Bolt on organizations and admin_of_organizations properties to User model; fix related API endpoints

This partially mimics the old api feel, though doesn't enable searching through these fields via ORM queries of course.
2026-01-18 21:21:21 -03:30 · 2016-03-22 13:13:41 -04:00 · 2016-03-22 13:13:41 -04:00 · 5db7383a38
commit 5db7383a38
parent cb83ee3ec6
2 changed files with 25 additions and 1 deletions
--- a/awx/api/views.py
+++ b/awx/api/views.py
@ -1006,7 +1006,7 @@ class UserTeamsList(ListAPIView):

    def get_queryset(self):
        u = User.objects.get(pk=self.kwargs['pk'])
-        if not u.accessible_by(self.request.user, {'read': True}):
+        if not u.can_access(User, 'read', self.request.user):
            raise PermissionDenied()
        return Team.accessible_objects(self.request.user, {'read': True}).filter(member_role__members=u)

@ -1065,6 +1065,13 @@ class UserOrganizationsList(SubListAPIView):
    parent_model = User
    relationship = 'organizations'

+    def get_queryset(self):
+        parent = self.get_parent_object()
+        self.check_parent_access(parent)
+        my_qs = Organization.accessible_objects(self.request.user, {'read': True})
+        user_qs = Organization.objects.filter(member_role__members=parent)
+        return my_qs & user_qs
+
 class UserAdminOfOrganizationsList(SubListAPIView):

    model = Organization
@ -1072,6 +1079,13 @@ class UserAdminOfOrganizationsList(SubListAPIView):
    parent_model = User
    relationship = 'admin_of_organizations'

+    def get_queryset(self):
+        parent = self.get_parent_object()
+        self.check_parent_access(parent)
+        my_qs = Organization.accessible_objects(self.request.user, {'read': True})
+        user_qs = Organization.objects.filter(admin_role__members=parent)
+        return my_qs & user_qs
+
 class UserActivityStreamList(SubListAPIView):

    model = ActivityStream
--- a/awx/main/models/init.py
+++ b/awx/main/models/init.py
@ -47,6 +47,16 @@ User.add_to_class('accessible_objects', user_accessible_objects)
 User.add_to_class('admin_role', user_admin_role)
 User.add_to_class('role_permissions', GenericRelation('main.RolePermission'))

+@property
+def user_get_organizations(user):
+    return Organization.objects.filter(member_role__members=user)
+@property
+def user_get_admin_of_organizations(user):
+    return Organization.objects.filter(admin_role__members=user)
+
+User.add_to_class('organizations', user_get_organizations)
+User.add_to_class('admin_of_organizations', user_get_admin_of_organizations)
+
 # Import signal handlers only after models have been defined.
 import awx.main.signals # noqa