diff --git a/awx/ui/client/src/controllers/Credentials.js b/awx/ui/client/src/controllers/Credentials.js
index 1b951a568e..7b9a75acd8 100644
--- a/awx/ui/client/src/controllers/Credentials.js
+++ b/awx/ui/client/src/controllers/Credentials.js
@@ -132,7 +132,7 @@ CredentialsList.$inject = ['$scope', '$rootScope', '$location', '$log',
export function CredentialsAdd($scope, $rootScope, $compile, $location, $log,
$stateParams, CredentialForm, GenerateForm, Rest, Alert, ProcessErrors,
ReturnToCaller, ClearScope, GenerateList, SearchInit, PaginateInit,
- LookUpInit, UserList, TeamList, GetBasePath, GetChoices, Empty, KindChange,
+ LookUpInit, OrganizationList, GetBasePath, GetChoices, Empty, KindChange,
OwnerChange, FormSave, $state, CreateSelect2) {
ClearScope();
@@ -173,22 +173,32 @@ export function CredentialsAdd($scope, $rootScope, $compile, $location, $log,
multiple: false
});
- LookUpInit({
- scope: $scope,
- form: form,
- current_item: (!Empty($stateParams.user_id)) ? $stateParams.user_id : null,
- list: UserList,
- field: 'user',
- input_type: 'radio',
- autopopulateLookup: false
- });
+ $scope.canShareCredential = false;
+ if ($rootScope.current_user.is_superuser) {
+ $scope.canShareCredential = true;
+ } else {
+ Rest.setUrl(`/api/v1/users/${$rootScope.current_user.id}/admin_of_organizations`);
+ Rest.get()
+ .success(function(data) {
+ $scope.canShareCredential = (data.count) ? true : false;
+ }).error(function (data, status) {
+ ProcessErrors($scope, data, status, null, { hdr: 'Error!', msg: 'Failed to find if users is admin of org' + status });
+ });
+ }
+
+
+ var orgUrl = ($rootScope.current_user.is_superuser) ?
+ GetBasePath("organizations") :
+ $rootScope.current_user.url + "admin_of_organizations?";
+
+ // Create LookUpInit for organizations
LookUpInit({
scope: $scope,
+ url: orgUrl,
form: form,
- current_item: (!Empty($stateParams.team_id)) ? $stateParams.team_id : null,
- list: TeamList,
- field: 'team',
+ list: OrganizationList,
+ field: 'organization',
input_type: 'radio',
autopopulateLookup: false
});
@@ -251,11 +261,6 @@ export function CredentialsAdd($scope, $rootScope, $compile, $location, $log,
}
};
- // Handle Owner change
- $scope.ownerChange = function () {
- OwnerChange({ scope: $scope });
- };
-
$scope.formCancel = function () {
$state.transitionTo('credentials');
};
@@ -305,7 +310,7 @@ export function CredentialsAdd($scope, $rootScope, $compile, $location, $log,
CredentialsAdd.$inject = ['$scope', '$rootScope', '$compile', '$location',
'$log', '$stateParams', 'CredentialForm', 'GenerateForm', 'Rest', 'Alert',
'ProcessErrors', 'ReturnToCaller', 'ClearScope', 'generateList',
- 'SearchInit', 'PaginateInit', 'LookUpInit', 'UserList', 'TeamList',
+ 'SearchInit', 'PaginateInit', 'LookUpInit', 'OrganizationList',
'GetBasePath', 'GetChoices', 'Empty', 'KindChange', 'OwnerChange',
'FormSave', '$state', 'CreateSelect2'
];
@@ -314,7 +319,7 @@ CredentialsAdd.$inject = ['$scope', '$rootScope', '$compile', '$location',
export function CredentialsEdit($scope, $rootScope, $compile, $location, $log,
$stateParams, CredentialForm, GenerateForm, Rest, Alert, ProcessErrors,
RelatedSearchInit, RelatedPaginateInit, ReturnToCaller, ClearScope, Prompt,
- GetBasePath, GetChoices, KindChange, UserList, TeamList, LookUpInit, Empty,
+ GetBasePath, GetChoices, KindChange, OrganizationList, LookUpInit, Empty,
OwnerChange, FormSave, Wait, $state, CreateSelect2) {
ClearScope();
@@ -330,6 +335,20 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log,
generator.reset();
$scope.id = id;
+ $scope.canShareCredential = false;
+
+ if ($rootScope.current_user.is_superuser) {
+ $scope.canShareCredential = true;
+ } else {
+ Rest.setUrl(`/api/v1/users/${$rootScope.current_user.id}/admin_of_organizations`);
+ Rest.get()
+ .success(function(data) {
+ $scope.canShareCredential = (data.count) ? true : false;
+ }).error(function (data, status) {
+ ProcessErrors($scope, data, status, null, { hdr: 'Error!', msg: 'Failed to find if users is admin of org' + status });
+ });
+ }
+
function setAskCheckboxes() {
var fld, i;
for (fld in form.fields) {
@@ -359,22 +378,20 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log,
$scope.removeCredentialLoaded();
}
$scope.removeCredentialLoaded = $scope.$on('credentialLoaded', function () {
- LookUpInit({
- scope: $scope,
- form: form,
- current_item: (!Empty($scope.user_id)) ? $scope.user_id : null,
- list: UserList,
- field: 'user',
- input_type: 'radio'
- });
+ var orgUrl = ($rootScope.current_user.is_superuser) ?
+ GetBasePath("organizations") :
+ $rootScope.current_user.url + "admin_of_organizations?";
+ // create LookUpInit for organizations
LookUpInit({
scope: $scope,
+ url: orgUrl,
form: form,
- current_item: (!Empty($scope.team_id)) ? $scope.team_id : null,
- list: TeamList,
+ current_item: $scope.organization,
+ list: OrganizationList,
+ field: 'organization',
input_type: 'radio',
- field: 'team'
+ autopopulateLookup: false
});
setAskCheckboxes();
@@ -630,6 +647,6 @@ CredentialsEdit.$inject = ['$scope', '$rootScope', '$compile', '$location',
'$log', '$stateParams', 'CredentialForm', 'GenerateForm', 'Rest', 'Alert',
'ProcessErrors', 'RelatedSearchInit', 'RelatedPaginateInit',
'ReturnToCaller', 'ClearScope', 'Prompt', 'GetBasePath', 'GetChoices',
- 'KindChange', 'UserList', 'TeamList', 'LookUpInit', 'Empty', 'OwnerChange',
+ 'KindChange', 'OrganizationList', 'LookUpInit', 'Empty', 'OwnerChange',
'FormSave', 'Wait', '$state', 'CreateSelect2'
];
diff --git a/awx/ui/client/src/forms/Credentials.js b/awx/ui/client/src/forms/Credentials.js
index 4b40179f54..51131430b7 100644
--- a/awx/ui/client/src/forms/Credentials.js
+++ b/awx/ui/client/src/forms/Credentials.js
@@ -40,47 +40,19 @@ export default
addRequired: false,
editRequired: false
},
- owner: {
- label: "Does this credential belong to a team or user?",
- type: 'radio_group',
- ngChange: "ownerChange()",
- options: [{
- label: 'User',
- value: 'user',
- selected: true
- }, {
- label: 'Team',
- value: 'team'
- }],
- awPopOver: "A credential must be associated with either a user or a team. Choosing a user allows only the selected user access " +
- "to the credential. Choosing a team shares the credential with all team members.
",
- dataTitle: 'Owner',
- dataPlacement: 'right',
- dataContainer: "body"
- },
- user: {
- label: 'User that owns this credential',
+ organization: {
+ addRequired: false,
+ editRequired: false,
+ ngShow: 'canShareCredential',
+ label: 'Organization',
type: 'lookup',
- sourceModel: 'user',
- sourceField: 'username',
- ngClick: 'lookUpUser()',
- ngShow: "owner == 'user'",
- awRequiredWhen: {
- variable: "user_required",
- init: "false"
- }
- },
- team: {
- label: 'Team that owns this credential',
- type: 'lookup',
- sourceModel: 'team',
+ sourceModel: 'organization',
sourceField: 'name',
- ngClick: 'lookUpTeam()',
- ngShow: "owner == 'team'",
- awRequiredWhen: {
- variable: "team_required",
- init: "false"
- }
+ ngClick: 'lookUpOrganization()',
+ awPopOver: "If no organization is given, the credential can only be used by the user that creates the credential. organization admins and system administrators can assign an organization so that roles can be assigned to users and teams in that organization.
",
+ dataTitle: 'Required ',
+ dataPlacement: 'bottom',
+ dataContainer: "body"
},
kind: {
label: 'Type',
diff --git a/awx/ui/client/src/helpers/Credentials.js b/awx/ui/client/src/helpers/Credentials.js
index 653ad6b4bf..7aa615f86d 100644
--- a/awx/ui/client/src/helpers/Credentials.js
+++ b/awx/ui/client/src/helpers/Credentials.js
@@ -193,8 +193,8 @@ angular.module('CredentialsHelper', ['Utilities'])
}
])
-.factory('FormSave', ['Refresh', '$location', 'Alert', 'Rest', 'ProcessErrors', 'Empty', 'GetBasePath', 'CredentialForm', 'ReturnToCaller', 'Wait',
- function (Refresh, $location, Alert, Rest, ProcessErrors, Empty, GetBasePath, CredentialForm, ReturnToCaller, Wait) {
+.factory('FormSave', ['$rootScope', 'Refresh', '$location', 'Alert', 'Rest', 'ProcessErrors', 'Empty', 'GetBasePath', 'CredentialForm', 'ReturnToCaller', 'Wait',
+ function ($rootScope, Refresh, $location, Alert, Rest, ProcessErrors, Empty, GetBasePath, CredentialForm, ReturnToCaller, Wait) {
return function (params) {
var scope = params.scope,
mode = params.mode,
@@ -204,7 +204,9 @@ angular.module('CredentialsHelper', ['Utilities'])
for (fld in form.fields) {
if (fld !== 'access_key' && fld !== 'secret_key' && fld !== 'ssh_username' &&
fld !== 'ssh_password') {
- if (scope[fld] === null) {
+ if (fld === "organization" && !scope[fld]) {
+ data["user"] = $rootScope.current_user.id;
+ } else if (scope[fld] === null) {
data[fld] = "";
} else {
data[fld] = scope[fld];
@@ -212,14 +214,6 @@ angular.module('CredentialsHelper', ['Utilities'])
}
}
- if (!Empty(scope.team)) {
- data.team = scope.team;
- data.user = "";
- } else {
- data.user = scope.user;
- data.team = "";
- }
-
data.kind = scope.kind.value;
if (scope.become_method === null) {
data.become_method = "";
@@ -247,65 +241,59 @@ angular.module('CredentialsHelper', ['Utilities'])
data.username = scope.subscription_id;
}
- if (Empty(data.team) && Empty(data.user)) {
- Alert('Missing User or Team', 'You must provide either a User or a Team. If this credential will only be accessed by a specific ' +
- 'user, select a User. To allow a team of users to access this credential, select a Team.', 'alert-danger');
+ Wait('start');
+ if (mode === 'add') {
+ url = GetBasePath("credentials");
+ Rest.setUrl(url);
+ Rest.post(data)
+ .success(function (data) {
+ scope.addedItem = data.id;
+
+ Refresh({
+ scope: scope,
+ set: 'credentials',
+ iterator: 'credential',
+ url: url
+ });
+
+ Wait('stop');
+ var base = $location.path().replace(/^\//, '').split('/')[0];
+ if (base === 'credentials') {
+ ReturnToCaller();
+ }
+ else {
+ ReturnToCaller(1);
+ }
+ })
+ .error(function (data, status) {
+ Wait('stop');
+ ProcessErrors(scope, data, status, form, {
+ hdr: 'Error!',
+ msg: 'Failed to create new Credential. POST status: ' + status
+ });
+ });
} else {
- Wait('start');
- if (mode === 'add') {
- url = (!Empty(data.team)) ? GetBasePath('teams') + data.team + '/credentials/' :
- GetBasePath('users') + data.user + '/credentials/';
- Rest.setUrl(url);
- Rest.post(data)
- .success(function (data) {
- scope.addedItem = data.id;
-
- Refresh({
- scope: scope,
- set: 'credentials',
- iterator: 'credential',
- url: url
- });
-
- Wait('stop');
- var base = $location.path().replace(/^\//, '').split('/')[0];
- if (base === 'credentials') {
- ReturnToCaller();
- }
- else {
- ReturnToCaller(1);
- }
- })
- .error(function (data, status) {
- Wait('stop');
- ProcessErrors(scope, data, status, form, {
- hdr: 'Error!',
- msg: 'Failed to create new Credential. POST status: ' + status
- });
+ url = GetBasePath('credentials') + scope.id + '/';
+ Rest.setUrl(url);
+ Rest.put(data)
+ .success(function () {
+ Wait('stop');
+ var base = $location.path().replace(/^\//, '').split('/')[0];
+ if (base === 'credentials') {
+ ReturnToCaller();
+ }
+ else {
+ ReturnToCaller(1);
+ }
+ })
+ .error(function (data, status) {
+ Wait('stop');
+ ProcessErrors(scope, data, status, form, {
+ hdr: 'Error!',
+ msg: 'Failed to update Credential. PUT status: ' + status
});
- } else {
- url = GetBasePath('credentials') + scope.id + '/';
- Rest.setUrl(url);
- Rest.put(data)
- .success(function () {
- Wait('stop');
- var base = $location.path().replace(/^\//, '').split('/')[0];
- if (base === 'credentials') {
- ReturnToCaller();
- }
- else {
- ReturnToCaller(1);
- }
- })
- .error(function (data, status) {
- Wait('stop');
- ProcessErrors(scope, data, status, form, {
- hdr: 'Error!',
- msg: 'Failed to update Credential. PUT status: ' + status
- });
- });
- }
- }
+ });
+ }
};
}
]);