Bolt on organizations and admin_of_organizations properties to User model; fix related API endpoints

This partially mimics the old api feel, though doesn't enable searching through these fields via ORM queries of course.
2026-05-11 11:27:36 -02:30 · 2016-03-22 13:13:41 -04:00
parent cb83ee3ec6
commit 5db7383a38
2 changed files with 25 additions and 1 deletions
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -1006,7 +1006,7 @@ class UserTeamsList(ListAPIView):

    def get_queryset(self):
        u = User.objects.get(pk=self.kwargs['pk'])
-        if not u.accessible_by(self.request.user, {'read': True}):
+        if not u.can_access(User, 'read', self.request.user):
            raise PermissionDenied()
        return Team.accessible_objects(self.request.user, {'read': True}).filter(member_role__members=u)

@@ -1065,6 +1065,13 @@ class UserOrganizationsList(SubListAPIView):
    parent_model = User
    relationship = 'organizations'

+    def get_queryset(self):
+        parent = self.get_parent_object()
+        self.check_parent_access(parent)
+        my_qs = Organization.accessible_objects(self.request.user, {'read': True})
+        user_qs = Organization.objects.filter(member_role__members=parent)
+        return my_qs & user_qs
+
 class UserAdminOfOrganizationsList(SubListAPIView):

    model = Organization
@@ -1072,6 +1079,13 @@ class UserAdminOfOrganizationsList(SubListAPIView):
    parent_model = User
    relationship = 'admin_of_organizations'

+    def get_queryset(self):
+        parent = self.get_parent_object()
+        self.check_parent_access(parent)
+        my_qs = Organization.accessible_objects(self.request.user, {'read': True})
+        user_qs = Organization.objects.filter(admin_role__members=parent)
+        return my_qs & user_qs
+
 class UserActivityStreamList(SubListAPIView):

    model = ActivityStream