Bolt on organizations and admin_of_organizations properties to User model; fix related API endpoints

This partially mimics the old api feel, though doesn't enable searching
through these fields via ORM queries of course.

awx/api/views.py

@@ -1006,7 +1006,7 @@ class UserTeamsList(ListAPIView):
 
     def get_queryset(self):
         u = User.objects.get(pk=self.kwargs['pk'])
-        if not u.accessible_by(self.request.user, {'read': True}):
+        if not u.can_access(User, 'read', self.request.user):
             raise PermissionDenied()
         return Team.accessible_objects(self.request.user, {'read': True}).filter(member_role__members=u)
 
@@ -1065,6 +1065,13 @@ class UserOrganizationsList(SubListAPIView):
     parent_model = User
     relationship = 'organizations'
 
+    def get_queryset(self):
+        parent = self.get_parent_object()
+        self.check_parent_access(parent)
+        my_qs = Organization.accessible_objects(self.request.user, {'read': True})
+        user_qs = Organization.objects.filter(member_role__members=parent)
+        return my_qs & user_qs
+
 class UserAdminOfOrganizationsList(SubListAPIView):
 
     model = Organization
@@ -1072,6 +1079,13 @@ class UserAdminOfOrganizationsList(SubListAPIView):
     parent_model = User
     relationship = 'admin_of_organizations'
 
+    def get_queryset(self):
+        parent = self.get_parent_object()
+        self.check_parent_access(parent)
+        my_qs = Organization.accessible_objects(self.request.user, {'read': True})
+        user_qs = Organization.objects.filter(admin_role__members=parent)
+        return my_qs & user_qs
+
 class UserActivityStreamList(SubListAPIView):
 
     model = ActivityStream

awx/main/models/__init__.py

@@ -47,6 +47,16 @@ User.add_to_class('accessible_objects', user_accessible_objects)
 User.add_to_class('admin_role', user_admin_role)
 User.add_to_class('role_permissions', GenericRelation('main.RolePermission'))
 
+@property
+def user_get_organizations(user):
+    return Organization.objects.filter(member_role__members=user)
+@property
+def user_get_admin_of_organizations(user):
+    return Organization.objects.filter(admin_role__members=user)
+
+User.add_to_class('organizations', user_get_organizations)
+User.add_to_class('admin_of_organizations', user_get_admin_of_organizations)
+
 # Import signal handlers only after models have been defined.
 import awx.main.signals # noqa