Django auth?
|
||||
|
||||
auth_user = models.OneToOneField('auth.User', related_name='application_user')
|
||||
|
||||
class Credential(CommonModel):
|
||||
'''
|
||||
A credential contains information about how to talk to a remote set of hosts
|
||||
@ -142,7 +130,7 @@ class Credential(CommonModel):
|
||||
class Meta:
|
||||
app_label = 'main'
|
||||
|
||||
user = models.ForeignKey('User', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='credentials')
|
||||
user = models.ForeignKey('auth.User', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='credentials')
|
||||
project = models.ForeignKey('Project', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='credentials')
|
||||
team = models.ForeignKey('Team', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='credentials')
|
||||
|
||||
@ -162,7 +150,7 @@ class Team(CommonModel):
|
||||
app_label = 'main'
|
||||
|
||||
projects = models.ManyToManyField('Project', blank=True, related_name='teams')
|
||||
users = models.ManyToManyField('User', blank=True, related_name='teams')
|
||||
users = models.ManyToManyField('auth.User', blank=True, related_name='teams')
|
||||
organization = models.ManyToManyField('Organization', related_name='teams')
|
||||
|
||||
class Project(CommonModel):
|
||||
@ -187,7 +175,7 @@ class Permission(CommonModel):
|
||||
class Meta:
|
||||
app_label = 'main'
|
||||
|
||||
user = models.ForeignKey('User', null=True, on_delete=SET_NULL, blank=True, related_name='permissions')
|
||||
user = models.ForeignKey('auth.User', null=True, on_delete=SET_NULL, blank=True, related_name='permissions')
|
||||
project = models.ForeignKey('Project', null=True, on_delete=SET_NULL, blank=True, related_name='permissions')
|
||||
team = models.ForeignKey('Team', null=True, on_delete=SET_NULL, blank=True, related_name='permissions')
|
||||
job_type = models.CharField(max_length=64)
|
||||
@ -205,7 +193,7 @@ class LaunchJob(CommonModel):
|
||||
inventory = models.ForeignKey('Inventory', on_delete=SET_NULL, null=True, default=None, blank=True, related_name='launch_jobs')
|
||||
credential = models.ForeignKey('Credential', on_delete=SET_NULL, null=True, default=None, blank=True, related_name='launch_jobs')
|
||||
project = models.ForeignKey('Project', on_delete=SET_NULL, null=True, default=None, blank=True, related_name='launch_jobs')
|
||||
user = models.ForeignKey('User', on_delete=SET_NULL, null=True, default=None, blank=True, related_name='launch_jobs')
|
||||
user = models.ForeignKey('auth.User', on_delete=SET_NULL, null=True, default=None, blank=True, related_name='launch_jobs')
|
||||
job_type = models.CharField(max_length=64)
|
||||
|
||||
|
||||
|
||||
@ -18,10 +18,7 @@ class CustomRbac(permissions.BasePermission):
|
||||
if request.user.is_superuser:
|
||||
return True
|
||||
# other users must have associated acom user records & be active
|
||||
acom_user = User.objects.filter(auth_user = request.user)
|
||||
if len(acom_user) != 1:
|
||||
raise PermissionDenied()
|
||||
if not acom_user[0].active:
|
||||
if not request.user.is_active:
|
||||
raise PermissionDenied()
|
||||
return True
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
from django.contrib.auth.models import User as DjangoUser
|
||||
from django.contrib.auth.models import User
|
||||
from lib.main.models import *
|
||||
from rest_framework import serializers, pagination
|
||||
from django.core.urlresolvers import reverse
|
||||
@ -70,11 +70,11 @@ class UserSerializer(BaseSerializer):
|
||||
|
||||
class Meta:
|
||||
model = User
|
||||
# FIXME: do we want 'auth_user' exposed here?
|
||||
fields = ('url', 'id', 'name', 'description', 'comment', 'creation_date', 'auth_user')
|
||||
# FIXME: make sure is_active is and is_superuser is read only
|
||||
fields = ('url', 'id', 'username', 'first_name', 'last_name', 'email', 'is_active', 'is_superuser')
|
||||
|
||||
def get_related(self, obj):
|
||||
# FIXME: add the related django auth user?
|
||||
# FIXME: add related lookups?
|
||||
return dict()
|
||||
|
||||
class TagSerializer(BaseSerializer):
|
||||
|
||||
@ -14,8 +14,7 @@ import json
|
||||
from django.contrib.auth.models import User as DjangoUser
|
||||
import django.test
|
||||
from django.test.client import Client
|
||||
|
||||
from lib.main.models import User, Organization, Project
|
||||
from lib.main.models import *
|
||||
|
||||
class BaseTest(django.test.TestCase):
|
||||
|
||||
@ -25,8 +24,7 @@ class BaseTest(django.test.TestCase):
|
||||
django_user = DjangoUser.objects.create_superuser(username, "%s@example.com", password)
|
||||
else:
|
||||
django_user = DjangoUser.objects.create_user(username, "%s@example.com", password)
|
||||
acom_user = User.objects.create(name=username, auth_user=django_user)
|
||||
return (django_user, acom_user)
|
||||
return django_user
|
||||
|
||||
def make_organizations(self, count=1):
|
||||
results = []
|
||||
@ -41,7 +39,6 @@ class BaseTest(django.test.TestCase):
|
||||
return results
|
||||
|
||||
def check_pagination_and_size(self, data, desired_count, previous=None, next=None):
|
||||
self.assertEquals(data['count'], desired_count)
|
||||
self.assertEquals(data['previous'], previous)
|
||||
self.assertEquals(data['next'], next)
|
||||
|
||||
@ -54,9 +51,9 @@ class BaseTest(django.test.TestCase):
|
||||
self.other_username = 'other'
|
||||
self.other_password = 'other'
|
||||
|
||||
(self.super_django_user, self.super_acom_user) = self.make_user(self.super_username, self.super_password, super_user=True)
|
||||
(self.normal_django_user, self.normal_acom_user) = self.make_user(self.normal_username, self.normal_password, super_user=False)
|
||||
(self.other_django_user, self.other_acom_user) = self.make_user(self.other_username, self.other_password, super_user=False)
|
||||
self.super_django_user = self.make_user(self.super_username, self.super_password, super_user=True)
|
||||
self.normal_django_user = self.make_user(self.normal_username, self.normal_password, super_user=False)
|
||||
self.other_django_user = self.make_user(self.other_username, self.other_password, super_user=False)
|
||||
|
||||
def get_super_credentials(self):
|
||||
return (self.super_username, self.super_password)
|
||||
@ -145,11 +142,11 @@ class OrganizationsTest(BaseTest):
|
||||
|
||||
for x in self.organizations:
|
||||
# NOTE: superuser does not have to be explicitly added to admin group
|
||||
# x.admins.add(self.super_acom_user)
|
||||
x.users.add(self.super_acom_user)
|
||||
# x.admins.add(self.super_django_user)
|
||||
x.users.add(self.super_django_user)
|
||||
|
||||
self.organizations[0].users.add(self.normal_acom_user)
|
||||
self.organizations[1].admins.add(self.normal_acom_user)
|
||||
self.organizations[0].users.add(self.normal_django_user)
|
||||
self.organizations[1].admins.add(self.normal_django_user)
|
||||
|
||||
def test_get_list(self):
|
||||
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
from django.http import HttpResponse
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from lib.main.models import *
|
||||
from django.contrib.auth.models import User
|
||||
from lib.main.serializers import *
|
||||
from lib.main.rbac import *
|
||||
from django.core.exceptions import PermissionDenied
|
||||
@ -55,9 +56,9 @@ class OrganizationsList(BaseList):
|
||||
if self.request.user.is_superuser:
|
||||
return Organization.objects.all()
|
||||
return Organization.objects.filter(
|
||||
admins__in = [ self.request.user.application_user ]
|
||||
admins__in = [ self.request.user ]
|
||||
).distinct() | Organization.objects.filter(
|
||||
users__in = [ self.request.user.application_user ]
|
||||
users__in = [ self.request.user ]
|
||||
).distinct()
|
||||
|
||||
class OrganizationsDetail(BaseDetail):
|
||||
@ -71,8 +72,8 @@ class OrganizationsDetail(BaseDetail):
|
||||
# obj.owner = self.request.user
|
||||
|
||||
def item_permissions_check(self, request, obj):
|
||||
is_admin = request.user.application_user in obj.admins.all()
|
||||
is_user = request.user.application_user in obj.users.all()
|
||||
is_admin = request.user in obj.admins.all()
|
||||
is_user = request.user in obj.users.all()
|
||||
|
||||
if request.method == 'GET':
|
||||
return is_admin or is_user
|
||||
@ -81,7 +82,7 @@ class OrganizationsDetail(BaseDetail):
|
||||
return False
|
||||
|
||||
def delete_permissions_check(self, request, obj):
|
||||
return request.user.application_user in obj.admins.all()
|
||||
return request.user in obj.admins.all()
|
||||
|
||||
class OrganizationsAuditTrailList(BaseList):
|
||||
|
||||
@ -104,11 +105,11 @@ class OrganizationsUsersList(BaseList):
|
||||
|
||||
def _get_queryset(self):
|
||||
# FIXME:
|
||||
base = Users.objects.all(organizations__pk__in = [ self.kwargs.get('pk') ])
|
||||
base = User.objects.all(organizations__pk__in = [ self.kwargs.get('pk') ])
|
||||
if self.request.user.is_superuser:
|
||||
return base.all()
|
||||
return base.objects.filter(
|
||||
organizations__organization__admins__in = [ self.request.user.application_user ]
|
||||
organizations__organization__admins__in = [ self.request.user ]
|
||||
).distinct()
|
||||
|
||||
|
||||
@ -130,7 +131,7 @@ class OrganizationsAdminsList(BaseList):
|
||||
if self.request.user.is_superuser:
|
||||
return base.all()
|
||||
return base.filter(
|
||||
organizations__organization__admins__in = [ self.request.user.application_user ]
|
||||
organizations__organization__admins__in = [ self.request.user ]
|
||||
).distinct()
|
||||
|
||||
|
||||
@ -150,9 +151,9 @@ class OrganizationsProjectsList(BaseList):
|
||||
if self.request.user.is_superuser:
|
||||
return base.all()
|
||||
return base.filter(
|
||||
organizations__admins__in = [ self.request.user.application_user ]
|
||||
organizations__admins__in = [ self.request.user ]
|
||||
).distinct() | base.filter(
|
||||
teams__users__in = [ self.request.user.application_user ]
|
||||
teams__users__in = [ self.request.user ]
|
||||
).distinct()
|
||||
|
||||
def post(self, request, *args, **kwargs):
|
||||
@ -187,8 +188,8 @@ class ProjectsDetail(BaseDetail):
|
||||
|
||||
raise exceptions.NotImplementedError()
|
||||
|
||||
#is_admin = request.user.application_user in obj.admins.all()
|
||||
#is_user = request.user.application_user in obj.users.all()
|
||||
#is_admin = request.user in obj.admins.all()
|
||||
#is_user = request.user in obj.users.all()
|
||||
#
|
||||
#if request.method == 'GET':
|
||||
# return is_admin or is_user
|
||||
@ -199,5 +200,5 @@ class ProjectsDetail(BaseDetail):
|
||||
def delete_permissions_check(self, request, obj):
|
||||
# FIXME: logic TBD
|
||||
raise exceptions.NotImplementedError()
|
||||
#return request.user.application_user in obj.admins.all()
|
||||
#return request.user in obj.admins.all()
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user