From 64c94d478d23bd427f3280567e407c4df2c10cd1 Mon Sep 17 00:00:00 2001 From: beeankha Date: Wed, 24 Jul 2019 14:30:20 -0400 Subject: [PATCH] Add more RBAC, filter out AJT/AJs from unified jobs lists Comment out placeholder in serializer --- awx/api/serializers.py | 9 ++++--- awx/api/urls/workflow_approval_template.py | 9 ------- awx/api/views/__init__.py | 22 ---------------- awx/main/access.py | 16 ++++++++---- ...oval.py => 0083_v360_workflow_approval.py} | 2 +- awx/main/models/__init__.py | 6 ++--- awx/main/models/activity_stream.py | 3 +++ awx/main/models/base.py | 7 ------ awx/main/models/workflow.py | 25 ------------------- awx/main/scheduler/task_manager.py | 6 ----- awx/main/signals.py | 7 ++++++ 11 files changed, 31 insertions(+), 81 deletions(-) rename awx/main/migrations/{0082_v360_workflowapproval.py => 0083_v360_workflow_approval.py} (97%) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index e0e9d2c3bd..fb0b6852f3 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -3446,9 +3446,12 @@ class WorkflowApprovalTemplateSerializer(UnifiedJobTemplateSerializer): res.update(dict( jobs = self.reverse('api:workflow_approval_template_jobs_list', kwargs={'pk': obj.pk}), - notification_templates_needs_approval = self.reverse('api:workflow_approval_template_notification_templates_needs_approval', kwargs={'pk': obj.pk}), - notification_templates_success = self.reverse('api:workflow_approval_template_notification_templates_success_list', kwargs={'pk': obj.pk}), - notification_templates_error = self.reverse('api:workflow_approval_template_notification_templates_error_list', kwargs={'pk': obj.pk}), + # &&&&&& Placeholder for notification things! + # notification_templates_started = self.reverse('api:workflow_approval_template_notification_templates_started_list', kwargs={'pk': obj.pk}), + # notification_templates_needs_approval = self.reverse( + #'api:workflow_approval_template_notification_templates_needs_approval_list', kwargs={'pk': obj.pk}), + # notification_templates_success = self.reverse('api:workflow_approval_template_notification_templates_success_list', kwargs={'pk': obj.pk}), + # notification_templates_error = self.reverse('api:workflow_approval_template_notification_templates_error_list', kwargs={'pk': obj.pk}), )) return res diff --git a/awx/api/urls/workflow_approval_template.py b/awx/api/urls/workflow_approval_template.py index ee6d793bde..8a22ee83b3 100644 --- a/awx/api/urls/workflow_approval_template.py +++ b/awx/api/urls/workflow_approval_template.py @@ -6,21 +6,12 @@ from django.conf.urls import url from awx.api.views import ( WorkflowApprovalTemplateDetail, WorkflowApprovalTemplateJobsList, - WorkflowApprovalTemplateNotificationTemplatesErrorList, - WorkflowApprovalTemplateNotificationTemplatesNeedsApprovalList, - WorkflowApprovalTemplateNotificationTemplatesSuccessList, ) urls = [ url(r'^(?P[0-9]+)/$', WorkflowApprovalTemplateDetail.as_view(), name='workflow_approval_template_detail'), url(r'^(?P[0-9]+)/approvals/$', WorkflowApprovalTemplateJobsList.as_view(), name='workflow_approval_template_jobs_list'), - url(r'^(?P[0-9]+)/notification_templates_needs_approval/$', WorkflowApprovalTemplateNotificationTemplatesNeedsApprovalList.as_view(), - name='workflow_approval_template_notification_templates_needs_approval'), - url(r'^(?P[0-9]+)/notification_templates_error/$', WorkflowApprovalTemplateNotificationTemplatesErrorList.as_view(), - name='workflow_approval_template_notification_templates_error_list'), - url(r'^(?P[0-9]+)/notification_templates_success/$', WorkflowApprovalTemplateNotificationTemplatesSuccessList.as_view(), - name='workflow_approval_template_notification_templates_success_list'), ] __all__ = ['urls'] diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py index b716e01f05..3d53916033 100644 --- a/awx/api/views/__init__.py +++ b/awx/api/views/__init__.py @@ -4427,28 +4427,6 @@ class WorkflowApprovalTemplateDetail(RelatedJobsPreventDeleteMixin, RetrieveUpda serializer_class = serializers.WorkflowApprovalTemplateSerializer -class WorkflowApprovalTemplateNotificationTemplatesAnyList(SubListCreateAttachDetachAPIView): - - model = models.NotificationTemplate - serializer_class = serializers.NotificationTemplateSerializer - parent_model = models.WorkflowApprovalTemplate - - -class WorkflowApprovalTemplateNotificationTemplatesNeedsApprovalList(WorkflowApprovalTemplateNotificationTemplatesAnyList): - - relationship = 'notification_templates_needs_approval' - - -class WorkflowApprovalTemplateNotificationTemplatesErrorList(WorkflowApprovalTemplateNotificationTemplatesAnyList): - - relationship = 'notification_templates_error' - - -class WorkflowApprovalTemplateNotificationTemplatesSuccessList(WorkflowApprovalTemplateNotificationTemplatesAnyList): - - relationship = 'notification_templates_success' - - class WorkflowApprovalTemplateJobsList(SubListAPIView): model = models.WorkflowApproval diff --git a/awx/main/access.py b/awx/main/access.py index bd834754f5..ea3299b63a 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -2795,11 +2795,13 @@ class WorkflowApprovalAccess(BaseAccess): unified_job_node__in=WorkflowJobNode.accessible_pk_qs( self.user, 'read_role')) - # &&&&&& - # def can_approve_or_deny(self, obj): - # if self.user.is_superuser: or "self.user.approval_role"? - # return True - # return self.can_change(obj, ????) + def get_queryset(self): + return super(UnifiedJobTemplateAccess, self).get_queryset().exclude( + workflowapprovaltemplate__isnull=False) + + def can_approve_or_deny(self, obj): + if self.user.approval_role: + return True class WorkflowApprovalTemplateAccess(BaseAccess): @@ -2825,6 +2827,10 @@ class WorkflowApprovalTemplateAccess(BaseAccess): workflowjobtemplatenodes__workflow_job_template__in=WorkflowJobTemplate.accessible_pk_qs( self.user, 'read_role')) + def get_queryset(self): + return super(UnifiedJobAccess, self).get_queryset().exclude( + workflowapproval__isnull=False) + for cls in BaseAccess.__subclasses__(): access_registry[cls.model] = cls diff --git a/awx/main/migrations/0082_v360_workflowapproval.py b/awx/main/migrations/0083_v360_workflow_approval.py similarity index 97% rename from awx/main/migrations/0082_v360_workflowapproval.py rename to awx/main/migrations/0083_v360_workflow_approval.py index 570402a3f1..66b6bc0504 100644 --- a/awx/main/migrations/0082_v360_workflowapproval.py +++ b/awx/main/migrations/0083_v360_workflow_approval.py @@ -8,7 +8,7 @@ import django.db.models.deletion class Migration(migrations.Migration): dependencies = [ - ('main', '0081_v360_notify_on_start'), + ('main', '0082_v360_workflowapproval'), ] operations = [ diff --git a/awx/main/models/__init__.py b/awx/main/models/__init__.py index 1704fe345b..65d246ee5f 100644 --- a/awx/main/models/__init__.py +++ b/awx/main/models/__init__.py @@ -174,7 +174,7 @@ def o_auth2_token_get_absolute_url(self, request=None): OAuth2AccessToken.add_to_class('get_absolute_url', o_auth2_token_get_absolute_url) -# &&&&&& Add model here + from awx.main.registrar import activity_stream_registrar # noqa activity_stream_registrar.connect(Organization) activity_stream_registrar.connect(Inventory) @@ -202,8 +202,8 @@ activity_stream_registrar.connect(User) activity_stream_registrar.connect(WorkflowJobTemplate) activity_stream_registrar.connect(WorkflowJobTemplateNode) activity_stream_registrar.connect(WorkflowJob) -# activity_stream_registrar.connect(WorkflowApproval) &&&&&& -# activity_stream_registrar.connect(WorkflowApprovalTemplate) +activity_stream_registrar.connect(WorkflowApproval) +activity_stream_registrar.connect(WorkflowApprovalTemplate) activity_stream_registrar.connect(OAuth2Application) activity_stream_registrar.connect(OAuth2AccessToken) diff --git a/awx/main/models/activity_stream.py b/awx/main/models/activity_stream.py index bcc2ab20ef..852cea3eac 100644 --- a/awx/main/models/activity_stream.py +++ b/awx/main/models/activity_stream.py @@ -66,6 +66,9 @@ class ActivityStream(models.Model): workflow_job_node = models.ManyToManyField("WorkflowJobNode", blank=True) workflow_job_template = models.ManyToManyField("WorkflowJobTemplate", blank=True) workflow_job = models.ManyToManyField("WorkflowJob", blank=True) +# Possibly adding workflow_approval-related fields here?? &&&&&& +# workflow_approval_template = models.ManyToManyField("WorkflowApprovalTemplate", blank=True) +# workflow_approval = models.ManyToManyField("WorkflowApproval", blank=True) unified_job_template = models.ManyToManyField("UnifiedJobTemplate", blank=True, related_name='activity_stream_as_unified_job_template+') unified_job = models.ManyToManyField("UnifiedJob", blank=True, related_name='activity_stream_as_unified_job+') ad_hoc_command = models.ManyToManyField("AdHocCommand", blank=True) diff --git a/awx/main/models/base.py b/awx/main/models/base.py index 341aa6fb1d..9925dc6049 100644 --- a/awx/main/models/base.py +++ b/awx/main/models/base.py @@ -392,13 +392,6 @@ class NotificationFieldsModel(BaseModel): related_name='%(class)s_notification_templates_for_started' ) - # &&&&&& Placeholder for workflow pause/approve notifications - # notification_templates_needs_approval = models.ManyToManyField( - # "NotificationTemplate", - # blank=True, - # related_name='%(class)s_notification_templates_for_needs_approval' - # ) - def prevent_search(relation): """ diff --git a/awx/main/models/workflow.py b/awx/main/models/workflow.py index 75d7c546bb..197d069adc 100644 --- a/awx/main/models/workflow.py +++ b/awx/main/models/workflow.py @@ -636,31 +636,6 @@ class WorkflowApprovalTemplate(UnifiedJobTemplate): def get_absolute_url(self, request=None): return reverse('api:workflow_approval_template_detail', kwargs={'pk': self.pk}, request=request) - # @property - # def notification_templates(self): - # # Return all notification_templates defined on the Job Template, on the Project, and on the Organization for each trigger type - # base_notification_templates = NotificationTemplate.objects.all() - # error_notification_templates = list(base_notification_templates.filter( - # unifiedjobtemplate_notification_templates_for_errors__in=[self])) - # needs_approval_notification_templates = list(base_notification_templates.filter( - # notification_templates_needs_approval__in=[self])) - # success_notification_templates = list(base_notification_templates.filter( - # unifiedjobtemplate_notification_templates_for_success__in=[self])) - # return dict(error=list(error_notification_templates), - # needs_approval=list(needs_approval_notification_templates), - # success=list(success_notification_templates)) -# &&&&&& Approval nodes don't have orgs! - # if self.project is not None and self.project.organization is not None: - # error_notification_templates = set(error_notification_templates + list(base_notification_templates.filter( - # organization_notification_templates_for_errors=self.project.organization))) - # started_notification_templates = set(started_notification_templates + list(base_notification_templates.filter( - # organization_notification_templates_for_started=self.project.organization))) - # success_notification_templates = set(success_notification_templates + list(base_notification_templates.filter( - # organization_notification_templates_for_success=self.project.organization))) - # return dict(error=list(error_notification_templates), - # needs_approval=list(needs_approval_notification_templates), - # success=list(success_notification_templates)) - class WorkflowApproval(UnifiedJob): class Meta: diff --git a/awx/main/scheduler/task_manager.py b/awx/main/scheduler/task_manager.py index bcecee809d..b79abbad0d 100644 --- a/awx/main/scheduler/task_manager.py +++ b/awx/main/scheduler/task_manager.py @@ -23,7 +23,6 @@ from awx.main.models import ( Project, ProjectUpdate, SystemJob, - # &&&&&& WorkflowApproval, WorkflowJob, WorkflowJobTemplate ) @@ -239,11 +238,6 @@ class TaskManager(): task.send_notification_templates('running') logger.debug('Transitioning %s to running status.', task.log_format) schedule_task_manager() - # elif type(task) is WorkflowApproval: (&&&&&& placeholder for notification work) - # task.status = 'pending' - # task.send_notification_templates('pending') - # logger.debug('Transitioning %s to pending status.', task.log_format) - # schedule_task_manager() elif not task.supports_isolation() and rampart_group.controller_id: # non-Ansible jobs on isolated instances run on controller task.instance_group = rampart_group.controller diff --git a/awx/main/signals.py b/awx/main/signals.py index 9a5dcec578..fb9bf39872 100644 --- a/awx/main/signals.py +++ b/awx/main/signals.py @@ -430,6 +430,8 @@ def model_serializer_mapping(): models.Label: serializers.LabelSerializer, models.WorkflowJobTemplate: serializers.WorkflowJobTemplateWithSpecSerializer, models.WorkflowJobTemplateNode: serializers.WorkflowJobTemplateNodeSerializer, + models.WorkflowApproval: serializers.WorkflowApprovalSerializer, + models.WorkflowApprovalTemplate: serializers.WorkflowApprovalTemplateSerializer, # &&&&&& models.WorkflowJob: serializers.WorkflowJobSerializer, models.OAuth2AccessToken: serializers.OAuth2TokenSerializer, models.OAuth2Application: serializers.OAuth2ApplicationSerializer, @@ -504,6 +506,11 @@ def activity_stream_update(sender, instance, **kwargs): activity_entry.setting = conf_to_dict(instance) activity_entry.save() +# &&&&&& + # if isinstance(obj1, WorkflowApprovalTemplate) or isinstance(obj2_actual, WorkflowApprovalTemplate): + # continue + + def activity_stream_delete(sender, instance, **kwargs): if not activity_stream_enabled: