From 5db7383a3808f40ae94c06990308369dda672c33 Mon Sep 17 00:00:00 2001
From: Akita Noek <anoek@ansible.com>
Date: Tue, 22 Mar 2016 13:13:41 -0400
Subject: [PATCH] Bolt on organizations and admin_of_organizations properties
 to User model; fix related API endpoints

This partially mimics the old api feel, though doesn't enable searching
through these fields via ORM queries of course.
---
 awx/api/views.py            | 16 +++++++++++++++-
 awx/main/models/__init__.py | 10 ++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/awx/api/views.py b/awx/api/views.py
index 26e13ed59d..99a334ee11 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -1006,7 +1006,7 @@ class UserTeamsList(ListAPIView):
 
     def get_queryset(self):
         u = User.objects.get(pk=self.kwargs['pk'])
-        if not u.accessible_by(self.request.user, {'read': True}):
+        if not u.can_access(User, 'read', self.request.user):
             raise PermissionDenied()
         return Team.accessible_objects(self.request.user, {'read': True}).filter(member_role__members=u)
 
@@ -1065,6 +1065,13 @@ class UserOrganizationsList(SubListAPIView):
     parent_model = User
     relationship = 'organizations'
 
+    def get_queryset(self):
+        parent = self.get_parent_object()
+        self.check_parent_access(parent)
+        my_qs = Organization.accessible_objects(self.request.user, {'read': True})
+        user_qs = Organization.objects.filter(member_role__members=parent)
+        return my_qs & user_qs
+
 class UserAdminOfOrganizationsList(SubListAPIView):
 
     model = Organization
@@ -1072,6 +1079,13 @@ class UserAdminOfOrganizationsList(SubListAPIView):
     parent_model = User
     relationship = 'admin_of_organizations'
 
+    def get_queryset(self):
+        parent = self.get_parent_object()
+        self.check_parent_access(parent)
+        my_qs = Organization.accessible_objects(self.request.user, {'read': True})
+        user_qs = Organization.objects.filter(admin_role__members=parent)
+        return my_qs & user_qs
+
 class UserActivityStreamList(SubListAPIView):
 
     model = ActivityStream
diff --git a/awx/main/models/__init__.py b/awx/main/models/__init__.py
index 5c8f4ec3af..aa5e32224b 100644
--- a/awx/main/models/__init__.py
+++ b/awx/main/models/__init__.py
@@ -47,6 +47,16 @@ User.add_to_class('accessible_objects', user_accessible_objects)
 User.add_to_class('admin_role', user_admin_role)
 User.add_to_class('role_permissions', GenericRelation('main.RolePermission'))
 
+@property
+def user_get_organizations(user):
+    return Organization.objects.filter(member_role__members=user)
+@property
+def user_get_admin_of_organizations(user):
+    return Organization.objects.filter(admin_role__members=user)
+
+User.add_to_class('organizations', user_get_organizations)
+User.add_to_class('admin_of_organizations', user_get_admin_of_organizations)
+
 # Import signal handlers only after models have been defined.
 import awx.main.signals # noqa